diff --git a/scripts/base/protocols/dce-rpc/__load__.bro b/scripts/base/protocols/dce-rpc/__load__.bro
index 155b8369b8..1d47f6e0cd 100644
--- a/scripts/base/protocols/dce-rpc/__load__.bro
+++ b/scripts/base/protocols/dce-rpc/__load__.bro
@@ -1,4 +1,2 @@
@load ./consts
@load ./main
-
-@load ./endpoint-atsvc
\ No newline at end of file
diff --git a/scripts/base/protocols/dce-rpc/endpoint-atsvc.bro b/scripts/base/protocols/dce-rpc/endpoint-atsvc.bro
deleted file mode 100644
index 88a08403d4..0000000000
--- a/scripts/base/protocols/dce-rpc/endpoint-atsvc.bro
+++ /dev/null
@@ -1,52 +0,0 @@
-module DCE_RPC;
-
-export {
- redef enum Log::ID += {
- ATSVC_LOG,
- };
-
- type ATSvcInfo: record {
- ts : time &log; ##< Time of the request
- uid : string &log; ##< UID of the connection
- id : conn_id &log; ##< Connection info
- command : string &log; ##< Command (add, enum, delete, etc.)
- arg : string &log; ##< Argument
- server : string &log; ##< Server the command was issued to
- result : string &log &optional; ##< Result of the command
- };
-}
-
-redef record DCE_RPC::State += {
- endpoint_atsvc: ATSvcInfo &optional;
-};
-
-event bro_init() &priority=5
- {
- Log::create_stream(ATSVC_LOG, [$columns=ATSvcInfo, $path="dce_rpc_atsvc"]);
- }
-
-event atsvc_job_add(c: connection, server: string, job: string) &priority=5
- {
- local info = ATSvcInfo($ts=network_time(),
- $uid = c$uid,
- $id = c$id,
- $command = "Add job",
- $arg = job,
- $server = server);
- c$dce_rpc_state$endpoint_atsvc = info;
- }
-
-event atsvc_job_id(c: connection, id: count, status: count) &priority=5
- {
- if ( c$dce_rpc_state?$endpoint_atsvc )
- c$dce_rpc_state$endpoint_atsvc$result = (status==0) ? "success" : "failed";
- }
-
-event atsvc_job_id(c: connection, id: count, status: count) &priority=-5
- {
- if ( c$dce_rpc_state?$endpoint_atsvc )
- {
- Log::write(ATSVC_LOG, c$dce_rpc_state$endpoint_atsvc);
- delete c$dce_rpc_state$endpoint_atsvc;
- }
- }
\ No newline at end of file
diff --git a/scripts/base/protocols/smb/const-dos-error.bro b/scripts/base/protocols/smb/const-dos-error.bro
index 72236d8cba..880df222c9 100644
--- a/scripts/base/protocols/smb/const-dos-error.bro
+++ b/scripts/base/protocols/smb/const-dos-error.bro
@@ -1,4 +1,5 @@
# DOS error codes.
+@load ./consts
module SMB;
diff --git a/scripts/base/protocols/smb/const-nt-status.bro b/scripts/base/protocols/smb/const-nt-status.bro
index 2af1cfa0c0..8804522ed9 100644
--- a/scripts/base/protocols/smb/const-nt-status.bro
+++ b/scripts/base/protocols/smb/const-nt-status.bro
@@ -1,4 +1,5 @@
# NT status codes.
+@load ./consts
module SMB;
diff --git a/scripts/policy/protocols/smb/files.bro b/scripts/policy/protocols/smb/files.bro
index 82c65686fd..d01aa815a5 100644
--- a/scripts/policy/protocols/smb/files.bro
+++ b/scripts/policy/protocols/smb/files.bro
@@ -1,4 +1,5 @@
@load base/frameworks/files
+@load ./main
module SMB;
diff --git a/scripts/policy/protocols/smb/main.bro b/scripts/policy/protocols/smb/main.bro
index 02dc054aa8..c3f6241680 100644
--- a/scripts/policy/protocols/smb/main.bro
+++ b/scripts/policy/protocols/smb/main.bro
@@ -1,3 +1,4 @@
+@load base/protocols/smb
module SMB;
@@ -200,9 +201,9 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(CMD_LOG, [$columns=SMB::CmdInfo]);
- Log::create_stream(FILES_LOG, [$columns=SMB::FileInfo]);
- Log::create_stream(MAPPING_LOG, [$columns=SMB::TreeInfo]);
+ Log::create_stream(SMB::CMD_LOG, [$columns=SMB::CmdInfo]);
+ Log::create_stream(SMB::FILES_LOG, [$columns=SMB::FileInfo]);
+ Log::create_stream(SMB::MAPPING_LOG, [$columns=SMB::TreeInfo]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, ports);
}
diff --git a/scripts/policy/protocols/smb/smb1-main.bro b/scripts/policy/protocols/smb/smb1-main.bro
index a188ed7c2a..eff71006ae 100644
--- a/scripts/policy/protocols/smb/smb1-main.bro
+++ b/scripts/policy/protocols/smb/smb1-main.bro
@@ -1,3 +1,5 @@
+@load ./main
+
module SMB1;
redef record SMB::CmdInfo += {
@@ -257,7 +259,7 @@ event smb1_close_request(c: connection, hdr: SMB1::Header, file_id: count) &prio
}
}
-event smb1_trans2_get_dfs_referral_request(c: connection, hdr: SMB1::Header, file_name: string, max_referral_level: count)
+event smb1_trans2_get_dfs_referral_request(c: connection, hdr: SMB1::Header, file_name: string)
{
c$smb_state$current_cmd$argument = file_name;
}
diff --git a/scripts/policy/protocols/smb/smb2-main.bro b/scripts/policy/protocols/smb/smb2-main.bro
index 1d0c60e117..129dca930c 100644
--- a/scripts/policy/protocols/smb/smb2-main.bro
+++ b/scripts/policy/protocols/smb/smb2-main.bro
@@ -1,3 +1,5 @@
+@load ./main
+
module SMB2;
redef record SMB::CmdInfo += {
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 034ec8f5cb..fcb97ab411 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2016-06-24-17-42-28
+#open 2016-06-28-15-02-03
#fields name
#types string
scripts/base/init-bare.bro
@@ -123,17 +123,13 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb2_com_ioctl.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb2_com_lock.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb_pipe.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
@@ -169,4 +165,4 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
scripts/policy/misc/loaded-scripts.bro
scripts/base/utils/paths.bro
-#close 2016-06-24-17-42-28
+#close 2016-06-28-15-02-03
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 34b9d08fd1..d0aaa5230a 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2016-06-24-17-59-13
+#open 2016-06-28-15-01-50
#fields name
#types string
scripts/base/init-bare.bro
@@ -123,17 +123,13 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb2_com_ioctl.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb2_com_lock.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro
- build/scripts/base/bif/plugins/Bro_SMB.smb_pipe.bif.bro
build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
@@ -263,7 +259,6 @@ scripts/base/init-default.bro
scripts/base/protocols/dce-rpc/__load__.bro
scripts/base/protocols/dce-rpc/consts.bro
scripts/base/protocols/dce-rpc/main.bro
- scripts/base/protocols/dce-rpc/endpoint-atsvc.bro
scripts/base/protocols/dhcp/__load__.bro
scripts/base/protocols/dhcp/consts.bro
scripts/base/protocols/dhcp/main.bro
@@ -355,4 +350,4 @@ scripts/base/init-default.bro
scripts/base/misc/find-checksum-offloading.bro
scripts/base/misc/find-filtered-trace.bro
scripts/policy/misc/loaded-scripts.bro
-#close 2016-06-24-17-59-13
+#close 2016-06-28-15-01-50
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index 9619ebb4b9..f62cb2f756 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -4,6 +4,7 @@ capture_loss
cluster
communication
conn
+dce__r_pc
dhcp
dnp3
dns
@@ -28,6 +29,7 @@ netcontrol_drop
netcontrol_shunt
notice
notice_alarm
+ntlm
open_flow
packet_filter
pe
@@ -37,6 +39,9 @@ reporter
rfb
signatures
sip
+smb_cmd
+smb_files
+smb_mapping
smtp
snmp
socks
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 665402dd81..8e3232b2c5 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -247,7 +247,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) ->
@@ -377,7 +377,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) ->
0.000000 MetaHookPost CallFunction(NetControl::init, , ()) ->
0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) ->
@@ -492,17 +492,13 @@
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb1_events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_close.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_create.bif.bro) -> -1
-0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_ioctl.bif.bro) -> -1
-0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_lock.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_negotiate.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_read.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_session_setup.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_set_info.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_tree_connect.bif.bro) -> -1
-0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_tree_disconnect.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_com_write.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.smb2_events.bif.bro) -> -1
-0.000000 MetaHookPost LoadFile(./Bro_SMB.smb_pipe.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMB.types.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMTP.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_SMTP.functions.bif.bro) -> -1
@@ -964,7 +960,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]))
-0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG))
@@ -1094,7 +1090,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]))
-0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ())
0.000000 MetaHookPre CallFunction(NetControl::init, , ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, , ())
@@ -1209,17 +1205,13 @@
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb1_events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_close.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_create.bif.bro)
-0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_ioctl.bif.bro)
-0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_lock.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_negotiate.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_read.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_session_setup.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_set_info.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_tree_connect.bif.bro)
-0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_tree_disconnect.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_com_write.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.smb2_events.bif.bro)
-0.000000 MetaHookPre LoadFile(./Bro_SMB.smb_pipe.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMB.types.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMTP.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_SMTP.functions.bif.bro)
@@ -1680,7 +1672,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@@ -1810,7 +1802,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp()