diff --git a/.gitmodules b/.gitmodules index 5efc3b0fb8..d151b3d288 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,12 +4,9 @@ [submodule "aux/binpac"] path = aux/binpac url = https://github.com/zeek/binpac -[submodule "aux/broccoli"] - path = aux/broccoli - url = https://github.com/zeek/broccoli -[submodule "aux/broctl"] - path = aux/broctl - url = https://github.com/zeek/broctl +[submodule "aux/zeekctl"] + path = aux/zeekctl + url = https://github.com/zeek/zeekctl [submodule "aux/btest"] path = aux/btest url = https://github.com/zeek/btest diff --git a/CHANGES b/CHANGES index 18e2d85a74..76f88d351d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,169 @@ +2.6-311 | 2019-05-20 09:07:58 -0700 + + * Add missing &optional attr to KRB record fields; also add existence + checks to scripts (Jon Siwek, Corelight). + +2.6-308 | 2019-05-17 14:13:46 -0700 + + * Always emit scripting errors to stderr during zeek_init (Jon Siwek, Corelight) + +2.6-307 | 2019-05-16 13:37:24 -0700 + + * More bro-to-zeek renaming in scripts and other files (Daniel Thayer) + + * More bro-to-zeek renaming in the unit tests (Daniel Thayer) + +2.6-303 | 2019-05-15 15:03:11 -0700 + + * Changes needed due to bro-to-zeek renaming in broker (Daniel Thayer) + +2.6-301 | 2019-05-15 10:05:53 -0700 + + * Fix potential race in openflow broker plugin (Jon Siwek, Corelight) + +2.6-300 | 2019-05-15 09:00:57 -0700 + + * Fixes to DNS lookup, including ref-counting bugs, preventing starvation + of the DNS_Mgr in the I/O loop, dead code removal, and a fix that + prevents the timeout of already resolved DNS lookups (Jon Siwek, Corelight) + +2.6-292 | 2019-05-14 19:01:05 -0700 + + * Fix maybe-uninitialized compiler warning (Jon Siwek, Corelight) + +2.6-290 | 2019-05-14 18:35:25 -0700 + + * Update btest.cfg path to use zeek-aux (Jon Siwek, Corelight) + +2.6-288 | 2019-05-14 17:47:55 -0700 + + * Update CMake to use aux/zeekctl and aux/zeek-aux submodules (Jon Siwek, Corelight) + +2.6-287 | 2019-05-14 17:40:40 -0700 + + * Rename broctl submodule to zeekctl (Jon Siwek, Corelight) + +2.6-286 | 2019-05-14 13:19:12 -0700 + + * Undo an unintentional change to btest.cfg from a recent commit (Daniel Thayer) + + * Fix zeek-wrapper and improve error messages (Daniel Thayer) + + The script was not passing command-line arguments to the new program. + + * Update for renaming BroControl to ZeekControl. (Robin Sommer, Corelight) + + * GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. + (Robin Sommer, Corelight) + + This also installs symlinks from "zeek" and "bro-config" to a wrapper + script that prints a deprecation warning. + +2.6-279 | 2019-05-13 20:02:59 -0700 + + * GH-365: improve un-indexable type error message (Jon Siwek, Corelight) + +2.6-277 | 2019-05-08 12:42:18 -0700 + + * Allow tuning Broker log batching via scripts (Jon Siwek, Corelight) + + Via redefining "Broker::log_batch_size" or "Broker::log_batch_interval" + +2.6-276 | 2019-05-08 09:03:27 -0700 + + * Force the Broker IOSource to idle periodically, preventing packet + IOSource starvation. (Jon Siwek, Corelight). + +2.6-274 | 2019-05-08 08:58:25 -0700 + + * GH-353: Add `//i` case-insensitive signature syntax (Jon Siwek, Corelight) + +2.6-272 | 2019-05-06 18:43:13 -0700 + + * Remove support for using && and || with patterns. (Johanna Amann, Corelight) + + This was never documented and previously deprecated. + + * Remove RemoteSerializer and related code/types. (Johanna Amann, Corelight) + + Also removes broccoli from the source tree. + + * Remove PersistenceSerializer. (Johanna Amann, Corelight) + + * Remove &synchronized and &persistent attributes. (Johanna Amann, Corelight) + +2.6-264 | 2019-05-03 11:16:38 -0700 + + * Fix sporadic openflow/broker test failure (Jon Siwek, Corelight) + +2.6-263 | 2019-05-02 22:49:40 -0700 + + * Install local.zeek as symlink to pre-existing local.bro (Jon Siwek, Corelight) + + This a convenience for those that are upgrading. If we didn't do + this, then deployments can silently break until the user intervenes + since BroControl now prefers to load the initially-vanilla local.zeek + instead of the formerly-customized local.bro. + +2.6-262 | 2019-05-02 21:39:01 -0700 + + * Rename Zeexygen to Zeekygen (Jon Siwek, Corelight) + +2.6-261 | 2019-05-02 20:49:23 -0700 + + * Remove previously deprecated policy/protocols/smb/__load__ (Jon Siwek, Corelight) + +2.6-260 | 2019-05-02 19:16:48 -0700 + + * GH-243: Remove deprecated functions/events from 2.6 and earlier (Johanna Amann, Corelight) + +2.6-258 | 2019-05-02 12:26:54 -0700 + + * GH-340: Improve IPv4/IPv6 regexes, extraction, and validity functions. + + is_valid_ip() is not a BIF, the IP regular expressions are improved and + extract_ip_addresses should give better results due to this. + (Jon Siwek, Corelight) + +2.6-255 | 2019-05-01 08:38:49 -0700 + + * Add methods to queue events without handler existence check + + Added ConnectionEventFast() and QueueEventFast() methods to avoid + redundant event handler existence checks. + + It's common practice for caller to already check for event handler + existence before doing all the work of constructing the arguments, so + it's desirable to not have to check for existence again. + + E.g. going through ConnectionEvent() means 3 existence checks: + one you do yourself before calling it, one in ConnectionEvent(), and then + another in QueueEvent(). + + The existence check itself can be more than a few operations sometimes + as it needs to check a few flags that determine if it's enabled, has + a local body, or has any remote receivers in the old comm. system or + has been flagged as something to publish in the new comm. system. (Jon Siwek, Corelight) + + * Cleanup/improve PList usage and Event API + + Majority of PLists are now created as automatic/stack objects, + rather than on heap and initialized either with the known-capacity + reserved upfront or directly from an initializer_list (so there's no + wasted slack in the memory that gets allocated for lists containing + a fixed/known number of elements). + + Added versions of the ConnectionEvent/QueueEvent methods that take + a val_list by value. + + Added a move ctor/assign-operator to Plists to allow passing them + around without having to copy the underlying array of pointers. (Jon Siwek, Corelight) + +2.6-250 | 2019-04-29 18:09:29 -0700 + + * Remove 'dns_resolver' option, replace w/ ZEEK_DNS_RESOLVER env. var. (Jon Siwek, Corelight) + 2.6-249 | 2019-04-26 19:26:44 -0700 * Fix parsing of hybrid IPv6-IPv4 addr literals with no zero compression (Jon Siwek, Corelight) diff --git a/CMakeLists.txt b/CMakeLists.txt index cfe0b29ed9..239004ee6c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,7 @@ project(Bro C CXX) # When changing the minimum version here, also adapt -# aux/bro-aux/plugin-support/skeleton/CMakeLists.txt +# aux/zeek-aux/plugin-support/skeleton/CMakeLists.txt cmake_minimum_required(VERSION 2.8.12 FATAL_ERROR) include(cmake/CommonCMakeConfig.cmake) @@ -23,31 +23,31 @@ endif () set(BRO_ROOT_DIR ${CMAKE_INSTALL_PREFIX}) if (NOT BRO_SCRIPT_INSTALL_PATH) - # set the default Bro script installation path (user did not specify one) + # set the default Zeek script installation path (user did not specify one) set(BRO_SCRIPT_INSTALL_PATH ${BRO_ROOT_DIR}/share/bro) endif () if (NOT BRO_MAN_INSTALL_PATH) - # set the default Bro man page installation path (user did not specify one) + # set the default Zeek man page installation path (user did not specify one) set(BRO_MAN_INSTALL_PATH ${BRO_ROOT_DIR}/share/man) endif () -# sanitize the Bro script install directory into an absolute path +# sanitize the Zeek script install directory into an absolute path # (CMake is confused by ~ as a representation of home directory) get_filename_component(BRO_SCRIPT_INSTALL_PATH ${BRO_SCRIPT_INSTALL_PATH} ABSOLUTE) set(BRO_PLUGIN_INSTALL_PATH ${BRO_ROOT_DIR}/lib/bro/plugins CACHE STRING "Installation path for plugins" FORCE) -configure_file(bro-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev) +configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev) -file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.sh - "export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" +file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh + "export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "export BRO_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n" "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") -file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.csh - "setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" +file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh + "setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "setenv BRO_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n" "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") @@ -254,36 +254,43 @@ if ( NOT BINARY_PACKAGING_MODE ) endif () string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER) -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.h.in - ${CMAKE_CURRENT_BINARY_DIR}/bro-config.h) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.h.in + ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h) include_directories(${CMAKE_CURRENT_BINARY_DIR}) -install(FILES ${CMAKE_CURRENT_BINARY_DIR}/bro-config.h DESTINATION include/bro) +install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h DESTINATION include/bro) if ( CAF_ROOT_DIR ) - set(BRO_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR}) + set(ZEEK_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR}) else () - set(BRO_CONFIG_CAF_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_CAF_ROOT_DIR ${BRO_ROOT_DIR}) endif () if ( BinPAC_ROOT_DIR ) - set(BRO_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR}) + set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR}) else () - set(BRO_CONFIG_BINPAC_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BRO_ROOT_DIR}) endif () if ( BROKER_ROOT_DIR ) - set(BRO_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR}) + set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR}) else () - set(BRO_CONFIG_BROKER_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BRO_ROOT_DIR}) endif () -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.in - ${CMAKE_CURRENT_BINARY_DIR}/bro-config @ONLY) -install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/bro-config DESTINATION bin) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in + ${CMAKE_CURRENT_BINARY_DIR}/zeek-config @ONLY) +install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/zeek-config DESTINATION bin) install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cmake DESTINATION share/bro USE_SOURCE_PERMISSIONS) +# Install wrapper script for Bro-to-Zeek renaming. +include(InstallShellScript) +include(InstallSymlink) +InstallShellScript("bin" "zeek-wrapper.in" "zeek-wrapper") +InstallSymlink("${CMAKE_INSTALL_PREFIX}/bin/zeek-wrapper" "${CMAKE_INSTALL_PREFIX}/bin/bro-config") +InstallSymlink("${CMAKE_INSTALL_PREFIX}/include/bro/zeek-config.h" "${CMAKE_INSTALL_PREFIX}/include/bro/bro-config.h") + ######################################################################## ## Recurse on sub-directories @@ -324,14 +331,13 @@ add_subdirectory(man) include(CheckOptionalBuildSources) -CheckOptionalBuildSources(aux/broctl Broctl INSTALL_BROCTL) -CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS) -CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI) +CheckOptionalBuildSources(aux/zeekctl ZeekControl INSTALL_ZEEKCTL) +CheckOptionalBuildSources(aux/zeek-aux Zeek-Aux INSTALL_AUX_TOOLS) ######################################################################## ## Packaging Setup -if (INSTALL_BROCTL) +if (INSTALL_ZEEKCTL) # CPack RPM Generator may not automatically detect this set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.6.0") endif () @@ -352,12 +358,12 @@ if (CMAKE_BUILD_TYPE) endif () message( - "\n====================| Bro Build Summary |=====================" + "\n====================| Zeek Build Summary |====================" "\n" "\nBuild type: ${CMAKE_BUILD_TYPE}" "\nBuild dir: ${CMAKE_BINARY_DIR}" "\nInstall prefix: ${CMAKE_INSTALL_PREFIX}" - "\nBro Script Path: ${BRO_SCRIPT_INSTALL_PATH}" + "\nZeek Script Path: ${BRO_SCRIPT_INSTALL_PATH}" "\nDebug mode: ${ENABLE_DEBUG}" "\n" "\nCC: ${CMAKE_C_COMPILER}" @@ -366,8 +372,7 @@ message( "\nCXXFLAGS: ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}" "\nCPP: ${CMAKE_CXX_COMPILER}" "\n" - "\nBroccoli: ${INSTALL_BROCCOLI}" - "\nBroctl: ${INSTALL_BROCTL}" + "\nZeekControl: ${INSTALL_ZEEKCTL}" "\nAux. Tools: ${INSTALL_AUX_TOOLS}" "\n" "\nlibmaxminddb: ${USE_GEOIP}" diff --git a/Makefile b/Makefile index 8e9d77e3cf..c83ef22a54 100644 --- a/Makefile +++ b/Makefile @@ -55,9 +55,9 @@ test: -@( cd testing && make ) test-aux: - -test -d aux/broctl && ( cd aux/broctl && make test-all ) + -test -d aux/zeekctl && ( cd aux/zeekctl && make test-all ) -test -d aux/btest && ( cd aux/btest && make test ) - -test -d aux/bro-aux && ( cd aux/bro-aux && make test ) + -test -d aux/zeek-aux && ( cd aux/zeek-aux && make test ) -test -d aux/plugins && ( cd aux/plugins && make test-all ) test-all: test test-aux diff --git a/NEWS b/NEWS index b93aa2300b..242cdd4c17 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,5 @@ -This document summarizes the most important changes in the current Bro +This document summarizes the most important changes in the current Zeek release. For an exhaustive list of changes, see the ``CHANGES`` file (note that submodules, such as Broker, come with their own ``CHANGES``.) @@ -18,7 +18,7 @@ New Functionality - dns_NSEC - dns_NSEC3 -- Bro's Plugin framework now allows a patch version. If a patch version is not +- Zeek's Plugin framework now allows a patch version. If a patch version is not provided, it will default to 0. To specify this, modify the plugin Configuration class in your ``src/Plugin.cc`` and set ``config.version.patch``. Note that the default plugin skeleton @@ -72,14 +72,43 @@ New Functionality (capital for originator, lowercase responder) to indicate a content gap in the TCP stream. These are recorded logarithmically. +- The ``ZEEK_DNS_RESOLVER`` environment variable now controls + the DNS resolver to use by setting it to an IPv4 or IPv6 address. If + not set, then the first IPv4 address from /etc/resolv.conf gets used. + +- The ``//i`` convenience syntax for case-insensitive patterns is now + also allowed when specifying patterns used in signature files. + Changed Functionality --------------------- +- The following executable names have changed (the old names will + continue to work, but emit a deprecation warning): + + - ``bro`` is now ``zeek`` + + - ``bro-config`` is now ``zeek-config`` + + - ``broctl`` is now ``zeekctl`` + + - ``bro-cut`` is now ``zeek-cut`` + +- BroControl has been completely renamed to ZeekControl. Many installation + directories and files with "broctl" in their name have been changed + to use "zeekctl" instead. It's expected this has been done in a way + that's backwards compatible with previous Bro installations. E.g. + if you made customizations to the ``broctl.cfg`` file of a previous + installation, installing the newer Zeek version over it will retain that + file and even symlink the new ``zeekctl.cfg`` to it. + - ``$prefix/share/bro/site/local.bro`` has been renamed to - ``local.zeek``. If you have made customizations to that file, it - will no longer be loaded by default by BroControl (ZeekControl), - but you can simply copy it to ``local.zeek`. You may also want to - remove old ``local.bro`` files to avoid potential confusion. + ``local.zeek``. If you have a ``local.bro`` file from a previous + installation, possibly with customizations made to it, the new + version of Zeek will install a ``local.zeek`` file that is a symlink + to the pre-existing ``local.bro``. In that case, you may want to + just copy ``local.bro`` into the new ``local.zeek`` location to + avoid confusion, but things are otherwise meant to work properly + without intervention. - All scripts ending in ``.bro`` that ship with the Zeek source tree have been renamed to ``.zeek``. @@ -176,20 +205,122 @@ Changed Functionality and aren't counted as true gaps. - The Broxygen component, which is used to generate our Doxygen-like - scripting API documentation has been renamed to Zeexygen. This likely has + scripting API documentation has been renamed to Zeekygen. This likely has no breaking or visible changes for most users, except in the case one used it to generate their own documentation via the ``--broxygen`` flag, - which is now named ``--zeexygen``. Besides that, the various documentation + which is now named ``--zeekygen``. Besides that, the various documentation in scripts has also been updated to replace Sphinx cross-referencing roles and directives like ":bro:see:" with ":zeek:zee:". Removed Functionality --------------------- +- A number of functions that were deprecated in version 2.6 or below and completely + removed from this release. Most of the functions were used for the old communication + code. + + - ``find_ip_addresses`` + - ``cat_string_array`` + - ``cat_string_array_n`` + - ``complete_handshake`` + - ``connect`` + - ``decode_base64_custom`` + - ``disconnect`` + - ``enable_communication`` + - ``encode_base64_custom`` + - ``get_event_peer`` + - ``get_local_event_peer`` + - ``join_string_array`` + - ``listen`` + - ``merge_pattern`` + - ``request_remote_events`` + - ``request_remote_logs`` + - ``request_remote_sync`` + - ``resume_state_updates`` + - ``send_capture_filter`` + - ``send_current_packet`` + - ``send_id`` + - ``send_ping`` + - ``set_accept_state`` + - ``set_compression_level`` + - ``sort_string_array`` + - ``split1`` + - ``split_all`` + - ``split`` + - ``suspend_state_updates`` + - ``terminate_communication`` + - ``split`` + - ``send_state`` + - ``checkpoint_state`` + - ``rescan_state`` + +- The following events were deprecated in version 2.6 or below and are completely + removed from this release: + + - ``ssl_server_curve`` + - ``dhcp_ack`` + - ``dhcp_decline`` + - ``dhcp_discover`` + - ``dhcp_inform`` + - ``dhcp_nak`` + - ``dhcp_offer`` + - ``dhcp_release`` + - ``dhcp_request`` + - ``remote_state_access_performed`` + - ``remote_state_inconsistency`` + - ``remote_connection_established`` + - ``remote_connection_closed`` + - ``remote_connection_handshake_done`` + - ``remote_event_registered`` + - ``remote_connection_error`` + - ``remote_capture_filter`` + - ``remote_log_peer`` + - ``remote_log`` + - ``finished_send_state`` + - ``remote_pong`` + +- The following types/records were deprecated in version 2.6 or below and are + removed from this release: + + - ``peer_id`` + - ``event_peer`` + +- The following configuration options were deprecated in version 2.6 or below and are + removed from this release: + + - ``max_remote_events_processed`` + - ``forward_remote_events`` + - ``forward_remote_state_changes`` + - ``enable_syslog`` + - ``remote_trace_sync_interval`` + - ``remote_trace_sync_peers`` + - ``remote_check_sync_consistency`` + +- The following constants were used as part of deprecated functionality in version 2.6 + or below and are removed from this release: + + - ``PEER_ID_NONE`` + - ``REMOTE_LOG_INFO`` + - ``REMOTE_SRC_CHILD`` + - ``REMOTE_SRC_PARENT`` + - ``REMOTE_SRC_SCRIPT`` + +- The deprecated script ``policy/protocols/smb/__load__.bro`` was removed. + Instead of ``@load policy/protocols/smb`` use ``@load base/protocols/smb``. + +- Broccoli, which had been deprecated in version 2.6 and was no longer built by default + was removed from the source tree. + +- Support for the &persistent and the &synchronized attributes, which were deprecated + in Bro 2.6, was removed. The ``-g`` command-line option (dump-config) which relied on + this functionality was also removed. + +- Removed the BroControl ``update`` command, which was deprecated in Bro 2.6. + Deprecated Functionality ------------------------ -- The ``str_shell_escape` function is now deprecated, use ``safe_shell_quote`` +- The ``str_shell_escape`` function is now deprecated, use ``safe_shell_quote`` instead. The later will automatically return a value that is enclosed in double-quotes. @@ -200,6 +331,11 @@ Deprecated Functionality such that existing code will not break, but will emit a deprecation warning. +- The ``rotate_file``, ``rotate_file_by_name`` and ``calc_next_rotate`` functions + were marked as deprecated. These functions were used with the old pre-2.0 logging + framework and are no longer used. They also were marked as deprecated in their + documentation, however the functions themselves did not carry the deprecation marker. + Bro 2.6 ======= @@ -571,7 +707,7 @@ New Functionality Each has the same form, e.g.:: event tcp_multiple_retransmissions(c: connection, is_orig: bool, - threshold: count); + threshold: count); - Added support for set union, intersection, difference, and comparison operations. The corresponding operators for the first three are diff --git a/VERSION b/VERSION index acde488fd3..1b856a34fa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-249 +2.6-311 diff --git a/aux/bifcl b/aux/bifcl index 1b5375e9f8..7a375f0749 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit 1b5375e9f81ecec59f983e6abe86300c6bbbcb8f +Subproject commit 7a375f0749f2bc28083863ff7ec44f3fba3510fa diff --git a/aux/binpac b/aux/binpac index 04c7e27a22..1446af96ea 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 04c7e27a22491a91ee309877253da0922d0822bc +Subproject commit 1446af96ea4b76cc7a837e06b2da021754dde6e8 diff --git a/aux/broccoli b/aux/broccoli deleted file mode 160000 index 8668422406..0000000000 --- a/aux/broccoli +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8668422406cb74f4f0c574a0c9b6365a21f3e81a diff --git a/aux/broctl b/aux/broctl deleted file mode 160000 index 39ae4a469d..0000000000 --- a/aux/broctl +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 39ae4a469d6ae86c12b49020b361da4fcab24b5b diff --git a/aux/broctl b/aux/broctl new file mode 120000 index 0000000000..d17a55b030 --- /dev/null +++ b/aux/broctl @@ -0,0 +1 @@ +zeekctl \ No newline at end of file diff --git a/aux/broker b/aux/broker index 56408c5582..53f7e0da11 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 56408c5582c80db6774c8b25642149dfb542345a +Subproject commit 53f7e0da11c4d6ce014f27ae4dcf807a651fb634 diff --git a/aux/zeek-aux b/aux/zeek-aux index ba482418c4..117e8a550d 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit ba482418c4e16551fd7b9128a4082348ef2842f0 +Subproject commit 117e8a550de1266e2d50428344caf858aab0485b diff --git a/aux/zeekctl b/aux/zeekctl new file mode 160000 index 0000000000..bbfcb91b07 --- /dev/null +++ b/aux/zeekctl @@ -0,0 +1 @@ +Subproject commit bbfcb91b077a8bc145e39d7c941c50ba62826070 diff --git a/configure b/configure index 98bfc5308d..33de4694b9 100755 --- a/configure +++ b/configure @@ -32,14 +32,14 @@ Usage: $0 [OPTION]... [VAR=VALUE]... Installation Directories: --prefix=PREFIX installation directory [/usr/local/bro] - --scriptdir=PATH root installation directory for Bro scripts + --scriptdir=PATH root installation directory for Zeek scripts [PREFIX/share/bro] - --localstatedir=PATH when using BroControl, path to store log files + --localstatedir=PATH when using ZeekControl, path to store log files and run-time data (within log/ and spool/ subdirs) [PREFIX] - --spooldir=PATH when using BroControl, path to store run-time data + --spooldir=PATH when using ZeekControl, path to store run-time data [PREFIX/spool] - --logdir=PATH when using BroControl, path to store log file + --logdir=PATH when using ZeekControl, path to store log file [PREFIX/logs] --conf-files-dir=PATH config files installation directory [PREFIX/etc] @@ -51,13 +51,12 @@ Usage: $0 [OPTION]... [VAR=VALUE]... (automatically on when perftools is present on Linux) --enable-perftools-debug use Google's perftools for debugging --enable-jemalloc link against jemalloc - --enable-broccoli build or install the Broccoli library (deprecated) - --enable-static-broker build broker statically (ignored if --with-broker is specified) + --enable-static-broker build Broker statically (ignored if --with-broker is specified) --enable-static-binpac build binpac statically (ignored if --with-binpac is specified) - --disable-broctl don't install Broctl + --disable-zeekctl don't install ZeekControl --disable-auxtools don't build or install auxiliary tools --disable-perftools don't try to build with Google Perftools - --disable-python don't try to build python bindings for broker + --disable-python don't try to build python bindings for Broker --disable-broker-tests don't try to build Broker unit tests Required Packages in Non-Standard Locations: @@ -66,13 +65,13 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --with-pcap=PATH path to libpcap install root --with-binpac=PATH path to BinPAC executable (useful for cross-compiling) - --with-bifcl=PATH path to Bro BIF compiler executable + --with-bifcl=PATH path to Zeek BIF compiler executable (useful for cross-compiling) --with-flex=PATH path to flex executable --with-bison=PATH path to bison executable --with-python=PATH path to Python executable --with-broker=PATH path to Broker install root - (Bro uses an embedded version by default) + (Zeek uses an embedded version by default) --with-caf=PATH path to C++ Actor Framework install root (a Broker dependency that is embedded by default) @@ -132,7 +131,7 @@ prefix=/usr/local/bro CMakeCacheEntries="" append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix append_cache_entry BRO_ROOT_DIR PATH $prefix -append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/broctl +append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/zeekctl append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro append_cache_entry BRO_ETC_INSTALL_DIR PATH $prefix/etc append_cache_entry ENABLE_DEBUG BOOL false @@ -140,9 +139,8 @@ append_cache_entry ENABLE_PERFTOOLS BOOL false append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false append_cache_entry ENABLE_JEMALLOC BOOL false append_cache_entry BUILD_SHARED_LIBS BOOL true -append_cache_entry INSTALL_BROCCOLI BOOL false append_cache_entry INSTALL_AUX_TOOLS BOOL true -append_cache_entry INSTALL_BROCTL BOOL true +append_cache_entry INSTALL_ZEEKCTL BOOL true append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING append_cache_entry ENABLE_MOBILE_IPV6 BOOL false append_cache_entry DISABLE_PERFTOOLS BOOL false @@ -182,7 +180,7 @@ while [ $# -ne 0 ]; do prefix=$optarg append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg append_cache_entry BRO_ROOT_DIR PATH $optarg - append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/broctl + append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/zeekctl ;; --scriptdir=*) append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg @@ -221,18 +219,14 @@ while [ $# -ne 0 ]; do --enable-jemalloc) append_cache_entry ENABLE_JEMALLOC BOOL true ;; - --enable-broccoli) - append_cache_entry DISABLE_RUBY_BINDINGS BOOL true - append_cache_entry INSTALL_BROCCOLI BOOL yes - ;; --enable-static-broker) append_cache_entry BUILD_STATIC_BROKER BOOL true ;; --enable-static-binpac) append_cache_entry BUILD_STATIC_BINPAC BOOL true ;; - --disable-broctl) - append_cache_entry INSTALL_BROCTL BOOL false + --disable-zeekctl) + append_cache_entry INSTALL_ZEEKCTL BOOL false ;; --disable-auxtools) append_cache_entry INSTALL_AUX_TOOLS BOOL false diff --git a/doc b/doc index 073bb08473..b572056729 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 073bb08473b8172b8bb175e0702204f15f522392 +Subproject commit b5720567293c652233287a17cf781f6195073159 diff --git a/man/bro.8 b/man/zeek.8 similarity index 83% rename from man/bro.8 rename to man/zeek.8 index a4c54d48f6..0d851d0773 100644 --- a/man/bro.8 +++ b/man/zeek.8 @@ -5,13 +5,13 @@ bro \- passive network traffic analyzer .B bro \/\fP [\fIoptions\fR] [\fIfile\fR ...] .SH DESCRIPTION -Bro is primarily a security monitor that inspects all traffic on a link in -depth for signs of suspicious activity. More generally, however, Bro +Zeek is primarily a security monitor that inspects all traffic on a link in +depth for signs of suspicious activity. More generally, however, Zeek supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. -Bro comes with built-in functionality for a range of analysis and detection +Zeek comes with built-in functionality for a range of analysis and detection tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL @@ -36,9 +36,6 @@ augment loaded policies by given code \fB\-f\fR,\ \-\-filter tcpdump filter .TP -\fB\-g\fR,\ \-\-dump\-config -dump current config into .state dir -.TP \fB\-h\fR,\ \-\-help|\-? command line help .TP @@ -99,7 +96,7 @@ Record process status in file \fB\-W\fR,\ \-\-watchdog activate watchdog timer .TP -\fB\-X\fR,\ \-\-zeexygen +\fB\-X\fR,\ \-\-zeekygen generate documentation based on config file .TP \fB\-\-pseudo\-realtime[=\fR] @@ -111,12 +108,12 @@ load seeds from given file \fB\-\-save\-seeds\fR save seeds to given file .TP -The following option is available only when Bro is built with the \-\-enable\-debug configure option: +The following option is available only when Zeek is built with the \-\-enable\-debug configure option: .TP \fB\-B\fR,\ \-\-debug Enable debugging output for selected streams ('-B help' for help) .TP -The following options are available only when Bro is built with gperftools support (use the \-\-enable\-perftools and \-\-enable\-perftools\-debug configure options): +The following options are available only when Zeek is built with gperftools support (use the \-\-enable\-perftools and \-\-enable\-perftools\-debug configure options): .TP \fB\-m\fR,\ \-\-mem-leaks show leaks @@ -150,7 +147,7 @@ ASCII log file extension Output file for script execution statistics .TP .B BRO_DISABLE_BROXYGEN -Disable Zeexygen (Broxygen) documentation support +Disable Zeekygen (Broxygen) documentation support .SH AUTHOR .B bro -was written by The Bro Project . +was written by The Zeek Project . diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 189c9b9df8..a79fb96bd4 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -8,8 +8,27 @@ install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING PATTERN "*.fp" ) -# Install all local* scripts as config files since they are meant to be -# user modify-able. +if ( NOT BINARY_PACKAGING_MODE ) + # If the user has a local.bro file from a previous installation, prefer to + # symlink local.zeek to it to avoid breaking their custom configuration -- + # because ZeekControl will now prefer to load local.zeek rather than local.bro + # and we're about to install a default version of local.zeek. + + set(_local_bro_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.bro) + set(_local_zeek_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.zeek) + + install(CODE " + if ( \"\$ENV{DESTDIR}\" STREQUAL \"\" ) + if ( EXISTS \"${_local_bro_dst}\" AND NOT EXISTS \"${_local_zeek_dst}\" ) + message(STATUS \"WARNING: installed ${_local_zeek_dst} as symlink to ${_local_bro_dst}\") + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink + \"${_local_bro_dst}\" \"${_local_zeek_dst}\") + endif () + endif () + ") +endif () + +# Install local script as a config file since it's meant to be modified directly. InstallPackageConfigFile( ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek ${BRO_SCRIPT_INSTALL_PATH}/site diff --git a/scripts/base/frameworks/analyzer/README b/scripts/base/frameworks/analyzer/README index 2180fdd735..6f8f1f1228 100644 --- a/scripts/base/frameworks/analyzer/README +++ b/scripts/base/frameworks/analyzer/README @@ -1,3 +1,3 @@ -The analyzer framework allows to dynamically enable or disable Bro's +The analyzer framework allows to dynamically enable or disable Zeek's protocol analyzers, as well as to manage the well-known ports which automatically activate a particular analyzer for new connections. diff --git a/scripts/base/frameworks/analyzer/main.zeek b/scripts/base/frameworks/analyzer/main.zeek index 0775768dca..8fd986e497 100644 --- a/scripts/base/frameworks/analyzer/main.zeek +++ b/scripts/base/frameworks/analyzer/main.zeek @@ -1,4 +1,4 @@ -##! Framework for managing Bro's protocol analyzers. +##! Framework for managing Zeek's protocol analyzers. ##! ##! The analyzer framework allows to dynamically enable or disable analyzers, as ##! well as to manage the well-known ports which automatically activate a @@ -21,7 +21,7 @@ export { global disable_all = F &redef; ## Enables an analyzer. Once enabled, the analyzer may be used for analysis - ## of future connections as decided by Bro's dynamic protocol detection. + ## of future connections as decided by Zeek's dynamic protocol detection. ## ## tag: The tag of the analyzer to enable. ## diff --git a/scripts/base/frameworks/broker/README b/scripts/base/frameworks/broker/README index 11c2479d90..c58b85af19 100644 --- a/scripts/base/frameworks/broker/README +++ b/scripts/base/frameworks/broker/README @@ -1,2 +1,2 @@ -The Broker communication framework facilitates connecting to remote Bro +The Broker communication framework facilitates connecting to remote Zeek instances to share state and transfer events. diff --git a/scripts/base/frameworks/broker/main.zeek b/scripts/base/frameworks/broker/main.zeek index f64ff0ce14..d6ea8b08ad 100644 --- a/scripts/base/frameworks/broker/main.zeek +++ b/scripts/base/frameworks/broker/main.zeek @@ -32,27 +32,27 @@ export { const disable_ssl = F &redef; ## Path to a file containing concatenated trusted certificates - ## in PEM format. If set, Bro will require valid certificates for + ## in PEM format. If set, Zeek will require valid certificates for ## all peers. const ssl_cafile = "" &redef; ## Path to an OpenSSL-style directory of trusted certificates. - ## If set, Bro will require valid certificates for + ## If set, Zeek will require valid certificates for ## all peers. const ssl_capath = "" &redef; ## Path to a file containing a X.509 certificate for this - ## node in PEM format. If set, Bro will require valid certificates for + ## node in PEM format. If set, Zeek will require valid certificates for ## all peers. const ssl_certificate = "" &redef; ## Passphrase to decrypt the private key specified by - ## :zeek:see:`Broker::ssl_keyfile`. If set, Bro will require valid + ## :zeek:see:`Broker::ssl_keyfile`. If set, Zeek will require valid ## certificates for all peers. const ssl_passphrase = "" &redef; ## Path to the file containing the private key for this node's - ## certificate. If set, Bro will require valid certificates for + ## certificate. If set, Zeek will require valid certificates for ## all peers. const ssl_keyfile = "" &redef; @@ -61,6 +61,14 @@ export { ## control mechanisms). const congestion_queue_size = 200 &redef; + ## The max number of log entries per log stream to batch together when + ## sending log messages to a remote logger. + const log_batch_size = 400 &redef; + + ## Max time to buffer log messages before sending the current set out as a + ## batch. + const log_batch_interval = 1sec &redef; + ## Max number of threads to use for Broker/CAF functionality. The ## BRO_BROKER_MAX_THREADS environment variable overrides this setting. const max_threads = 1 &redef; @@ -339,7 +347,7 @@ export { ## Peers advertise interest by registering a subscription to some ## prefix of this topic name. ## - ## ev: a Bro event value. + ## ev: a Zeek event value. ## ## Returns: true if automatic event sending is now enabled. global auto_publish: function(topic: string, ev: any): bool; diff --git a/scripts/base/frameworks/broker/store.zeek b/scripts/base/frameworks/broker/store.zeek index dace2032c9..50559c4522 100644 --- a/scripts/base/frameworks/broker/store.zeek +++ b/scripts/base/frameworks/broker/store.zeek @@ -365,15 +365,15 @@ export { # Data API # ########################## - ## Convert any Bro value to communication data. + ## Convert any Zeek value to communication data. ## ## .. note:: Normally you won't need to use this function as data - ## conversion happens implicitly when passing Bro values into Broker + ## conversion happens implicitly when passing Zeek values into Broker ## functions. ## - ## d: any Bro value to attempt to convert (not all types are supported). + ## d: any Zeek value to attempt to convert (not all types are supported). ## - ## Returns: the converted communication data. If the supplied Bro data + ## Returns: the converted communication data. If the supplied Zeek data ## type does not support conversion to communication data, the ## returned record's optional field will not be set. global data: function(d: any): Broker::Data; diff --git a/scripts/base/frameworks/cluster/README b/scripts/base/frameworks/cluster/README index 1bf9907d9b..98a1cfc95b 100644 --- a/scripts/base/frameworks/cluster/README +++ b/scripts/base/frameworks/cluster/README @@ -1,2 +1,2 @@ The cluster framework provides for establishing and controlling a cluster -of Bro instances. +of Zeek instances. diff --git a/scripts/base/frameworks/cluster/main.zeek b/scripts/base/frameworks/cluster/main.zeek index 02c063c346..08cf47485e 100644 --- a/scripts/base/frameworks/cluster/main.zeek +++ b/scripts/base/frameworks/cluster/main.zeek @@ -1,6 +1,6 @@ -##! A framework for establishing and controlling a cluster of Bro instances. +##! A framework for establishing and controlling a cluster of Zeek instances. ##! In order to use the cluster framework, a script named -##! ``cluster-layout.zeek`` must exist somewhere in Bro's script search path +##! ``cluster-layout.zeek`` must exist somewhere in Zeek's script search path ##! which has a cluster definition of the :zeek:id:`Cluster::nodes` variable. ##! The ``CLUSTER_NODE`` environment variable or :zeek:id:`Cluster::node` ##! must also be sent and the cluster framework loaded as a package like @@ -178,7 +178,7 @@ export { global is_enabled: function(): bool; ## This function can be called at any time to determine what type of - ## cluster node the current Bro instance is going to be acting as. + ## cluster node the current Zeek instance is going to be acting as. ## If :zeek:id:`Cluster::is_enabled` returns false, then ## :zeek:enum:`Cluster::NONE` is returned. ## @@ -194,7 +194,7 @@ export { ## The cluster layout definition. This should be placed into a filter ## named cluster-layout.zeek somewhere in the BROPATH. It will be ## automatically loaded if the CLUSTER_NODE environment variable is set. - ## Note that BroControl handles all of this automatically. + ## Note that ZeekControl handles all of this automatically. ## The table is typically indexed by node names/labels (e.g. "manager" ## or "worker-1"). const nodes: table[string] of Node = {} &redef; @@ -202,7 +202,7 @@ export { ## Indicates whether or not the manager will act as the logger and receive ## logs. This value should be set in the cluster-layout.zeek script (the ## value should be true only if no logger is specified in Cluster::nodes). - ## Note that BroControl handles this automatically. + ## Note that ZeekControl handles this automatically. const manager_is_logger = T &redef; ## This is usually supplied on the command line for each instance diff --git a/scripts/base/frameworks/cluster/nodes/logger.zeek b/scripts/base/frameworks/cluster/nodes/logger.zeek index 39dcb751df..6fb5d09208 100644 --- a/scripts/base/frameworks/cluster/nodes/logger.zeek +++ b/scripts/base/frameworks/cluster/nodes/logger.zeek @@ -1,7 +1,7 @@ -##! This is the core Bro script to support the notion of a cluster logger. +##! This is the core Zeek script to support the notion of a cluster logger. ##! -##! The logger is passive (other Bro instances connect to us), and once -##! connected the logger receives logs from other Bro instances. +##! The logger is passive (other Zeek instances connect to us), and once +##! connected the logger receives logs from other Zeek instances. ##! This script will be automatically loaded if necessary based on the ##! type of node being started. @@ -24,6 +24,3 @@ redef Log::default_mail_alarms_interval = 24 hrs; ## Use the cluster's archive logging script. redef Log::default_rotation_postprocessor_cmd = "archive-log"; - -## We're processing essentially *only* remote events. -redef max_remote_events_processed = 10000; diff --git a/scripts/base/frameworks/cluster/nodes/manager.zeek b/scripts/base/frameworks/cluster/nodes/manager.zeek index e54b090522..945d952f31 100644 --- a/scripts/base/frameworks/cluster/nodes/manager.zeek +++ b/scripts/base/frameworks/cluster/nodes/manager.zeek @@ -1,4 +1,4 @@ -##! This is the core Bro script to support the notion of a cluster manager. +##! This is the core Zeek script to support the notion of a cluster manager. ##! ##! The manager is passive (the workers connect to us), and once connected ##! the manager registers for the events on the workers that are needed @@ -21,6 +21,3 @@ redef Log::default_rotation_interval = 24 hrs; ## Use the cluster's delete-log script. redef Log::default_rotation_postprocessor_cmd = "delete-log"; - -## We're processing essentially *only* remote events. -redef max_remote_events_processed = 10000; diff --git a/scripts/base/frameworks/cluster/nodes/proxy.zeek b/scripts/base/frameworks/cluster/nodes/proxy.zeek index e38a5e9109..dec0d69f6b 100644 --- a/scripts/base/frameworks/cluster/nodes/proxy.zeek +++ b/scripts/base/frameworks/cluster/nodes/proxy.zeek @@ -1,14 +1,10 @@ -##! Redefines the options common to all proxy nodes within a Bro cluster. +##! Redefines the options common to all proxy nodes within a Zeek cluster. ##! In particular, proxies are not meant to produce logs locally and they ##! do not forward events anywhere, they mainly synchronize state between ##! worker nodes. @prefixes += cluster-proxy -## The proxy only syncs state; does not forward events. -redef forward_remote_events = F; -redef forward_remote_state_changes = T; - ## Don't do any local logging. redef Log::enable_local_logging = F; diff --git a/scripts/base/frameworks/cluster/nodes/worker.zeek b/scripts/base/frameworks/cluster/nodes/worker.zeek index 826df848f7..02c22fb127 100644 --- a/scripts/base/frameworks/cluster/nodes/worker.zeek +++ b/scripts/base/frameworks/cluster/nodes/worker.zeek @@ -1,4 +1,4 @@ -##! Redefines some options common to all worker nodes within a Bro cluster. +##! Redefines some options common to all worker nodes within a Zeek cluster. ##! In particular, worker nodes do not produce logs locally, instead they ##! send them off to a logger node for processing. diff --git a/scripts/base/frameworks/cluster/pools.zeek b/scripts/base/frameworks/cluster/pools.zeek index ae14a09527..787d3aa0e0 100644 --- a/scripts/base/frameworks/cluster/pools.zeek +++ b/scripts/base/frameworks/cluster/pools.zeek @@ -351,7 +351,7 @@ event zeek_init() &priority=-5 return; # Sorting now ensures the node distribution process is stable even if - # there's a change in the order of time-of-registration between Bro runs. + # there's a change in the order of time-of-registration between Zeek runs. sort(registered_pools, pool_sorter); pool_eligibility[Cluster::WORKER] = diff --git a/scripts/base/frameworks/cluster/setup-connections.zeek b/scripts/base/frameworks/cluster/setup-connections.zeek index 4903f62c0a..9e9374c8b9 100644 --- a/scripts/base/frameworks/cluster/setup-connections.zeek +++ b/scripts/base/frameworks/cluster/setup-connections.zeek @@ -44,7 +44,7 @@ function connect_peers_with_type(node_type: NodeType) event zeek_init() &priority=-10 { - if ( getenv("BROCTL_CHECK_CONFIG") != "" ) + if ( getenv("ZEEKCTL_CHECK_CONFIG") != "" ) return; local self = nodes[node]; diff --git a/scripts/base/frameworks/config/README b/scripts/base/frameworks/config/README index 3640d1e8c4..2869bc78bb 100644 --- a/scripts/base/frameworks/config/README +++ b/scripts/base/frameworks/config/README @@ -1,2 +1,2 @@ -The configuration framework provides a way to change the Bro configuration +The configuration framework provides a way to change the Zeek configuration in "option" values at run-time. diff --git a/scripts/base/frameworks/config/main.zeek b/scripts/base/frameworks/config/main.zeek index b801c82267..3b188732b9 100644 --- a/scripts/base/frameworks/config/main.zeek +++ b/scripts/base/frameworks/config/main.zeek @@ -1,4 +1,4 @@ -##! The configuration framework provides a way to change Bro options +##! The configuration framework provides a way to change Zeek options ##! (as specified by the "option" keyword) at runtime. It also logs runtime ##! changes to options to config.log. diff --git a/scripts/base/frameworks/control/README b/scripts/base/frameworks/control/README index ba6998d43c..4927653f90 100644 --- a/scripts/base/frameworks/control/README +++ b/scripts/base/frameworks/control/README @@ -1,3 +1,3 @@ The control framework provides the foundation for providing "commands" -that can be taken remotely at runtime to modify a running Bro instance +that can be taken remotely at runtime to modify a running Zeek instance or collect information from the running instance. diff --git a/scripts/base/frameworks/control/main.zeek b/scripts/base/frameworks/control/main.zeek index ad1bf3bcce..20cb93c234 100644 --- a/scripts/base/frameworks/control/main.zeek +++ b/scripts/base/frameworks/control/main.zeek @@ -1,12 +1,12 @@ ##! The control framework provides the foundation for providing "commands" -##! that can be taken remotely at runtime to modify a running Bro instance +##! that can be taken remotely at runtime to modify a running Zeek instance ##! or collect information from the running instance. module Control; export { ## The topic prefix used for exchanging control messages via Broker. - const topic_prefix = "bro/control"; + const topic_prefix = "zeek/control"; ## Whether the controllee should call :zeek:see:`Broker::listen`. ## In a cluster, this isn't needed since the setup process calls it. @@ -58,7 +58,7 @@ export { ## Returns the current net_stats. global net_stats_response: event(s: string); - ## Inform the remote Bro instance that it's configuration may have been + ## Inform the remote Zeek instance that it's configuration may have been ## updated. global configuration_update_request: event(); ## This event is a wrapper and alias for the @@ -68,7 +68,7 @@ export { ## Message in response to a configuration update request. global configuration_update_response: event(); - ## Requests that the Bro instance begins shutting down. + ## Requests that the Zeek instance begins shutting down. global shutdown_request: event(); ## Message in response to a shutdown request. global shutdown_response: event(); diff --git a/scripts/base/frameworks/input/README b/scripts/base/frameworks/input/README index 6f00f5f6eb..3ce3232c19 100644 --- a/scripts/base/frameworks/input/README +++ b/scripts/base/frameworks/input/README @@ -1,2 +1,2 @@ The input framework provides a way to read previously stored data either as -an event stream or into a Bro table. +an event stream or into a Zeek table. diff --git a/scripts/base/frameworks/input/main.zeek b/scripts/base/frameworks/input/main.zeek index 84488f130c..973661f871 100644 --- a/scripts/base/frameworks/input/main.zeek +++ b/scripts/base/frameworks/input/main.zeek @@ -1,5 +1,5 @@ ##! The input framework provides a way to read previously stored data either -##! as an event stream or into a Bro table. +##! as an event stream or into a Zeek table. module Input; @@ -55,7 +55,7 @@ export { ## abort. Defaults to false (abort). const accept_unsupported_types = F &redef; - ## A table input stream type used to send data to a Bro table. + ## A table input stream type used to send data to a Zeek table. type TableDescription: record { # Common definitions for tables and events @@ -112,7 +112,7 @@ export { ## ## The event is raised like if it had been declared as follows: ## error_ev: function(desc: TableDescription, message: string, level: Reporter::Level) &optional; - ## The actual declaration uses the ``any`` type because of deficiencies of the Bro type system. + ## The actual declaration uses the ``any`` type because of deficiencies of the Zeek type system. error_ev: any &optional; ## A key/value table that will be passed to the reader. @@ -121,7 +121,7 @@ export { config: table[string] of string &default=table(); }; - ## An event input stream type used to send input data to a Bro event. + ## An event input stream type used to send input data to a Zeek event. type EventDescription: record { # Common definitions for tables and events @@ -166,7 +166,7 @@ export { ## ## The event is raised like it had been declared as follows: ## error_ev: function(desc: EventDescription, message: string, level: Reporter::Level) &optional; - ## The actual declaration uses the ``any`` type because of deficiencies of the Bro type system. + ## The actual declaration uses the ``any`` type because of deficiencies of the Zeek type system. error_ev: any &optional; ## A key/value table that will be passed to the reader. diff --git a/scripts/base/frameworks/input/readers/ascii.zeek b/scripts/base/frameworks/input/readers/ascii.zeek index c757718d53..26d7b2360c 100644 --- a/scripts/base/frameworks/input/readers/ascii.zeek +++ b/scripts/base/frameworks/input/readers/ascii.zeek @@ -1,6 +1,6 @@ ##! Interface for the ascii input reader. ##! -##! The defaults are set to match Bro's ASCII output. +##! The defaults are set to match Zeek's ASCII output. module InputAscii; diff --git a/scripts/base/frameworks/logging/main.zeek b/scripts/base/frameworks/logging/main.zeek index 8746ee3654..3a83808369 100644 --- a/scripts/base/frameworks/logging/main.zeek +++ b/scripts/base/frameworks/logging/main.zeek @@ -1,6 +1,6 @@ -##! The Bro logging interface. +##! The Zeek logging interface. ##! -##! See :doc:`/frameworks/logging` for an introduction to Bro's +##! See :doc:`/frameworks/logging` for an introduction to Zeek's ##! logging framework. module Log; @@ -84,13 +84,13 @@ export { path: string; ##< Original path value. open: time; ##< Time when opened. close: time; ##< Time when closed. - terminating: bool; ##< True if rotation occured due to Bro shutting down. + terminating: bool; ##< True if rotation occured due to Zeek shutting down. }; ## Default rotation interval to use for filters that do not specify ## an interval. Zero disables rotation. ## - ## Note that this is overridden by the BroControl LogRotationInterval + ## Note that this is overridden by the ZeekControl LogRotationInterval ## option. const default_rotation_interval = 0secs &redef; @@ -108,7 +108,7 @@ export { ## Default alarm summary mail interval. Zero disables alarm summary ## mails. ## - ## Note that this is overridden by the BroControl MailAlarmsInterval + ## Note that this is overridden by the ZeekControl MailAlarmsInterval ## option. const default_mail_alarms_interval = 0secs &redef; @@ -219,7 +219,7 @@ export { scope_sep: string &default=default_scope_sep; ## Default prefix for all extension fields. It's typically - ## prudent to set this to something that Bro's logging + ## prudent to set this to something that Zeek's logging ## framework can't normally write out in a field name. ext_prefix: string &default=default_ext_prefix; diff --git a/scripts/base/frameworks/netcontrol/README b/scripts/base/frameworks/netcontrol/README index a8635da300..0702c6b036 100644 --- a/scripts/base/frameworks/netcontrol/README +++ b/scripts/base/frameworks/netcontrol/README @@ -1,3 +1,3 @@ -The NetControl framework provides a way for Bro to interact with networking +The NetControl framework provides a way for Zeek to interact with networking hard- and software, e.g. for dropping and shunting IP addresses/connections, etc. diff --git a/scripts/base/frameworks/netcontrol/drop.zeek b/scripts/base/frameworks/netcontrol/drop.zeek index 9c1adc73d2..452dda27ee 100644 --- a/scripts/base/frameworks/netcontrol/drop.zeek +++ b/scripts/base/frameworks/netcontrol/drop.zeek @@ -32,7 +32,7 @@ export { type DropInfo: record { ## Time at which the recorded activity occurred. ts: time &log; - ## ID of the rule; unique during each Bro run. + ## ID of the rule; unique during each Zeek run. rule_id: string &log; orig_h: addr &log; ##< The originator's IP address. orig_p: port &log &optional; ##< The originator's port number. diff --git a/scripts/base/frameworks/netcontrol/main.zeek b/scripts/base/frameworks/netcontrol/main.zeek index 97b6e27459..8de0209d6d 100644 --- a/scripts/base/frameworks/netcontrol/main.zeek +++ b/scripts/base/frameworks/netcontrol/main.zeek @@ -1,8 +1,8 @@ -##! Bro's NetControl framework. +##! Zeek's NetControl framework. ##! -##! This plugin-based framework allows to control the traffic that Bro monitors +##! This plugin-based framework allows to control the traffic that Zeek monitors ##! as well as, if having access to the forwarding path, the traffic the network -##! forwards. By default, the framework lets everything through, to both Bro +##! forwards. By default, the framework lets everything through, to both Zeek ##! itself as well as on the network. Scripts can then add rules to impose ##! restrictions on entities, such as specific connections or IP addresses. ##! @@ -291,7 +291,7 @@ export { type Info: record { ## Time at which the recorded activity occurred. ts: time &log; - ## ID of the rule; unique during each Bro run. + ## ID of the rule; unique during each Zeek run. rule_id: string &log &optional; ## Type of the log entry. category: InfoCategory &log &optional; @@ -632,7 +632,7 @@ event NetControl::init() &priority=-20 log_msg_no_plugin("waiting for plugins to initialize"); } -# Low-level functions that only runs on the manager (or standalone) Bro node. +# Low-level functions that only runs on the manager (or standalone) Zeek node. function activate_impl(p: PluginState, priority: int) { diff --git a/scripts/base/frameworks/netcontrol/plugin.zeek b/scripts/base/frameworks/netcontrol/plugin.zeek index 2b432e7597..ac94b265b3 100644 --- a/scripts/base/frameworks/netcontrol/plugin.zeek +++ b/scripts/base/frameworks/netcontrol/plugin.zeek @@ -74,7 +74,7 @@ export { ## Table for a plugin to store instance-specific configuration information. ## ## Note, it would be nicer to pass the Plugin instance to all the below, instead - ## of this state table. However Bro's type resolver has trouble with refering to a + ## of this state table. However Zeek's type resolver has trouble with refering to a ## record type from inside itself. redef record PluginState += { ## The plugin that the state belongs to. (Defined separately diff --git a/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek b/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek index ac9bebdc90..1fdb2ced73 100644 --- a/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek +++ b/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek @@ -1,5 +1,5 @@ ##! NetControl plugin for the process-level PacketFilter that comes with -##! Bro. Since the PacketFilter in Bro is quite limited in scope +##! Zeek. Since the PacketFilter in Zeek is quite limited in scope ##! and can only add/remove filters for addresses, this is quite ##! limited in scope at the moment. @@ -13,7 +13,7 @@ export { } # Check if we can handle this rule. If it specifies ports or -# anything Bro cannot handle, simply ignore it for now. +# anything Zeek cannot handle, simply ignore it for now. function packetfilter_check_rule(r: Rule) : bool { if ( r$ty != DROP ) diff --git a/scripts/base/frameworks/netcontrol/shunt.zeek b/scripts/base/frameworks/netcontrol/shunt.zeek index 7cbd8512e2..007daffbb5 100644 --- a/scripts/base/frameworks/netcontrol/shunt.zeek +++ b/scripts/base/frameworks/netcontrol/shunt.zeek @@ -7,7 +7,7 @@ module NetControl; export { redef enum Log::ID += { SHUNT }; - ## Stops forwarding a uni-directional flow's packets to Bro. + ## Stops forwarding a uni-directional flow's packets to Zeek. ## ## f: The flow to shunt. ## @@ -21,7 +21,7 @@ export { type ShuntInfo: record { ## Time at which the recorded activity occurred. ts: time &log; - ## ID of the rule; unique during each Bro run. + ## ID of the rule; unique during each Zeek run. rule_id: string &log; ## Flow ID of the shunted flow. f: flow_id &log; diff --git a/scripts/base/frameworks/netcontrol/types.zeek b/scripts/base/frameworks/netcontrol/types.zeek index 2be65ce3e6..beac2302f6 100644 --- a/scripts/base/frameworks/netcontrol/types.zeek +++ b/scripts/base/frameworks/netcontrol/types.zeek @@ -50,12 +50,12 @@ export { ## Type defining the target of a rule. ## ## Rules can either be applied to the forward path, affecting all network traffic, or - ## on the monitor path, only affecting the traffic that is sent to Bro. The second - ## is mostly used for shunting, which allows Bro to tell the networking hardware that + ## on the monitor path, only affecting the traffic that is sent to Zeek. The second + ## is mostly used for shunting, which allows Zeek to tell the networking hardware that ## it wants to no longer see traffic that it identified as benign. type TargetType: enum { FORWARD, #< Apply rule actively to traffic on forwarding path. - MONITOR, #< Apply rule passively to traffic sent to Bro for monitoring. + MONITOR, #< Apply rule passively to traffic sent to Zeek for monitoring. }; ## Type of rules that the framework supports. Each type lists the extra diff --git a/scripts/base/frameworks/notice/README b/scripts/base/frameworks/notice/README index c46a8a7e5c..8875214a9f 100644 --- a/scripts/base/frameworks/notice/README +++ b/scripts/base/frameworks/notice/README @@ -1,4 +1,4 @@ -The notice framework enables Bro to "notice" things which are odd or +The notice framework enables Zeek to "notice" things which are odd or potentially bad, leaving it to the local configuration to define which of them are actionable. This decoupling of detection and reporting allows -Bro to be customized to the different needs that sites have. +Zeek to be customized to the different needs that sites have. diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.zeek b/scripts/base/frameworks/notice/actions/pp-alarms.zeek index a327f3f9d6..ddfc45af6e 100644 --- a/scripts/base/frameworks/notice/actions/pp-alarms.zeek +++ b/scripts/base/frameworks/notice/actions/pp-alarms.zeek @@ -14,7 +14,7 @@ export { ## Address to send the pretty-printed reports to. Default if not set is ## :zeek:id:`Notice::mail_dest`. ## - ## Note that this is overridden by the BroControl MailAlarmsTo option. + ## Note that this is overridden by the ZeekControl MailAlarmsTo option. const mail_dest_pretty_printed = "" &redef; ## If an address from one of these networks is reported, we mark ## the entry with an additional quote symbol (i.e., ">"). Many MUAs diff --git a/scripts/base/frameworks/notice/main.zeek b/scripts/base/frameworks/notice/main.zeek index f4a7796495..ed0fb86d4f 100644 --- a/scripts/base/frameworks/notice/main.zeek +++ b/scripts/base/frameworks/notice/main.zeek @@ -1,6 +1,6 @@ -##! This is the notice framework which enables Bro to "notice" things which +##! This is the notice framework which enables Zeek to "notice" things which ##! are odd or potentially bad. Decisions of the meaning of various notices -##! need to be done per site because Bro does not ship with assumptions about +##! need to be done per site because Zeek does not ship with assumptions about ##! what is bad activity for sites. More extensive documentation about using ##! the notice framework can be found in :doc:`/frameworks/notice`. @@ -189,26 +189,26 @@ export { ## Local system sendmail program. ## - ## Note that this is overridden by the BroControl SendMail option. + ## Note that this is overridden by the ZeekControl SendMail option. option sendmail = "/usr/sbin/sendmail"; ## Email address to send notices with the ## :zeek:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs ## on rotation with :zeek:enum:`Notice::ACTION_ALARM`. ## - ## Note that this is overridden by the BroControl MailTo option. + ## Note that this is overridden by the ZeekControl MailTo option. const mail_dest = "" &redef; ## Address that emails will be from. ## - ## Note that this is overridden by the BroControl MailFrom option. - option mail_from = "Big Brother "; + ## Note that this is overridden by the ZeekControl MailFrom option. + option mail_from = "Zeek "; ## Reply-to address used in outbound email. option reply_to = ""; ## Text string prefixed to the subject of all emails sent out. ## - ## Note that this is overridden by the BroControl MailSubjectPrefix + ## Note that this is overridden by the ZeekControl MailSubjectPrefix ## option. - option mail_subject_prefix = "[Bro]"; + option mail_subject_prefix = "[Zeek]"; ## The maximum amount of time a plugin can delay email from being sent. const max_email_delay = 15secs &redef; @@ -390,7 +390,7 @@ event zeek_init() &priority=5 Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice, $path="notice"]); Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info, $path="notice_alarm"]); - # If Bro is configured for mailing notices, set up mailing for alarms. + # If Zeek is configured for mailing notices, set up mailing for alarms. # Make sure that this alarm log is also output as text so that it can # be packaged up and emailed later. if ( ! reading_traces() && mail_dest != "" ) diff --git a/scripts/base/frameworks/notice/weird.zeek b/scripts/base/frameworks/notice/weird.zeek index d91a93ce27..d6d381406a 100644 --- a/scripts/base/frameworks/notice/weird.zeek +++ b/scripts/base/frameworks/notice/weird.zeek @@ -1,5 +1,5 @@ ##! This script provides a default set of actions to take for "weird activity" -##! events generated from Bro's event engine. Weird activity is defined as +##! events generated from Zeek's event engine. Weird activity is defined as ##! unusual or exceptional activity that can indicate malformed connections, ##! traffic that doesn't conform to a particular protocol, malfunctioning ##! or misconfigured hardware, or even an attacker attempting to avoid/confuse diff --git a/scripts/base/frameworks/openflow/consts.zeek b/scripts/base/frameworks/openflow/consts.zeek index 3564137701..7b1e635014 100644 --- a/scripts/base/frameworks/openflow/consts.zeek +++ b/scripts/base/frameworks/openflow/consts.zeek @@ -1,7 +1,7 @@ ##! Constants used by the OpenFlow framework. # All types/constants not specific to OpenFlow will be defined here -# until they somehow get into Bro. +# until they somehow get into Zeek. module OpenFlow; @@ -10,7 +10,7 @@ module OpenFlow; const COOKIE_BID_SIZE = 16777216; # start at bit 40 (1 << 40) const COOKIE_BID_START = 1099511627776; -# bro specific cookie ID shall have the 42 bit set (1 << 42) +# Zeek specific cookie ID shall have the 42 bit set (1 << 42) const BRO_COOKIE_ID = 4; # 8 bits group identifier const COOKIE_GID_SIZE = 256; @@ -122,7 +122,7 @@ export { ## Return value for a cookie from a flow ## which is not added, modified or deleted - ## from the bro openflow framework. + ## from the Zeek openflow framework. const INVALID_COOKIE = 0xffffffffffffffff; # Openflow physical port definitions ## Send the packet out the input port. This diff --git a/scripts/base/frameworks/openflow/main.zeek b/scripts/base/frameworks/openflow/main.zeek index ecddea7cb3..09e9ba0f68 100644 --- a/scripts/base/frameworks/openflow/main.zeek +++ b/scripts/base/frameworks/openflow/main.zeek @@ -1,4 +1,4 @@ -##! Bro's OpenFlow control framework. +##! Zeek's OpenFlow control framework. ##! ##! This plugin-based framework allows to control OpenFlow capable ##! switches by implementing communication to an OpenFlow controller diff --git a/scripts/base/frameworks/openflow/plugins/broker.zeek b/scripts/base/frameworks/openflow/plugins/broker.zeek index f37f0b8afc..e6a594822e 100644 --- a/scripts/base/frameworks/openflow/plugins/broker.zeek +++ b/scripts/base/frameworks/openflow/plugins/broker.zeek @@ -61,8 +61,8 @@ function broker_flow_clear_fun(state: OpenFlow::ControllerState): bool function broker_init(state: OpenFlow::ControllerState) { - Broker::peer(cat(state$broker_host), state$broker_port); Broker::subscribe(state$broker_topic); # openflow success and failure events are directly sent back via the other plugin via broker. + Broker::peer(cat(state$broker_host), state$broker_port); } event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) diff --git a/scripts/base/frameworks/openflow/plugins/log.zeek b/scripts/base/frameworks/openflow/plugins/log.zeek index 23a16c3186..a9d397fab4 100644 --- a/scripts/base/frameworks/openflow/plugins/log.zeek +++ b/scripts/base/frameworks/openflow/plugins/log.zeek @@ -1,5 +1,5 @@ ##! OpenFlow plugin that outputs flow-modification commands -##! to a Bro log file. +##! to a Zeek log file. @load base/frameworks/openflow @load base/frameworks/logging diff --git a/scripts/base/frameworks/packet-filter/README b/scripts/base/frameworks/packet-filter/README index 536c1527db..7cc194ec17 100644 --- a/scripts/base/frameworks/packet-filter/README +++ b/scripts/base/frameworks/packet-filter/README @@ -1 +1 @@ -The packet filter framework supports how Bro sets its BPF capture filter. +The packet filter framework supports how Zeek sets its BPF capture filter. diff --git a/scripts/base/frameworks/packet-filter/cluster.zeek b/scripts/base/frameworks/packet-filter/cluster.zeek index 6e41a6045f..b1e1ceaddf 100644 --- a/scripts/base/frameworks/packet-filter/cluster.zeek +++ b/scripts/base/frameworks/packet-filter/cluster.zeek @@ -4,11 +4,11 @@ module PacketFilter; -event remote_connection_handshake_done(p: event_peer) &priority=3 +event Cluster::hello(name: string, id: string) &priority=-3 { - if ( Cluster::local_node_type() == Cluster::WORKER && - p$descr in Cluster::nodes && - Cluster::nodes[p$descr]$node_type == Cluster::MANAGER ) + if ( Cluster::local_node_type() == Cluster::WORKER && + name in Cluster::nodes && + Cluster::nodes[name]$node_type == Cluster::MANAGER ) { # This ensures that a packet filter is installed and logged # after the manager connects to us. diff --git a/scripts/base/frameworks/packet-filter/main.zeek b/scripts/base/frameworks/packet-filter/main.zeek index 160139b1db..5d616eb7e6 100644 --- a/scripts/base/frameworks/packet-filter/main.zeek +++ b/scripts/base/frameworks/packet-filter/main.zeek @@ -1,7 +1,7 @@ -##! This script supports how Bro sets its BPF capture filter. By default -##! Bro sets a capture filter that allows all traffic. If a filter +##! This script supports how Zeek sets its BPF capture filter. By default +##! Zeek sets a capture filter that allows all traffic. If a filter ##! is set on the command line, that filter takes precedence over the default -##! open filter and all filters defined in Bro scripts with the +##! open filter and all filters defined in Zeek scripts with the ##! :zeek:id:`capture_filters` and :zeek:id:`restrict_filters` variables. @load base/frameworks/notice diff --git a/scripts/base/frameworks/packet-filter/netstats.zeek b/scripts/base/frameworks/packet-filter/netstats.zeek index 48b157b3eb..173f4371cd 100644 --- a/scripts/base/frameworks/packet-filter/netstats.zeek +++ b/scripts/base/frameworks/packet-filter/netstats.zeek @@ -1,5 +1,5 @@ ##! This script reports on packet loss from the various packet sources. -##! When Bro is reading input from trace files, this script will not +##! When Zeek is reading input from trace files, this script will not ##! report any packet loss statistics. @load base/frameworks/notice diff --git a/scripts/base/frameworks/reporter/main.zeek b/scripts/base/frameworks/reporter/main.zeek index 54e4123407..ce66e8f86a 100644 --- a/scripts/base/frameworks/reporter/main.zeek +++ b/scripts/base/frameworks/reporter/main.zeek @@ -27,9 +27,9 @@ export { ## terminate program execution. level: Level &log; ## An info/warning/error message that could have either been - ## generated from the internal Bro core or at the scripting-layer. + ## generated from the internal Zeek core or at the scripting-layer. message: string &log; - ## This is the location in a Bro script where the message originated. + ## This is the location in a Zeek script where the message originated. ## Not all reporter messages will have locations in them though. location: string &log &optional; }; diff --git a/scripts/base/frameworks/signatures/README b/scripts/base/frameworks/signatures/README index fd45cd3a19..7bc1926309 100644 --- a/scripts/base/frameworks/signatures/README +++ b/scripts/base/frameworks/signatures/README @@ -1,4 +1,4 @@ The signature framework provides for doing low-level pattern matching. While -signatures are not Bro's preferred detection tool, they sometimes come in +signatures are not Zeek's preferred detection tool, they sometimes come in handy and are closer to what many people are familiar with from using other NIDS. diff --git a/scripts/base/frameworks/signatures/main.zeek b/scripts/base/frameworks/signatures/main.zeek index 910f3b461c..eb2143d4ec 100644 --- a/scripts/base/frameworks/signatures/main.zeek +++ b/scripts/base/frameworks/signatures/main.zeek @@ -1,6 +1,6 @@ ##! Script level signature support. See the ##! :doc:`signature documentation ` for more -##! information about Bro's signature engine. +##! information about Zeek's signature engine. @load base/frameworks/notice diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 86e3317931..a4ac715d78 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -113,7 +113,7 @@ type mime_match: record { ## :zeek:see:`file_magic` type mime_matches: vector of mime_match; -## A connection's transport-layer protocol. Note that Bro uses the term +## A connection's transport-layer protocol. Note that Zeek uses the term ## "connection" broadly, using flow semantics for ICMP and UDP. type transport_proto: enum { unknown_transport, ##< An unknown transport-layer protocol. @@ -235,7 +235,7 @@ type icmp6_nd_option: record { ## A type alias for a vector of ICMPv6 neighbor discovery message options. type icmp6_nd_options: vector of icmp6_nd_option; -# A DNS mapping between IP address and hostname resolved by Bro's internal +# A DNS mapping between IP address and hostname resolved by Zeek's internal # resolver. # # .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -340,8 +340,8 @@ type endpoint: record { l2_addr: string &optional; }; -## A connection. This is Bro's basic connection type describing IP- and -## transport-layer information about the conversation. Note that Bro uses a +## A connection. This is Zeek's basic connection type describing IP- and +## transport-layer information about the conversation. Note that Zeek uses a ## liberal interpretation of "connection" and associates instances of this type ## also with UDP and ICMP flows. type connection: record { @@ -353,7 +353,7 @@ type connection: record { ## interval between first and last data packet (low-level TCP details ## may adjust it somewhat in ambiguous cases). duration: interval; - ## The set of services the connection is using as determined by Bro's + ## The set of services the connection is using as determined by Zeek's ## dynamic protocol detection. Each entry is the label of an analyzer ## that confirmed that it could parse the connection payload. While ## typically, there will be at most one entry for each connection, in @@ -362,8 +362,8 @@ type connection: record { ## the recorded services are independent of any transport-level protocols. service: set[string]; history: string; ##< State history of connections. See *history* in :zeek:see:`Conn::Info`. - ## A globally unique connection identifier. For each connection, Bro - ## creates an ID that is very likely unique across independent Bro runs. + ## A globally unique connection identifier. For each connection, Zeek + ## creates an ID that is very likely unique across independent Zeek runs. ## These IDs can thus be used to tag and locate information associated ## with that connection. uid: string; @@ -390,7 +390,7 @@ option default_file_timeout_interval: interval = 2 mins; ## matching or later, will receive a copy of this buffer. option default_file_bof_buffer_size: count = 4096; -## A file that Bro is analyzing. This is Bro's type for describing the basic +## A file that Zeek is analyzing. This is Zeek's type for describing the basic ## internal metadata collected about a "file", which is essentially just a ## byte stream that is e.g. pulled from a network connection or possibly ## some other input source. @@ -476,7 +476,7 @@ type SYN_packet: record { ## ## .. zeek:see:: get_net_stats type NetStats: record { - pkts_recvd: count &default=0; ##< Packets received by Bro. + pkts_recvd: count &default=0; ##< Packets received by Zeek. pkts_dropped: count &default=0; ##< Packets reported dropped by the system. ## Packets seen on the link. Note that this may differ ## from *pkts_recvd* because of a potential capture_filter. See @@ -484,7 +484,7 @@ type NetStats: record { ## packet capture system, this value may not be available and will then ## be always set to zero. pkts_link: count &default=0; - bytes_recvd: count &default=0; ##< Bytes received by Bro. + bytes_recvd: count &default=0; ##< Bytes received by Zeek. }; type ConnStats: record { @@ -512,16 +512,16 @@ type ConnStats: record { killed_by_inactivity: count; }; -## Statistics about Bro's process. +## Statistics about Zeek's process. ## ## .. zeek:see:: get_proc_stats ## -## .. note:: All process-level values refer to Bro's main process only, not to +## .. note:: All process-level values refer to Zeek's main process only, not to ## the child process it spawns for doing communication. type ProcStats: record { debug: bool; ##< True if compiled with --enable-debug. start_time: time; ##< Start time of process. - real_time: interval; ##< Elapsed real time since Bro started running. + real_time: interval; ##< Elapsed real time since Zeek started running. user_time: interval; ##< User CPU seconds. system_time: interval; ##< System CPU seconds. mem: count; ##< Maximum memory consumed, in KB. @@ -579,8 +579,8 @@ type FileAnalysisStats: record { cumulative: count; ##< Cumulative number of files analyzed. }; -## Statistics related to Bro's active use of DNS. These numbers are -## about Bro performing DNS queries on it's own, not traffic +## Statistics related to Zeek's active use of DNS. These numbers are +## about Zeek performing DNS queries on it's own, not traffic ## being seen. ## ## .. zeek:see:: get_dns_stats @@ -735,7 +735,7 @@ type call_argument_vector: vector of call_argument; # dependent on the names remaining as they are now. ## Set of BPF capture filters to use for capturing, indexed by a user-definable -## ID (which must be unique). If Bro is *not* configured with +## ID (which must be unique). If Zeek is *not* configured with ## :zeek:id:`PacketFilter::enable_auto_protocol_capture_filters`, ## all packets matching at least one of the filters in this table (and all in ## :zeek:id:`restrict_filters`) will be analyzed. @@ -775,35 +775,6 @@ type IPAddrAnonymizationClass: enum { OTHER_ADDR, }; -## A locally unique ID identifying a communication peer. The ID is returned by -## :zeek:id:`connect`. -## -## .. zeek:see:: connect -type peer_id: count; - -## A communication peer. -## -## .. zeek:see:: complete_handshake disconnect finished_send_state -## get_event_peer get_local_event_peer remote_capture_filter -## remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log_peer remote_pong -## request_remote_events request_remote_logs request_remote_sync -## send_capture_filter send_current_packet send_id send_ping send_state -## set_accept_state set_compression_level -## -## .. todo::The type's name is too narrow these days, should rename. -type event_peer: record { - id: peer_id; ##< Locally unique ID of peer (returned by :zeek:id:`connect`). - host: addr; ##< The IP address of the peer. - ## Either the port we connected to at the peer; or our port the peer - ## connected to if the session is remotely initiated. - p: port; - is_local: bool; ##< True if this record describes the local process. - descr: string; ##< The peer's :zeek:see:`peer_description`. - class: string &optional; ##< The self-assigned *class* of the peer. -}; - ## Deprecated. ## ## .. zeek:see:: rotate_file rotate_file_by_name rotate_interval @@ -895,7 +866,7 @@ const mmdb_dir: string = "" &redef; ## Computed entropy values. The record captures a number of measures that are ## computed in parallel. See `A Pseudorandom Number Sequence Test Program -## `_ for more information, Bro uses the same +## `_ for more information, Zeek uses the same ## code. ## ## .. zeek:see:: entropy_test_add entropy_test_finish entropy_test_init find_entropy @@ -1022,7 +993,7 @@ const tcp_max_above_hole_without_any_acks = 16384 &redef; ## If we've seen this much data without any of it being acked, we give up ## on that connection to avoid memory exhaustion due to buffering all that -## stuff. If set to zero, then we don't ever give up. Ideally, Bro would +## stuff. If set to zero, then we don't ever give up. Ideally, Zeek would ## track the current window on a connection and use it to infer that data ## has in fact gone too far, but for now we just make this quite beefy. ## @@ -1817,7 +1788,7 @@ type gtp_delete_pdp_ctx_response_elements: record { ext: gtp_private_extension &optional; }; -# Prototypes of Bro built-in functions. +# Prototypes of Zeek built-in functions. @load base/bif/bro.bif @load base/bif/stats.bif @load base/bif/reporter.bif @@ -1830,13 +1801,13 @@ global log_file_name: function(tag: string): string &redef; ## Deprecated. This is superseded by the new logging framework. global open_log_file: function(tag: string): file &redef; -## Specifies a directory for Bro to store its persistent state. All globals can +## Specifies a directory for Zeek to store its persistent state. All globals can ## be declared persistent via the :zeek:attr:`&persistent` attribute. const state_dir = ".state" &redef; ## Length of the delays inserted when storing state incrementally. To avoid ## dropping packets when serializing larger volumes of persistent state to -## disk, Bro interleaves the operation with continued packet processing. +## disk, Zeek interleaves the operation with continued packet processing. const state_write_delay = 0.01 secs &redef; global done_with_network = F; @@ -1897,7 +1868,7 @@ global secondary_filters: table[string] of event(filter: string, pkt: pkt_hdr) global discarder_maxlen = 128 &redef; ## Function for skipping packets based on their IP header. If defined, this -## function will be called for all IP packets before Bro performs any further +## function will be called for all IP packets before Zeek performs any further ## analysis. If the function signals to discard a packet, no further processing ## will be performed on it. ## @@ -1913,7 +1884,7 @@ global discarder_maxlen = 128 &redef; global discarder_check_ip: function(p: pkt_hdr): bool; ## Function for skipping packets based on their TCP header. If defined, this -## function will be called for all TCP packets before Bro performs any further +## function will be called for all TCP packets before Zeek performs any further ## analysis. If the function signals to discard a packet, no further processing ## will be performed on it. ## @@ -1931,7 +1902,7 @@ global discarder_check_ip: function(p: pkt_hdr): bool; global discarder_check_tcp: function(p: pkt_hdr, d: string): bool; ## Function for skipping packets based on their UDP header. If defined, this -## function will be called for all UDP packets before Bro performs any further +## function will be called for all UDP packets before Zeek performs any further ## analysis. If the function signals to discard a packet, no further processing ## will be performed on it. ## @@ -1949,7 +1920,7 @@ global discarder_check_tcp: function(p: pkt_hdr, d: string): bool; global discarder_check_udp: function(p: pkt_hdr, d: string): bool; ## Function for skipping packets based on their ICMP header. If defined, this -## function will be called for all ICMP packets before Bro performs any further +## function will be called for all ICMP packets before Zeek performs any further ## analysis. If the function signals to discard a packet, no further processing ## will be performed on it. ## @@ -1964,7 +1935,7 @@ global discarder_check_udp: function(p: pkt_hdr, d: string): bool; ## Avoid using it. global discarder_check_icmp: function(p: pkt_hdr): bool; -## Bro's watchdog interval. +## Zeek's watchdog interval. const watchdog_interval = 10 sec &redef; ## The maximum number of timers to expire after processing each new @@ -1973,10 +1944,6 @@ const watchdog_interval = 10 sec &redef; ## "process all expired timers with each new packet". const max_timer_expires = 300 &redef; -## With a similar trade-off, this gives the number of remote events -## to process in a batch before interleaving other activity. -const max_remote_events_processed = 10 &redef; - # These need to match the definitions in Login.h. # # .. zeek:see:: get_login_state @@ -2744,7 +2711,7 @@ export { ## A set of file names used as named pipes over SMB. This ## only comes into play as a heuristic to identify named - ## pipes when the drive mapping wasn't seen by Bro. + ## pipes when the drive mapping wasn't seen by Zeek. ## ## .. zeek:see:: smb_pipe_connect_heuristic const SMB::pipe_filenames: set[string] &redef; @@ -3743,12 +3710,6 @@ global dns_skip_all_addl = T &redef; ## traffic and do not process it. Set to 0 to turn off this functionality. global dns_max_queries = 25 &redef; -## The address of the DNS resolver to use. If not changed from the -## unspecified address, ``[::]``, the first nameserver from /etc/resolv.conf -## gets used (IPv6 is currently only supported if set via this option, not -## when parsed from the file). -const dns_resolver = [::] &redef; - ## HTTP session statistics. ## ## .. zeek:see:: http_stats @@ -4522,13 +4483,13 @@ export { ## The data from the ERROR_MSG message. See :rfc:`4120`. type KRB::Error_Msg: record { ## Protocol version number (5 for KRB5) - pvno : count; + pvno : count &optional; ## The message type (30 for ERROR_MSG) - msg_type : count; + msg_type : count &optional; ## Current time on the client client_time : time &optional; ## Current time on the server - server_time : time; + server_time : time &optional; ## The specific error code error_code : count; ## Realm of the ticket @@ -4536,9 +4497,9 @@ export { ## Name on the ticket client_name : string &optional; ## Realm of the service - service_realm : string; + service_realm : string &optional; ## Name of the service - service_name : string; + service_name : string &optional; ## Additional text to explain the error error_text : string &optional; ## Optional pre-authentication data @@ -4572,25 +4533,25 @@ export { ## Optional pre-authentication data pa_data : vector of KRB::Type_Value &optional; ## Options specified in the request - kdc_options : KRB::KDC_Options; + kdc_options : KRB::KDC_Options &optional; ## Name on the ticket client_name : string &optional; ## Realm of the service - service_realm : string; + service_realm : string &optional; ## Name of the service service_name : string &optional; ## Time the ticket is good from from : time &optional; ## Time the ticket is good till - till : time; + till : time &optional; ## The requested renew-till time rtime : time &optional; ## A random nonce generated by the client - nonce : count; + nonce : count &optional; ## The desired encryption algorithms, in order of preference - encryption_types : vector of count; + encryption_types : vector of count &optional; ## Any additional addresses the ticket should be valid for host_addrs : vector of KRB::Host_Address &optional; ## Additional tickets may be included for certain transactions @@ -4709,16 +4670,16 @@ const detect_filtered_trace = F &redef; ## .. zeek:see:: content_gap partial_connection const report_gaps_for_partial = F &redef; -## Flag to prevent Bro from exiting automatically when input is exhausted. -## Normally Bro terminates when all packet sources have gone dry -## and communication isn't enabled. If this flag is set, Bro's main loop will +## Flag to prevent Zeek from exiting automatically when input is exhausted. +## Normally Zeek terminates when all packet sources have gone dry +## and communication isn't enabled. If this flag is set, Zeek's main loop will ## instead keep idling until :zeek:see:`terminate` is explicitly called. ## ## This is mainly for testing purposes when termination behaviour needs to be ## controlled for reproducing results. const exit_only_after_terminate = F &redef; -## The CA certificate file to authorize remote Bros/Broccolis. +## The CA certificate file to authorize remote Zeeks/Broccolis. ## ## .. zeek:see:: ssl_private_key ssl_passphrase const ssl_ca_certificate = "" &redef; @@ -4729,17 +4690,17 @@ const ssl_ca_certificate = "" &redef; const ssl_private_key = "" &redef; ## The passphrase for our private key. Keeping this undefined -## causes Bro to prompt for the passphrase. +## causes Zeek to prompt for the passphrase. ## ## .. zeek:see:: ssl_private_key ssl_ca_certificate const ssl_passphrase = "" &redef; -## Default mode for Bro's user-space dynamic packet filter. If true, packets +## Default mode for Zeek's user-space dynamic packet filter. If true, packets ## that aren't explicitly allowed through, are dropped from any further ## processing. ## ## .. note:: This is not the BPF packet filter but an additional dynamic filter -## that Bro optionally applies just before normal processing starts. +## that Zeek optionally applies just before normal processing starts. ## ## .. zeek:see:: install_dst_addr_filter install_dst_net_filter ## install_src_addr_filter install_src_net_filter uninstall_dst_addr_filter @@ -4749,70 +4710,14 @@ const packet_filter_default = F &redef; ## Maximum size of regular expression groups for signature matching. const sig_max_group_size = 50 &redef; -## Deprecated. No longer functional. -const enable_syslog = F &redef; - ## Description transmitted to remote communication peers for identification. const peer_description = "bro" &redef; -## If true, broadcast events received from one peer to all other peers. -## -## .. zeek:see:: forward_remote_state_changes -## -## .. note:: This option is only temporary and will disappear once we get a -## more sophisticated script-level communication framework. -const forward_remote_events = F &redef; - -## If true, broadcast state updates received from one peer to all other peers. -## -## .. zeek:see:: forward_remote_events -## -## .. note:: This option is only temporary and will disappear once we get a -## more sophisticated script-level communication framework. -const forward_remote_state_changes = F &redef; - ## The number of IO chunks allowed to be buffered between the child -## and parent process of remote communication before Bro starts dropping +## and parent process of remote communication before Zeek starts dropping ## connections to remote peers in an attempt to catch up. const chunked_io_buffer_soft_cap = 800000 &redef; -## Place-holder constant indicating "no peer". -const PEER_ID_NONE = 0; - -# Signature payload pattern types. -# todo:: use enum to help autodoc -# todo:: Still used? -#const SIG_PATTERN_PAYLOAD = 0; -#const SIG_PATTERN_HTTP = 1; -#const SIG_PATTERN_FTP = 2; -#const SIG_PATTERN_FINGER = 3; - -# Deprecated. -# todo::Should use the new logging framework directly. -const REMOTE_LOG_INFO = 1; ##< Deprecated. -const REMOTE_LOG_ERROR = 2; ##< Deprecated. - -# Source of logging messages from the communication framework. -# todo:: these should go into an enum to make them autodoc'able. -const REMOTE_SRC_CHILD = 1; ##< Message from the child process. -const REMOTE_SRC_PARENT = 2; ##< Message from the parent process. -const REMOTE_SRC_SCRIPT = 3; ##< Message from a policy script. - -## Synchronize trace processing at a regular basis in pseudo-realtime mode. -## -## .. zeek:see:: remote_trace_sync_peers -const remote_trace_sync_interval = 0 secs &redef; - -## Number of peers across which to synchronize trace processing in -## pseudo-realtime mode. -## -## .. zeek:see:: remote_trace_sync_interval -const remote_trace_sync_peers = 0 &redef; - -## Whether for :zeek:attr:`&synchronized` state to send the old value as a -## consistency check. -const remote_check_sync_consistency = F &redef; - ## Reassemble the beginning of all TCP connections before doing ## signature matching. Enabling this provides more accurate matching at the ## expense of CPU cycles. @@ -4825,7 +4730,7 @@ const remote_check_sync_consistency = F &redef; const dpd_reassemble_first_packets = T &redef; ## Size of per-connection buffer used for dynamic protocol detection. For each -## connection, Bro buffers this initial amount of payload in memory so that +## connection, Zeek buffers this initial amount of payload in memory so that ## complete protocol analysis can start even after the initial packets have ## already passed through (i.e., when a DPD signature matches only later). ## However, once the buffer is full, data is deleted and lost to analyzers that @@ -4879,8 +4784,8 @@ const suppress_local_output = F &redef; ## .. zeek:see:: record_all_packets const trace_output_file = ""; -## If a trace file is given with ``-w``, dump *all* packets seen by Bro into it. -## By default, Bro applies (very few) heuristics to reduce the volume. A side +## If a trace file is given with ``-w``, dump *all* packets seen by Zeek into it. +## By default, Zeek applies (very few) heuristics to reduce the volume. A side ## effect of setting this to true is that we can write the packets out before we ## actually process them, which can be helpful for debugging in case the ## analysis triggers a crash. @@ -4901,7 +4806,7 @@ module JSON; export { type TimestampFormat: enum { ## Timestamps will be formatted as UNIX epoch doubles. This is - ## the format that Bro typically writes out timestamps. + ## the format that Zeek typically writes out timestamps. TS_EPOCH, ## Timestamps will be formatted as unsigned integers that ## represent the number of milliseconds since the UNIX @@ -4972,17 +4877,17 @@ export { module Reporter; export { ## Tunable for sending reporter info messages to STDERR. The option to - ## turn it off is presented here in case Bro is being run by some + ## turn it off is presented here in case Zeek is being run by some ## external harness and shouldn't output anything to the console. const info_to_stderr = T &redef; ## Tunable for sending reporter warning messages to STDERR. The option - ## to turn it off is presented here in case Bro is being run by some + ## to turn it off is presented here in case Zeek is being run by some ## external harness and shouldn't output anything to the console. const warnings_to_stderr = T &redef; ## Tunable for sending reporter error messages to STDERR. The option to - ## turn it off is presented here in case Bro is being run by some + ## turn it off is presented here in case Zeek is being run by some ## external harness and shouldn't output anything to the console. const errors_to_stderr = T &redef; } @@ -5074,8 +4979,8 @@ export { module GLOBAL; ## Seed for hashes computed internally for probabilistic data structures. Using -## the same value here will make the hashes compatible between independent Bro -## instances. If left unset, Bro will use a temporary local seed. +## the same value here will make the hashes compatible between independent Zeek +## instances. If left unset, Zeek will use a temporary local seed. const global_hash_seed: string = "" &redef; ## Number of bits in UIDs that are generated to identify connections and @@ -5084,7 +4989,7 @@ const global_hash_seed: string = "" &redef; const bits_per_uid: count = 96 &redef; ## Whether usage of the old communication system is considered an error or -## not. The default Bro configuration no longer works with the non-Broker +## not. The default Zeek configuration no longer works with the non-Broker ## communication system unless you have manually taken action to initialize ## and set up the old comm. system. Deprecation warnings are still emitted ## when setting this flag, but they will not result in a fatal error. diff --git a/scripts/base/init-default.zeek b/scripts/base/init-default.zeek index 6982b0b2f4..d8115895dc 100644 --- a/scripts/base/init-default.zeek +++ b/scripts/base/init-default.zeek @@ -1,5 +1,5 @@ ##! This script loads everything in the base/ script directory. If you want -##! to run Bro without all of these scripts loaded by default, you can use +##! to run Zeek without all of these scripts loaded by default, you can use ##! the ``-b`` (``--bare-mode``) command line argument. You can also copy the ##! "@load" lines from this script to your own script to load only the scripts ##! that you actually want. diff --git a/scripts/base/misc/find-checksum-offloading.zeek b/scripts/base/misc/find-checksum-offloading.zeek index 1edd4f9799..751afeac43 100644 --- a/scripts/base/misc/find-checksum-offloading.zeek +++ b/scripts/base/misc/find-checksum-offloading.zeek @@ -50,7 +50,7 @@ event ChecksumOffloading::check() bad_checksum_msg += "UDP"; } - local message = fmt("Your %s invalid %s checksums, most likely from NIC checksum offloading. By default, packets with invalid checksums are discarded by Bro unless using the -C command-line option or toggling the 'ignore_checksums' variable. Alternatively, disable checksum offloading by the network adapter to ensure Bro analyzes the actual checksums that are transmitted.", packet_src, bad_checksum_msg); + local message = fmt("Your %s invalid %s checksums, most likely from NIC checksum offloading. By default, packets with invalid checksums are discarded by Zeek unless using the -C command-line option or toggling the 'ignore_checksums' variable. Alternatively, disable checksum offloading by the network adapter to ensure Zeek analyzes the actual checksums that are transmitted.", packet_src, bad_checksum_msg); Reporter::warning(message); done = T; } diff --git a/scripts/base/misc/find-filtered-trace.zeek b/scripts/base/misc/find-filtered-trace.zeek index f7bdbb9e91..e4dcf9848c 100644 --- a/scripts/base/misc/find-filtered-trace.zeek +++ b/scripts/base/misc/find-filtered-trace.zeek @@ -2,7 +2,7 @@ ##! control packets (e.g. it's been filtered to contain only SYN/FIN/RST ##! packets and no content). On finding such a trace, a warning is ##! emitted that suggests toggling the :zeek:see:`detect_filtered_trace` -##! option may be desired if the user does not want Bro to report +##! option may be desired if the user does not want Zeek to report ##! missing TCP segments. module FilteredTraceDetection; @@ -45,5 +45,5 @@ event zeek_done() return; if ( ! saw_tcp_conn_with_data ) - Reporter::warning("The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired."); + Reporter::warning("The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Zeek reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired."); } diff --git a/scripts/base/misc/version.zeek b/scripts/base/misc/version.zeek index 4066dadedd..1a453487b2 100644 --- a/scripts/base/misc/version.zeek +++ b/scripts/base/misc/version.zeek @@ -1,4 +1,4 @@ -##! Provide information about the currently running Bro version. +##! Provide information about the currently running Zeek version. ##! The most convenient way to access this are the Version::number ##! and Version::info constants. @@ -8,12 +8,12 @@ module Version; export { - ## A type exactly describing a Bro version + ## A type exactly describing a Zeek version type VersionDescription: record { ## Number representing the version which can be used for easy comparison. ## The format of the number is ABBCC with A being the major version, ## bb being the minor version (2 digits) and CC being the patchlevel (2 digits). - ## As an example, Bro 2.4.1 results in the number 20401. + ## As an example, Zeek 2.4.1 results in the number 20401. version_number: count; ## Major version number (e.g. 2 for 2.5) major: count; @@ -23,7 +23,7 @@ export { patch: count; ## Commit number for development versions, e.g. 12 for 2.4-12. 0 for non-development versions commit: count; - ## If set to true, the version is a beta build of Bro + ## If set to true, the version is a beta build of Zeek beta: bool; ## If set to true, the version is a debug build debug: bool; @@ -33,12 +33,12 @@ export { ## Parse a given version string. ## - ## version_string: Bro version string. + ## version_string: Zeek version string. ## ## Returns: `VersionDescription` record. global parse: function(version_string: string): VersionDescription; - ## Test if the current running version of Bro is greater or equal to the given version + ## Test if the current running version of Zeek is greater or equal to the given version ## string. ## ## version_string: Version to check against the current running version. @@ -74,13 +74,13 @@ function parse(version_string: string): VersionDescription } export { - ## version number of the currently running version of Bro as a numeric representation. + ## version number of the currently running version of Zeek as a numeric representation. ## The format of the number is ABBCC with A being the major version, ## bb being the minor version (2 digits) and CC being the patchlevel (2 digits). - ## As an example, Bro 2.4.1 results in the number 20401 + ## As an example, Zeek 2.4.1 results in the number 20401 const number = Version::parse(bro_version())$version_number; - ## `VersionDescription` record pertaining to the currently running version of Bro. + ## `VersionDescription` record pertaining to the currently running version of Zeek. const info = Version::parse(bro_version()); } diff --git a/scripts/base/protocols/conn/main.zeek b/scripts/base/protocols/conn/main.zeek index ecc9e436ac..653aa6816d 100644 --- a/scripts/base/protocols/conn/main.zeek +++ b/scripts/base/protocols/conn/main.zeek @@ -112,7 +112,7 @@ export { ## w packet with a zero window advertisement ## i inconsistent packet (e.g. FIN+RST bits set) ## q multi-flag packet (SYN+FIN or SYN+RST bits set) - ## ^ connection direction was flipped by Bro's heuristic + ## ^ connection direction was flipped by Zeek's heuristic ## ====== ==================================================== ## ## If the event comes from the originator, the letter is in diff --git a/scripts/base/protocols/dhcp/main.zeek b/scripts/base/protocols/dhcp/main.zeek index 1f98cd0583..f72283a503 100644 --- a/scripts/base/protocols/dhcp/main.zeek +++ b/scripts/base/protocols/dhcp/main.zeek @@ -138,7 +138,7 @@ function join_data_expiration(t: table[count] of Info, idx: count): interval # If a message hasn't been seen in the past 5 seconds or the # total time watching has been more than the maximum time # allowed by the configuration then log this data and expire it. - # Also, if Bro is shutting down. + # Also, if Zeek is shutting down. if ( (now - info$last_message_ts) > 5sec || (now - info$ts) > max_txid_watch_time || bro_is_terminating() ) diff --git a/scripts/base/protocols/dns/main.zeek b/scripts/base/protocols/dns/main.zeek index f91a94b0cb..b8cb2b80b5 100644 --- a/scripts/base/protocols/dns/main.zeek +++ b/scripts/base/protocols/dns/main.zeek @@ -116,7 +116,7 @@ export { ## Give up trying to match pending DNS queries or replies for a given ## query/transaction ID once this number of unmatched queries or replies ## is reached (this shouldn't happen unless either the DNS server/resolver - ## is broken, Bro is not seeing all the DNS traffic, or an AXFR query + ## is broken, Zeek is not seeing all the DNS traffic, or an AXFR query ## response is ongoing). option max_pending_msgs = 50; @@ -561,7 +561,7 @@ event connection_state_remove(c: connection) &priority=-5 if ( ! c?$dns_state ) return; - # If Bro is expiring state, we should go ahead and log all unmatched + # If Zeek is expiring state, we should go ahead and log all unmatched # queries and replies now. if( c$dns_state?$pending_query ) Log::write(DNS::LOG, c$dns_state$pending_query); diff --git a/scripts/base/protocols/krb/main.zeek b/scripts/base/protocols/krb/main.zeek index 72103104d5..cdcdf48f58 100644 --- a/scripts/base/protocols/krb/main.zeek +++ b/scripts/base/protocols/krb/main.zeek @@ -118,7 +118,9 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5 c$krb$client = fmt("%s%s", msg?$client_name ? msg$client_name + "/" : "", msg?$client_realm ? msg$client_realm : ""); - c$krb$service = msg$service_name; + if ( msg?$service_name ) + c$krb$service = msg$service_name; + c$krb$success = F; c$krb$error_code = msg$error_code; @@ -139,16 +141,23 @@ event krb_as_request(c: connection, msg: KDC_Request) &priority=5 return; c$krb$request_type = "AS"; - c$krb$client = fmt("%s/%s", msg?$client_name ? msg$client_name : "", msg$service_realm); + + c$krb$client = fmt("%s/%s", msg?$client_name ? msg$client_name : "", + msg?$service_realm ? msg$service_realm : ""); + if ( msg?$service_name ) c$krb$service = msg$service_name; if ( msg?$from ) c$krb$from = msg$from; - c$krb$till = msg$till; + if ( msg?$till ) + c$krb$till = msg$till; - c$krb$forwardable = msg$kdc_options$forwardable; - c$krb$renewable = msg$kdc_options$renewable; + if ( msg?$kdc_options ) + { + c$krb$forwardable = msg$kdc_options$forwardable; + c$krb$renewable = msg$kdc_options$renewable; + } } event krb_as_response(c: connection, msg: KDC_Response) &priority=5 @@ -188,10 +197,14 @@ event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5 c$krb$service = msg$service_name; if ( msg?$from ) c$krb$from = msg$from; - c$krb$till = msg$till; + if ( msg?$till ) + c$krb$till = msg$till; - c$krb$forwardable = msg$kdc_options$forwardable; - c$krb$renewable = msg$kdc_options$renewable; + if ( msg?$kdc_options ) + { + c$krb$forwardable = msg$kdc_options$forwardable; + c$krb$renewable = msg$kdc_options$renewable; + } } event krb_tgs_response(c: connection, msg: KDC_Response) &priority=5 diff --git a/scripts/base/utils/active-http.zeek b/scripts/base/utils/active-http.zeek index 27eb6e2bb2..4f84ebca71 100644 --- a/scripts/base/utils/active-http.zeek +++ b/scripts/base/utils/active-http.zeek @@ -78,7 +78,7 @@ function request2curl(r: Request, bodyfile: string, headersfile: string): string function request(req: Request): ActiveHTTP::Response { - local tmpfile = "/tmp/bro-activehttp-" + unique_id(""); + local tmpfile = "/tmp/zeek-activehttp-" + unique_id(""); local bodyfile = fmt("%s_body", tmpfile); local headersfile = fmt("%s_headers", tmpfile); diff --git a/scripts/base/utils/addrs.zeek b/scripts/base/utils/addrs.zeek index 9d165936ef..a4a4ef98e2 100644 --- a/scripts/base/utils/addrs.zeek +++ b/scripts/base/utils/addrs.zeek @@ -1,31 +1,67 @@ ##! Functions for parsing and manipulating IP and MAC addresses. # Regular expressions for matching IP addresses in strings. -const ipv4_addr_regex = /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/; -const ipv6_8hex_regex = /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/; -const ipv6_compressed_hex_regex = /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/; -const ipv6_hex4dec_regex = /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; -const ipv6_compressed_hex4dec_regex = /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; -# These are commented out until patterns can be constructed this way at init time. -#const ipv6_addr_regex = ipv6_8hex_regex | -# ipv6_compressed_hex_regex | -# ipv6_hex4dec_regex | -# ipv6_compressed_hex4dec_regex; -#const ip_addr_regex = ipv4_addr_regex | ipv6_addr_regex; +const ipv4_decim = /[0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5]/; -const ipv6_addr_regex = - /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/ | - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/ | # IPv6 Compressed Hex - /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ | # 6Hex4Dec - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; # CompressedHex4Dec +const ipv4_addr_regex = ipv4_decim & /\./ & ipv4_decim & /\./ & ipv4_decim & /\./ & ipv4_decim; -const ip_addr_regex = - /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/ | - /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/ | - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/ | # IPv6 Compressed Hex - /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ | # 6Hex4Dec - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; # CompressedHex4Dec +const ipv6_hextet = /[0-9A-Fa-f]{1,4}/; + +const ipv6_8hex_regex = /([0-9A-Fa-f]{1,4}:){7}/ & ipv6_hextet; + +const ipv6_hex4dec_regex = /([0-9A-Fa-f]{1,4}:){6}/ & ipv4_addr_regex; + +const ipv6_compressed_lead_hextets0 = /::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,6})?/; + +const ipv6_compressed_lead_hextets1 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?/; + +const ipv6_compressed_lead_hextets2 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?/; + +const ipv6_compressed_lead_hextets3 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?/; + +const ipv6_compressed_lead_hextets4 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?/; + +const ipv6_compressed_lead_hextets5 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?/; + +const ipv6_compressed_lead_hextets6 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?/; + +const ipv6_compressed_lead_hextets7 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){6}::/; + +const ipv6_compressed_hex_regex = ipv6_compressed_lead_hextets0 | + ipv6_compressed_lead_hextets1 | + ipv6_compressed_lead_hextets2 | + ipv6_compressed_lead_hextets3 | + ipv6_compressed_lead_hextets4 | + ipv6_compressed_lead_hextets5 | + ipv6_compressed_lead_hextets6 | + ipv6_compressed_lead_hextets7; + +const ipv6_compressed_hext4dec_lead_hextets0 = /::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets1 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets2 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets3 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets4 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets5 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::/ & ipv4_addr_regex; + +const ipv6_compressed_hex4dec_regex = ipv6_compressed_hext4dec_lead_hextets0 | + ipv6_compressed_hext4dec_lead_hextets1 | + ipv6_compressed_hext4dec_lead_hextets2 | + ipv6_compressed_hext4dec_lead_hextets3 | + ipv6_compressed_hext4dec_lead_hextets4 | + ipv6_compressed_hext4dec_lead_hextets5; + +const ipv6_addr_regex = ipv6_8hex_regex | + ipv6_compressed_hex_regex | + ipv6_hex4dec_regex | + ipv6_compressed_hex4dec_regex; + +const ip_addr_regex = ipv4_addr_regex | ipv6_addr_regex; ## Checks if all elements of a string array are a valid octet value. ## @@ -44,67 +80,6 @@ function has_valid_octets(octets: string_vec): bool return T; } -## Checks if a string appears to be a valid IPv4 or IPv6 address. -## -## ip_str: the string to check for valid IP formatting. -## -## Returns: T if the string is a valid IPv4 or IPv6 address format. -function is_valid_ip(ip_str: string): bool - { - local octets: string_vec; - if ( ip_str == ipv4_addr_regex ) - { - octets = split_string(ip_str, /\./); - if ( |octets| != 4 ) - return F; - - return has_valid_octets(octets); - } - else if ( ip_str == ipv6_addr_regex ) - { - if ( ip_str == ipv6_hex4dec_regex || - ip_str == ipv6_compressed_hex4dec_regex ) - { - # the regexes for hybrid IPv6-IPv4 address formats don't for valid - # octets within the IPv4 part, so do that now - octets = split_string(ip_str, /\./); - if ( |octets| != 4 ) - return F; - - # get rid of remaining IPv6 stuff in first octet - local tmp = split_string(octets[0], /:/); - octets[0] = tmp[|tmp| - 1]; - - return has_valid_octets(octets); - } - else - { - # pure IPv6 address formats that only use hex digits don't need - # any additional checks -- the regexes should be complete - return T; - } - } - return F; - } - -## Extracts all IP (v4 or v6) address strings from a given string. -## -## input: a string that may contain an IP address anywhere within it. -## -## Returns: an array containing all valid IP address strings found in *input*. -function find_ip_addresses(input: string): string_array &deprecated - { - local parts = split_string_all(input, ip_addr_regex); - local output: string_array; - - for ( i in parts ) - { - if ( i % 2 == 1 && is_valid_ip(parts[i]) ) - output[|output|] = parts[i]; - } - return output; - } - ## Extracts all IP (v4 or v6) address strings from a given string. ## ## input: a string that may contain an IP address anywhere within it. diff --git a/scripts/base/utils/geoip-distance.zeek b/scripts/base/utils/geoip-distance.zeek index 8aa2601500..241c274175 100644 --- a/scripts/base/utils/geoip-distance.zeek +++ b/scripts/base/utils/geoip-distance.zeek @@ -1,7 +1,7 @@ ##! Functions to calculate distance between two locations, based on GeoIP data. ## Returns the distance between two IP addresses using the haversine formula, -## based on GeoIP database locations. Requires Bro to be built with GeoIP. +## based on GeoIP database locations. Requires Zeek to be built with GeoIP. ## ## a1: First IP address. ## diff --git a/scripts/base/utils/json.zeek b/scripts/base/utils/json.zeek index ead214f93e..5bce89d18b 100644 --- a/scripts/base/utils/json.zeek +++ b/scripts/base/utils/json.zeek @@ -1,9 +1,9 @@ -##! Functions to assist with generating JSON data from Bro data scructures. +##! Functions to assist with generating JSON data from Zeek data scructures. # We might want to implement this in core somtime, this looks... hacky at best. @load base/utils/strings -## A function to convert arbitrary Bro data into a JSON string. +## A function to convert arbitrary Zeek data into a JSON string. ## ## v: The value to convert to JSON. Typically a record. ## diff --git a/scripts/base/utils/patterns.zeek b/scripts/base/utils/patterns.zeek index 6d955339f8..861f0b20bd 100644 --- a/scripts/base/utils/patterns.zeek +++ b/scripts/base/utils/patterns.zeek @@ -9,7 +9,7 @@ module GLOBAL; ## ss: a set of strings to OR together. ## ## pat: the pattern containing a "~~" in it. If a literal backslash is -## included, it needs to be escaped with another backslash due to Bro's +## included, it needs to be escaped with another backslash due to Zeek's ## string parsing reducing it to a single backslash upon rendering. ## ## Returns: the input pattern with "~~" replaced by OR'd elements of input set. diff --git a/scripts/base/utils/site.zeek b/scripts/base/utils/site.zeek index 949f340410..94c487f7a3 100644 --- a/scripts/base/utils/site.zeek +++ b/scripts/base/utils/site.zeek @@ -17,7 +17,7 @@ export { [::1]/128, }; - ## Networks that are considered "local". Note that BroControl sets + ## Networks that are considered "local". Note that ZeekControl sets ## this automatically. option local_nets: set[subnet] = {}; diff --git a/scripts/base/utils/strings.zeek b/scripts/base/utils/strings.zeek index 8a3f03faaa..4fa002acd6 100644 --- a/scripts/base/utils/strings.zeek +++ b/scripts/base/utils/strings.zeek @@ -1,5 +1,5 @@ ##! Functions to assist with small string analysis and manipulation that can -##! be implemented as Bro functions and don't need to be implemented as built-in +##! be implemented as Zeek functions and don't need to be implemented as built-in ##! functions. ## Returns true if the given string is at least 25% composed of 8-bit diff --git a/scripts/policy/frameworks/control/controllee.zeek b/scripts/policy/frameworks/control/controllee.zeek index 89768ef997..f807915852 100644 --- a/scripts/policy/frameworks/control/controllee.zeek +++ b/scripts/policy/frameworks/control/controllee.zeek @@ -1,11 +1,11 @@ ##! The controllee portion of the control framework. Load this script if remote -##! runtime control of the Bro process is desired. +##! runtime control of the Zeek process is desired. ##! ##! A controllee only needs to load the controllee script in addition ##! to the specific analysis scripts desired. It may also need a node ##! configured as a controller node in the communications nodes configuration:: ##! -##! bro frameworks/control/controllee +##! zeek frameworks/control/controllee @load base/frameworks/control @load base/frameworks/broker diff --git a/scripts/policy/frameworks/control/controller.zeek b/scripts/policy/frameworks/control/controller.zeek index 6befe70fe8..b68f89b345 100644 --- a/scripts/policy/frameworks/control/controller.zeek +++ b/scripts/policy/frameworks/control/controller.zeek @@ -1,10 +1,10 @@ ##! This is a utility script that implements the controller interface for the -##! control framework. It's intended to be run to control a remote Bro +##! control framework. It's intended to be run to control a remote Zeek ##! and then shutdown. ##! ##! It's intended to be used from the command line like this:: ##! -##! bro frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] +##! zeek frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] @load base/frameworks/control @load base/frameworks/broker diff --git a/scripts/policy/frameworks/packet-filter/shunt.zeek b/scripts/policy/frameworks/packet-filter/shunt.zeek index 3a08dfaddd..8fd2596fdc 100644 --- a/scripts/policy/frameworks/packet-filter/shunt.zeek +++ b/scripts/policy/frameworks/packet-filter/shunt.zeek @@ -4,18 +4,18 @@ module PacketFilter; export { - ## The maximum number of BPF based shunts that Bro is allowed to perform. + ## The maximum number of BPF based shunts that Zeek is allowed to perform. const max_bpf_shunts = 100 &redef; ## Call this function to use BPF to shunt a connection (to prevent the - ## data packets from reaching Bro). For TCP connections, control - ## packets are still allowed through so that Bro can continue logging + ## data packets from reaching Zeek). For TCP connections, control + ## packets are still allowed through so that Zeek can continue logging ## the connection and it can stop shunting once the connection ends. global shunt_conn: function(id: conn_id): bool; ## This function will use a BPF expression to shunt traffic between ## the two hosts given in the `conn_id` so that the traffic is never - ## exposed to Bro's traffic processing. + ## exposed to Zeek's traffic processing. global shunt_host_pair: function(id: conn_id): bool; ## Remove shunting for a host pair given as a `conn_id`. The filter diff --git a/scripts/policy/integration/barnyard2/main.zeek b/scripts/policy/integration/barnyard2/main.zeek index 876467eb8a..7e77e66ee6 100644 --- a/scripts/policy/integration/barnyard2/main.zeek +++ b/scripts/policy/integration/barnyard2/main.zeek @@ -1,4 +1,4 @@ -##! This script lets Barnyard2 integrate with Bro. It receives alerts from +##! This script lets Barnyard2 integrate with Zeek. It receives alerts from ##! Barnyard2 and logs them. In the future it will do more correlation ##! and derive new notices from the alerts. @@ -20,7 +20,7 @@ export { ## This can convert a Barnyard :zeek:type:`Barnyard2::PacketID` value to ## a :zeek:type:`conn_id` value in the case that you might need to index - ## into an existing data structure elsewhere within Bro. + ## into an existing data structure elsewhere within Zeek. global pid2cid: function(p: PacketID): conn_id; } diff --git a/scripts/policy/integration/collective-intel/README b/scripts/policy/integration/collective-intel/README index 17d534c8dd..3e28be5903 100644 --- a/scripts/policy/integration/collective-intel/README +++ b/scripts/policy/integration/collective-intel/README @@ -1,4 +1,4 @@ The scripts in this module are for deeper integration with the -Collective Intelligence Framework (CIF) since Bro's Intel framework +Collective Intelligence Framework (CIF) since Zeek's Intel framework doesn't natively behave the same as CIF nor does it store and maintain the same data in all cases. diff --git a/scripts/policy/integration/collective-intel/main.zeek b/scripts/policy/integration/collective-intel/main.zeek index 48459c378a..fac86dd744 100644 --- a/scripts/policy/integration/collective-intel/main.zeek +++ b/scripts/policy/integration/collective-intel/main.zeek @@ -3,7 +3,7 @@ module Intel; -## These are some fields to add extended compatibility between Bro and the +## These are some fields to add extended compatibility between Zeek and the ## Collective Intelligence Framework. redef record Intel::MetaData += { ## Maps to the Impact field in the Collective Intelligence Framework. diff --git a/scripts/policy/misc/capture-loss.zeek b/scripts/policy/misc/capture-loss.zeek index c6516d46eb..2864a81109 100644 --- a/scripts/policy/misc/capture-loss.zeek +++ b/scripts/policy/misc/capture-loss.zeek @@ -25,7 +25,7 @@ export { ts: time &log; ## The time delay between this measurement and the last. ts_delta: interval &log; - ## In the event that there are multiple Bro instances logging + ## In the event that there are multiple Zeek instances logging ## to the same host, this distinguishes each peer with its ## individual name. peer: string &log; diff --git a/scripts/policy/misc/dump-events.zeek b/scripts/policy/misc/dump-events.zeek index 7d27e91981..9b3a78ffd3 100644 --- a/scripts/policy/misc/dump-events.zeek +++ b/scripts/policy/misc/dump-events.zeek @@ -1,6 +1,6 @@ -##! This script dumps the events that Bro raises out to standard output in a +##! This script dumps the events that Zeek raises out to standard output in a ##! readable form. This is for debugging only and allows to understand events and -##! their parameters as Bro processes input. Note that it will show only events +##! their parameters as Zeek processes input. Note that it will show only events ##! for which a handler is defined. module DumpEvents; diff --git a/scripts/policy/misc/load-balancing.zeek b/scripts/policy/misc/load-balancing.zeek index 62f352f12e..7a1be09871 100644 --- a/scripts/policy/misc/load-balancing.zeek +++ b/scripts/policy/misc/load-balancing.zeek @@ -1,5 +1,5 @@ -##! This script implements the "Bro side" of several load balancing -##! approaches for Bro clusters. +##! This script implements the "Zeek side" of several load balancing +##! approaches for Zeek clusters. @load base/frameworks/cluster @load base/frameworks/packet-filter diff --git a/scripts/policy/misc/profiling.zeek b/scripts/policy/misc/profiling.zeek index fed8c41f54..197d3a3f82 100644 --- a/scripts/policy/misc/profiling.zeek +++ b/scripts/policy/misc/profiling.zeek @@ -1,4 +1,4 @@ -##! Turns on profiling of Bro resource consumption. +##! Turns on profiling of Zeek resource consumption. module Profiling; diff --git a/scripts/policy/misc/stats.zeek b/scripts/policy/misc/stats.zeek index 9c4ae4e792..8c59c30c30 100644 --- a/scripts/policy/misc/stats.zeek +++ b/scripts/policy/misc/stats.zeek @@ -100,7 +100,7 @@ event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: Pr local ds = get_dns_stats(); if ( bro_is_terminating() ) - # No more stats will be written or scheduled when Bro is + # No more stats will be written or scheduled when Zeek is # shutting down. return; diff --git a/scripts/policy/protocols/conn/known-hosts.zeek b/scripts/policy/protocols/conn/known-hosts.zeek index 702ab59ca3..19bf2cef05 100644 --- a/scripts/policy/protocols/conn/known-hosts.zeek +++ b/scripts/policy/protocols/conn/known-hosts.zeek @@ -1,4 +1,4 @@ -##! This script logs hosts that Bro determines have performed complete TCP +##! This script logs hosts that Zeek determines have performed complete TCP ##! handshakes and logs the address once per day (by default). The log that ##! is output provides an easy way to determine a count of the IP addresses in ##! use on a network per day. @@ -22,7 +22,7 @@ export { }; ## Toggles between different implementations of this script. - ## When true, use a Broker data store, else use a regular Bro set + ## When true, use a Broker data store, else use a regular Zeek set ## with keys uniformly distributed over proxy nodes in cluster ## operation. const use_host_store = T &redef; diff --git a/scripts/policy/protocols/conn/known-services.zeek b/scripts/policy/protocols/conn/known-services.zeek index 767962b791..fc8c3e806e 100644 --- a/scripts/policy/protocols/conn/known-services.zeek +++ b/scripts/policy/protocols/conn/known-services.zeek @@ -28,7 +28,7 @@ export { }; ## Toggles between different implementations of this script. - ## When true, use a Broker data store, else use a regular Bro set + ## When true, use a Broker data store, else use a regular Zeek set ## with keys uniformly distributed over proxy nodes in cluster ## operation. const use_service_store = T &redef; diff --git a/scripts/policy/protocols/dhcp/deprecated_events.zeek b/scripts/policy/protocols/dhcp/deprecated_events.zeek deleted file mode 100644 index 553d13bc05..0000000000 --- a/scripts/policy/protocols/dhcp/deprecated_events.zeek +++ /dev/null @@ -1,272 +0,0 @@ -##! Bro 2.6 removed certain DHCP events, but scripts in the Bro -##! ecosystem are still relying on those events. As a transition, this -##! script will handle the new event, and generate the old events, -##! which are marked as deprecated. Note: This script should be -##! removed in the next Bro version after 2.6. - -@load base/protocols/dhcp - -## A DHCP message. -## -## .. note:: This type is included to support the deprecated events dhcp_ack, -## dhcp_decline, dhcp_discover, dhcp_inform, dhcp_nak, dhcp_offer, -## dhcp_release and dhcp_request and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover -## dhcp_inform dhcp_nak dhcp_offer dhcp_release dhcp_request -type dhcp_msg: record { - op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY - m_type: count; ##< The type of DHCP message. - xid: count; ##< Transaction ID of a DHCP session. - h_addr: string; ##< Hardware address of the client. - ciaddr: addr; ##< Original IP address of the client. - yiaddr: addr; ##< IP address assigned to the client. -}; - -## A list of router addresses offered by a DHCP server. -## -## .. note:: This type is included to support the deprecated events dhcp_ack -## and dhcp_offer and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_offer -type dhcp_router_list: table[count] of addr; - -## Generated for DHCP messages of type *DHCPDISCOVER* (client broadcast to locate -## available servers). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The specific address requested by the client. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_discover: event(c: connection, msg: dhcp_msg, req_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPOFFER* (server to client in response -## to DHCPDISCOVER with offer of configuration parameters). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_offer: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPREQUEST* (Client message to servers either -## (a) requesting offered parameters from one server and implicitly declining offers -## from all others, (b) confirming correctness of previously allocated address after, -## e.g., system reboot, or (c) extending the lease on a particular network address.) -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The client address specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_request: event(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPDECLINE* (Client to server indicating -## network address is already in use). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_decline: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPACK* (Server to client with configuration -## parameters, including committed network address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_ack: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPNAK* (Server to client indicating client's -## notion of network address is incorrect (e.g., client has moved to new subnet) or -## client's lease has expired). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_nak: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPRELEASE* (Client to server relinquishing -## network address and cancelling remaining lease). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_release: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPINFORM* (Client to server, asking only for -## local configuration parameters; client already has externally configured network -## address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_inform: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) - { - local old_msg: dhcp_msg = [$op=msg$op, $m_type=msg$m_type, $xid=msg$xid, - $h_addr=msg$chaddr, $ciaddr=msg$ciaddr, $yiaddr=msg$yiaddr]; - - local routers = dhcp_router_list(); - - if ( options?$routers ) - for ( i in options$routers ) - routers[|routers|] = options$routers[i]; - - # These fields are technically optional, but aren't listed as such in the event. - # We give it some defaults in order to suppress errors. - local ar = ( options?$addr_request ) ? options$addr_request : 0.0.0.0; - local hn = ( options?$host_name ) ? options$host_name : ""; - local le = ( options?$lease ) ? options$lease : 0 secs; - local sm = ( options?$subnet_mask ) ? options$subnet_mask : 255.255.255.255; - local sa = ( options?$serv_addr ) ? options$serv_addr : 0.0.0.0; - - switch ( DHCP::message_types[msg$m_type] ) { - case "DISCOVER": - event dhcp_discover(c, old_msg, ar, hn); - break; - case "OFFER": - event dhcp_offer(c, old_msg, sm, routers, le, sa, hn); - break; - case "REQUEST": - event dhcp_request(c, old_msg, ar, sa, hn); - break; - case "DECLINE": - event dhcp_decline(c, old_msg, hn); - break; - case "ACK": - event dhcp_ack(c, old_msg, sm, routers, le, sa, hn); - break; - case "NAK": - event dhcp_nak(c, old_msg, hn); - break; - case "RELEASE": - event dhcp_release(c, old_msg, hn); - break; - case "INFORM": - event dhcp_inform(c, old_msg, hn); - break; - default: - # This isn't a weird, it's just a DHCP message type the old scripts don't handle - break; - } - } diff --git a/scripts/policy/protocols/smb/__load__.zeek b/scripts/policy/protocols/smb/__load__.zeek deleted file mode 100644 index 9e826f7fd6..0000000000 --- a/scripts/policy/protocols/smb/__load__.zeek +++ /dev/null @@ -1,3 +0,0 @@ -@deprecated "Use '@load base/protocols/smb' instead" - -@load base/protocols/smb diff --git a/scripts/policy/protocols/smtp/detect-suspicious-orig.zeek b/scripts/policy/protocols/smtp/detect-suspicious-orig.zeek index 58eecceb11..12a9a0c312 100644 --- a/scripts/policy/protocols/smtp/detect-suspicious-orig.zeek +++ b/scripts/policy/protocols/smtp/detect-suspicious-orig.zeek @@ -10,7 +10,7 @@ export { ## Places where it's suspicious for mail to originate from represented ## as all-capital, two character country codes (e.g., US). It requires - ## Bro to be built with GeoIP support. + ## Zeek to be built with GeoIP support. option suspicious_origination_countries: set[string] = {}; option suspicious_origination_networks: set[subnet] = {}; diff --git a/scripts/policy/protocols/smtp/software.zeek b/scripts/policy/protocols/smtp/software.zeek index e4333c10ef..69cfdf4c57 100644 --- a/scripts/policy/protocols/smtp/software.zeek +++ b/scripts/policy/protocols/smtp/software.zeek @@ -26,7 +26,7 @@ export { }; ## Assuming that local mail servers are more trustworthy with the - ## headers they insert into message envelopes, this default makes Bro + ## headers they insert into message envelopes, this default makes Zeek ## not attempt to detect software in inbound message bodies. If mail ## coming in from external addresses gives incorrect data in ## the Received headers, it could populate your SOFTWARE logging stream diff --git a/scripts/policy/protocols/ssl/known-certs.zeek b/scripts/policy/protocols/ssl/known-certs.zeek index 3a8ec75922..9830ad0ed5 100644 --- a/scripts/policy/protocols/ssl/known-certs.zeek +++ b/scripts/policy/protocols/ssl/known-certs.zeek @@ -32,7 +32,7 @@ export { option cert_tracking = LOCAL_HOSTS; ## Toggles between different implementations of this script. - ## When true, use a Broker data store, else use a regular Bro set + ## When true, use a Broker data store, else use a regular Zeek set ## with keys uniformly distributed over proxy nodes in cluster ## operation. const use_cert_store = T &redef; diff --git a/scripts/policy/protocols/ssl/validate-certs.zeek b/scripts/policy/protocols/ssl/validate-certs.zeek index 6a85627b3c..4d23c8e02d 100644 --- a/scripts/policy/protocols/ssl/validate-certs.zeek +++ b/scripts/policy/protocols/ssl/validate-certs.zeek @@ -34,7 +34,7 @@ export { &read_expire=5mins &redef; ## Use intermediate CA certificate caching when trying to validate - ## certificates. When this is enabled, Bro keeps track of all valid + ## certificates. When this is enabled, Zeek keeps track of all valid ## intermediate CA certificates that it has seen in the past. When ## encountering a host certificate that cannot be validated because ## of missing intermediate CA certificate, the cached list is used diff --git a/scripts/policy/protocols/ssl/validate-sct.zeek b/scripts/policy/protocols/ssl/validate-sct.zeek index b4db3666eb..98c2f0c647 100644 --- a/scripts/policy/protocols/ssl/validate-sct.zeek +++ b/scripts/policy/protocols/ssl/validate-sct.zeek @@ -34,7 +34,7 @@ export { logid: string; ## The timestamp at which this SCT was issued measured since the ## epoch (January 1, 1970, 00:00), ignoring leap seconds, in - ## milliseconds. Not converted to a Bro timestamp because we need + ## milliseconds. Not converted to a Zeek timestamp because we need ## the exact value for validation. timestamp: count; ## The signature algorithm used for this sct. diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index 26408b6d44..a6e5987664 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -1,4 +1,4 @@ -# This file loads ALL policy scripts that are part of the Bro distribution. +# This file loads ALL policy scripts that are part of the Zeek distribution. # # This is rarely makes sense, and is for testing only. # @@ -63,7 +63,6 @@ @load protocols/conn/mac-logging.zeek @load protocols/conn/vlan-logging.zeek @load protocols/conn/weirds.zeek -#@load protocols/dhcp/deprecated_events.zeek @load protocols/dhcp/msg-orig.zeek @load protocols/dhcp/software.zeek @load protocols/dhcp/sub-opts.zeek @@ -84,7 +83,6 @@ @load protocols/modbus/track-memmap.zeek @load protocols/mysql/software.zeek @load protocols/rdp/indicate_ssl.zeek -#@load protocols/smb/__load__.zeek @load protocols/smb/log-cmds.zeek @load protocols/smtp/blocklists.zeek @load protocols/smtp/detect-suspicious-orig.zeek diff --git a/scripts/zeexygen/README b/scripts/zeekygen/README similarity index 77% rename from scripts/zeexygen/README rename to scripts/zeekygen/README index f099b09833..94982b0730 100644 --- a/scripts/zeexygen/README +++ b/scripts/zeekygen/README @@ -1,4 +1,4 @@ This package is loaded during the process which automatically generates -reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeekygen/__load__.zeek similarity index 78% rename from scripts/zeexygen/__load__.zeek rename to scripts/zeekygen/__load__.zeek index ac9d2c008b..00555c57bd 100644 --- a/scripts/zeexygen/__load__.zeek +++ b/scripts/zeekygen/__load__.zeek @@ -6,8 +6,6 @@ @load frameworks/control/controller.zeek @load frameworks/files/extract-all-files.zeek @load policy/misc/dump-events.zeek -@load policy/protocols/dhcp/deprecated_events.zeek -@load policy/protocols/smb/__load__.zeek @load ./example.zeek diff --git a/scripts/zeexygen/example.zeek b/scripts/zeekygen/example.zeek similarity index 90% rename from scripts/zeexygen/example.zeek rename to scripts/zeekygen/example.zeek index 69affed96a..1fcdd8390b 100644 --- a/scripts/zeexygen/example.zeek +++ b/scripts/zeekygen/example.zeek @@ -1,4 +1,4 @@ -##! This is an example script that demonstrates Zeexygen-style +##! This is an example script that demonstrates Zeekygen-style ##! documentation. It generally will make most sense when viewing ##! the script's raw source code and comparing to the HTML-rendered ##! version. @@ -13,12 +13,12 @@ ##! There's also a custom role to reference any identifier node in ##! the Zeek Sphinx domain that's good for "see alsos", e.g. ##! -##! See also: :zeek:see:`ZeexygenExample::a_var`, -##! :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` +##! See also: :zeek:see:`ZeekygenExample::a_var`, +##! :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` ##! ##! And a custom directive does the equivalent references: ##! -##! .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info +##! .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info # Comments that use a single pound sign (#) are not significant to # a script's auto-generated documentation, but ones that use a @@ -30,7 +30,7 @@ # variable declarations to associate with the last-declared identifier. # # Generally, the auto-doc comments (##) are associated with the -# next declaration/identifier found in the script, but Zeexygen +# next declaration/identifier found in the script, but Zeekygen # will track/render identifiers regardless of whether they have any # of these special comments associated with them. # @@ -49,19 +49,19 @@ # "module" statements are self-documenting, don't use any ``##`` style # comments with them. -module ZeexygenExample; +module ZeekygenExample; # Redefinitions of "Notice::Type" are self-documenting, but # more information can be supplied in two different ways. redef enum Notice::Type += { ## Any number of this type of comment - ## will document "Zeexygen_One". - Zeexygen_One, - Zeexygen_Two, ##< Any number of this type of comment - ##< will document "ZEEXYGEN_TWO". - Zeexygen_Three, + ## will document "Zeekygen_One". + Zeekygen_One, + Zeekygen_Two, ##< Any number of this type of comment + ##< will document "ZEEKYGEN_TWO". + Zeekygen_Three, ## Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - Zeexygen_Four, ##< it's probably best to use only one style consistently. + Zeekygen_Four, ##< it's probably best to use only one style consistently. }; # All redefs are automatically tracked. Comments of the "##" form can be use @@ -110,7 +110,7 @@ export { type ComplexRecord: record { field1: count; ##< Counts something. field2: bool; ##< Toggles something. - field3: SimpleRecord; ##< Zeexygen automatically tracks types + field3: SimpleRecord; ##< Zeekygen automatically tracks types ##< and cross-references are automatically ##< inserted in to generated docs. msg: string &default="blah"; ##< Attributes are self-documenting. @@ -163,9 +163,9 @@ export { ## Summarize "an_event" here. ## Give more details about "an_event" here. ## - ## ZeexygenExample::a_function should not be confused as a parameter + ## ZeekygenExample::a_function should not be confused as a parameter ## in the generated docs, but it also doesn't generate a cross-reference - ## link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + ## link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. ## ## name: Describe the argument here. global an_event: event(name: string); diff --git a/src/Anon.cc b/src/Anon.cc index a2afc489ca..983c7fbec8 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -415,10 +415,10 @@ void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output) { if ( anonymization_mapping ) { - val_list* vl = new val_list; - vl->append(new AddrVal(input)); - vl->append(new AddrVal(output)); - mgr.QueueEvent(anonymization_mapping, vl); + mgr.QueueEventFast(anonymization_mapping, { + new AddrVal(input), + new AddrVal(output) + }); } } diff --git a/src/Attr.cc b/src/Attr.cc index 2f9673346c..875f22e415 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Attr.h" #include "Expr.h" @@ -14,7 +14,6 @@ const char* attr_name(attr_tag t) "&rotate_interval", "&rotate_size", "&add_func", "&delete_func", "&expire_func", "&read_expire", "&write_expire", "&create_expire", - "&persistent", "&synchronized", "&encrypt", "&raw_output", "&mergeable", "&priority", "&group", "&log", "&error_handler", "&type_column", @@ -141,7 +140,7 @@ Attributes::~Attributes() void Attributes::AddAttr(Attr* attr) { if ( ! attrs ) - attrs = new attr_list; + attrs = new attr_list(1); if ( ! attr->RedundantAttrOkay() ) // We overwrite old attributes by deleting them first. @@ -438,8 +437,6 @@ void Attributes::CheckAttr(Attr* a) } break; - case ATTR_PERSISTENT: - case ATTR_SYNCHRONIZED: case ATTR_TRACKED: // FIXME: Check here for global ID? break; @@ -559,8 +556,7 @@ bool Attributes::DoSerialize(SerialInfo* info) const { Attr* a = (*attrs)[i]; - // Broccoli doesn't support expressions. - Expr* e = (! info->broccoli_peer) ? a->AttrExpr() : 0; + Expr* e = a->AttrExpr(); SERIALIZE_OPTIONAL(e); if ( ! SERIALIZE(char(a->Tag())) ) diff --git a/src/Attr.h b/src/Attr.h index bfb7c4803c..4a1110bc04 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -23,8 +23,6 @@ typedef enum { ATTR_EXPIRE_READ, ATTR_EXPIRE_WRITE, ATTR_EXPIRE_CREATE, - ATTR_PERSISTENT, - ATTR_SYNCHRONIZED, ATTR_ENCRYPT, ATTR_RAW_OUTPUT, ATTR_MERGEABLE, diff --git a/src/Base64.cc b/src/Base64.cc index 3644740c7e..f7915d8678 100644 --- a/src/Base64.cc +++ b/src/Base64.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "Base64.h" #include diff --git a/src/BroList.h b/src/BroList.h index 6168bf7bda..0aa94d55ec 100644 --- a/src/BroList.h +++ b/src/BroList.h @@ -13,10 +13,6 @@ class ID; declare(PList,ID); typedef PList(ID) id_list; -class HashKey; -declare(PList,HashKey); -typedef PList(HashKey) hash_key_list; - class Val; declare(PList,Val); typedef PList(Val) val_list; @@ -29,28 +25,12 @@ class BroType; declare(PList,BroType); typedef PList(BroType) type_list; -class TypeDecl; -declare(PList,TypeDecl); -typedef PList(TypeDecl) type_decl_list; - -class Case; -declare(PList,Case); -typedef PList(Case) case_list; - class Attr; declare(PList,Attr); typedef PList(Attr) attr_list; -class Scope; -declare(PList,Scope); -typedef PList(Scope) scope_list; - class Timer; declare(PList,Timer); typedef PList(Timer) timer_list; -class DNS_Mgr_Request; -declare(PList,DNS_Mgr_Request); -typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; - #endif diff --git a/src/BroString.cc b/src/BroString.cc index 3dca28439c..b7e93bdde9 100644 --- a/src/BroString.cc +++ b/src/BroString.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/CCL.cc b/src/CCL.cc index a725257c75..86ca2a03da 100644 --- a/src/CCL.cc +++ b/src/CCL.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "CCL.h" #include "RE.h" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94aca30eb9..1d7bfddb73 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -143,7 +143,7 @@ set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE) add_subdirectory(analyzer) add_subdirectory(broker) -add_subdirectory(zeexygen) +add_subdirectory(zeekygen) add_subdirectory(file_analysis) add_subdirectory(input) add_subdirectory(iosource) @@ -287,7 +287,6 @@ set(bro_SRCS OpaqueVal.cc OSFinger.cc PacketFilter.cc - PersistenceSerializer.cc Pipe.cc PolicyFile.cc PrefixTable.cc @@ -296,7 +295,6 @@ set(bro_SRCS RandTest.cc RE.cc Reassem.cc - RemoteSerializer.cc Rule.cc RuleAction.cc RuleCondition.cc @@ -353,24 +351,28 @@ set(bro_SRCS collect_headers(bro_HEADERS ${bro_SRCS}) if ( bro_HAVE_OBJECT_LIBRARIES ) - add_executable(bro ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS}) - target_link_libraries(bro ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) + add_executable(zeek ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS}) + target_link_libraries(zeek ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) else () - add_executable(bro ${bro_SRCS} ${bro_HEADERS}) - target_link_libraries(bro ${bro_SUBDIRS} ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) + add_executable(zeek ${bro_SRCS} ${bro_HEADERS}) + target_link_libraries(zeek ${bro_SUBDIRS} ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) endif () if ( NOT "${bro_LINKER_FLAGS}" STREQUAL "" ) - set_target_properties(bro PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}") + set_target_properties(zeek PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}") endif () -install(TARGETS bro DESTINATION bin) +install(TARGETS zeek DESTINATION bin) -set(BRO_EXE bro - CACHE STRING "Bro executable binary" FORCE) +# Install wrapper script for Bro-to-Zeek renaming. +include(InstallSymlink) +InstallSymlink("${CMAKE_INSTALL_PREFIX}/bin/zeek-wrapper" "${CMAKE_INSTALL_PREFIX}/bin/bro") -set(BRO_EXE_PATH ${CMAKE_CURRENT_BINARY_DIR}/bro - CACHE STRING "Path to Bro executable binary" FORCE) +set(BRO_EXE zeek + CACHE STRING "Zeek executable binary" FORCE) + +set(BRO_EXE_PATH ${CMAKE_CURRENT_BINARY_DIR}/zeek + CACHE STRING "Path to Zeek executable binary" FORCE) # Target to create all the autogenerated files. add_custom_target(generate_outputs_stage1) @@ -389,12 +391,12 @@ add_dependencies(generate_outputs generate_outputs_stage2a generate_outputs_stag # Build __load__.zeek files for standard *.bif.zeek. bro_bif_create_loader(bif_loader "${bro_BASE_BIF_SCRIPTS}") add_dependencies(bif_loader ${bro_SUBDIRS}) -add_dependencies(bro bif_loader) +add_dependencies(zeek bif_loader) # Build __load__.zeek files for plugins/*.bif.zeek. bro_bif_create_loader(bif_loader_plugins "${bro_PLUGIN_BIF_SCRIPTS}") add_dependencies(bif_loader_plugins ${bro_SUBDIRS}) -add_dependencies(bro bif_loader_plugins) +add_dependencies(zeek bif_loader_plugins) # Install *.bif.zeek. install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index d2cdbc6425..a3cefe3a05 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -11,10 +11,9 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "ChunkedIO.h" #include "NetVar.h" -#include "RemoteSerializer.h" ChunkedIO::ChunkedIO() : stats(), tag(), pure() { @@ -377,7 +376,7 @@ ChunkedIO::Chunk* ChunkedIOFd::ConcatChunks(Chunk* c1, Chunk* c2) void ChunkedIO::Log(const char* str) { - RemoteSerializer::Log(RemoteSerializer::LogError, str); + //RemoteSerializer::Log(RemoteSerializer::LogError, str); } bool ChunkedIOFd::Read(Chunk** chunk, bool may_block) diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h index e9b41476df..24c7a489d2 100644 --- a/src/ChunkedIO.h +++ b/src/ChunkedIO.h @@ -3,7 +3,7 @@ #ifndef CHUNKEDIO_H #define CHUNKEDIO_H -#include "bro-config.h" +#include "zeek-config.h" #include "List.h" #include "util.h" #include "Flare.h" diff --git a/src/CompHash.cc b/src/CompHash.cc index cc3ad8cb72..4e5366edde 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "CompHash.h" #include "Val.h" @@ -677,7 +677,7 @@ ListVal* CompositeHash::RecoverVals(const HashKey* k) const loop_over_list(*tl, i) { - Val* v; + Val* v = nullptr; kp = RecoverOneVal(k, kp, k_end, (*tl)[i], v, false); ASSERT(v); l->Append(v); diff --git a/src/Conn.cc b/src/Conn.cc index 03ecf32703..48a9940875 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -151,7 +151,6 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id, is_active = 1; skip = 0; weird = 0; - persistent = 0; suppress_event = 0; @@ -325,12 +324,11 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, // and at this stage it's not a *multiple* instance. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(threshold)); - - ConnectionEvent(e, 0, vl); + ConnectionEventFast(e, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(threshold) + }); } void Connection::DeleteTimer(double /* t */) @@ -390,9 +388,7 @@ void Connection::EnableStatusUpdateTimer() void Connection::StatusUpdateTimer(double t) { - val_list* vl = new val_list(1); - vl->append(BuildConnVal()); - ConnectionEvent(connection_status_update, 0, vl); + ConnectionEventFast(connection_status_update, 0, { BuildConnVal() }); ADD_TIMER(&Connection::StatusUpdateTimer, network_time + connection_status_update_interval, 0, TIMER_CONN_STATUS_UPDATE); @@ -630,23 +626,23 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, { if ( software_parse_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_parse_error, analyzer, vl); + ConnectionEventFast(software_parse_error, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, s), + }); } return 0; } if ( software_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(val); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_version_found, 0, vl); + ConnectionEventFast(software_version_found, 0, { + BuildConnVal(), + new AddrVal(addr), + val, + new StringVal(len, s), + }); } else Unref(val); @@ -669,11 +665,11 @@ int Connection::UnparsedVersionFoundEvent(const IPAddr& addr, if ( software_unparsed_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, full)); - ConnectionEvent(software_unparsed_version_found, analyzer, vl); + ConnectionEventFast(software_unparsed_version_found, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, full), + }); } return 1; @@ -684,12 +680,11 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch if ( ! f ) return; - val_list* vl = new val_list(2); if ( name ) - vl->append(new StringVal(name)); - vl->append(BuildConnVal()); + ConnectionEventFast(f, analyzer, {new StringVal(name), BuildConnVal()}); + else + ConnectionEventFast(f, analyzer, {BuildConnVal()}); - ConnectionEvent(f, analyzer, vl); } void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2) @@ -701,33 +696,42 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, return; } - val_list* vl = new val_list(3); - vl->append(BuildConnVal()); - vl->append(v1); - if ( v2 ) - vl->append(v2); - - ConnectionEvent(f, analyzer, vl); + ConnectionEventFast(f, analyzer, {BuildConnVal(), v1, v2}); + else + ConnectionEventFast(f, analyzer, {BuildConnVal(), v1}); } -void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) { if ( ! f ) { // This may actually happen if there is no local handler // and a previously existing remote handler went away. - loop_over_list(*vl, i) - Unref((*vl)[i]); - delete vl; + loop_over_list(vl, i) + Unref(vl[i]); + return; } // "this" is passed as a cookie for the event - mgr.QueueEvent(f, vl, SOURCE_LOCAL, + mgr.QueueEvent(f, std::move(vl), SOURCE_LOCAL, a ? a->GetID() : 0, GetTimerMgr(), this); } +void Connection::ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) + { + // "this" is passed as a cookie for the event + mgr.QueueEventFast(f, std::move(vl), SOURCE_LOCAL, + a ? a->GetID() : 0, GetTimerMgr(), this); + } + +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) + { + ConnectionEvent(f, a, std::move(*vl)); + delete vl; + } + void Connection::Weird(const char* name, const char* addl) { weird = 1; @@ -946,15 +950,11 @@ bool Connection::DoSerialize(SerialInfo* info) const SERIALIZE_BIT(weird) && SERIALIZE_BIT(finished) && SERIALIZE_BIT(record_packets) && - SERIALIZE_BIT(record_contents) && - SERIALIZE_BIT(persistent); + SERIALIZE_BIT(record_contents); } bool Connection::DoUnserialize(UnserialInfo* info) { - // Make sure this is initialized for the condition in Unserialize(). - persistent = 0; - DO_UNSERIALIZE(BroObj); // Build the hash key first. Some of the recursive *::Unserialize() @@ -1017,7 +1017,6 @@ bool Connection::DoUnserialize(UnserialInfo* info) UNSERIALIZE_BIT(finished); UNSERIALIZE_BIT(record_packets); UNSERIALIZE_BIT(record_contents); - UNSERIALIZE_BIT(persistent); // Hmm... Why does each connection store a sessions ptr? sessions = ::sessions; @@ -1055,12 +1054,12 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) if ( connection_flow_label_changed && (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { - val_list* vl = new val_list(4); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(my_flow_label)); - vl->append(val_mgr->GetCount(flow_label)); - ConnectionEvent(connection_flow_label_changed, 0, vl); + ConnectionEventFast(connection_flow_label_changed, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(my_flow_label), + val_mgr->GetCount(flow_label), + }); } my_flow_label = flow_label; diff --git a/src/Conn.h b/src/Conn.h index e49314968a..fb7f5be0b4 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -12,7 +12,6 @@ #include "Val.h" #include "Timer.h" #include "Serializer.h" -#include "PersistenceSerializer.h" #include "RuleMatcher.h" #include "IPAddr.h" #include "TunnelEncapsulation.h" @@ -174,11 +173,42 @@ public: int UnparsedVersionFoundEvent(const IPAddr& addr, const char* full_descr, int len, analyzer::Analyzer* analyzer); + // If a handler exists for 'f', an event will be generated. If 'name' is + // given that event's first argument will be it, and it's second will be + // the connection value. If 'name' is null, then the event's first + // argument is the connection value. void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = 0); + + // If a handler exists for 'f', an event will be generated. In any case, + // 'v1' and 'v2' reference counts get decremented. The event's first + // argument is the connection value, second argument is 'v1', and if 'v2' + // is given that will be it's third argument. void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = 0); + + // If a handler exists for 'f', an event will be generated. In any case, + // reference count for each element in the 'vl' list are decremented. The + // arguments used for the event are whatevever is provided in 'vl'. + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list vl); + + // Same as ConnectionEvent, except taking the event's argument list via a + // pointer instead of by value. This function takes ownership of the + // memory pointed to by 'vl' and also for decrementing the reference count + // of each of its elements. void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list* vl); + // Queues an event without first checking if there's any available event + // handlers (or remote consumes). If it turns out there's actually nothing + // that will consume the event, then this may leak memory due to failing to + // decrement the reference count of each element in 'vl'. i.e. use this + // function instead of ConnectionEvent() if you've already guarded against + // the case where there's no handlers (one usually also does that because + // it would be a waste of effort to construct all the event arguments when + // there's no handlers to consume them). + void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list vl); + void Weird(const char* name, const char* addl = ""); bool DidWeird() const { return weird != 0; } @@ -197,14 +227,6 @@ public: return 1; } - void MakePersistent() - { - persistent = 1; - persistence_serializer->Register(this); - } - - bool IsPersistent() { return persistent; } - void Describe(ODesc* d) const override; void IDString(ODesc* d) const; @@ -284,7 +306,7 @@ public: protected: - Connection() { persistent = 0; } + Connection() { } // Add the given timer to expire at time t. If do_expire // is true, then the timer is also evaluated when Bro terminates, @@ -330,7 +352,6 @@ protected: unsigned int weird:1; unsigned int finished:1; unsigned int record_packets:1, record_contents:1; - unsigned int persistent:1; unsigned int record_current_packet:1, record_current_content:1; unsigned int saw_first_orig_packet:1, saw_first_resp_packet:1; diff --git a/src/DFA.cc b/src/DFA.cc index 00f56ef16e..448307e3fe 100644 --- a/src/DFA.cc +++ b/src/DFA.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "EquivClass.h" #include "DFA.h" diff --git a/src/DFA.h b/src/DFA.h index 2f06f4e98f..1b58774da0 100644 --- a/src/DFA.h +++ b/src/DFA.h @@ -111,9 +111,6 @@ private: PDict(CacheEntry) states; }; -declare(PList,DFA_State); -typedef PList(DFA_State) DFA_state_list; - class DFA_Machine : public BroObj { public: DFA_Machine(NFA_Machine* n, EquivClass* ec); diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 2fff6903b0..2e1f46de31 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -289,10 +289,13 @@ ListVal* DNS_Mapping::Addrs() TableVal* DNS_Mapping::AddrsSet() { ListVal* l = Addrs(); - if ( l ) - return l->ConvertToSet(); - else + + if ( ! l ) return empty_addr_set(); + + auto rval = l->ConvertToSet(); + Unref(l); + return rval; } StringVal* DNS_Mapping::Host() @@ -388,6 +391,8 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) num_requests = 0; successful = 0; failed = 0; + nb_dns = nullptr; + next_timestamp = -1.0; } DNS_Mgr::~DNS_Mgr() @@ -399,16 +404,21 @@ DNS_Mgr::~DNS_Mgr() delete [] dir; } -void DNS_Mgr::InitPostScript() +void DNS_Mgr::Init() { if ( did_init ) return; - auto dns_resolver_id = global_scope()->Lookup("dns_resolver"); - auto dns_resolver_addr = dns_resolver_id->ID_Val()->AsAddr(); + // Note that Init() may be called by way of LookupHost() during the act of + // parsing a hostname literal (e.g. google.com), so we can't use a + // script-layer option to configure the DNS resolver as it may not be + // configured to the user's desired address at the time when we need to to + // the lookup. + auto dns_resolver = getenv("ZEEK_DNS_RESOLVER"); + auto dns_resolver_addr = dns_resolver ? IPAddr(dns_resolver) : IPAddr(); char err[NB_DNS_ERRSIZE]; - if ( dns_resolver_addr == IPAddr("::") ) + if ( dns_resolver_addr == IPAddr() ) nb_dns = nb_dns_init(err); else { @@ -433,19 +443,11 @@ void DNS_Mgr::InitPostScript() if ( ! nb_dns ) reporter->Warning("problem initializing NB-DNS: %s", err); - const char* cache_dir = dir ? dir : "."; - - if ( mode == DNS_PRIME && ! ensure_dir(cache_dir) ) - { - did_init = 0; - return; - } - - cache_name = new char[strlen(cache_dir) + 64]; - sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache"); - - LoadCache(fopen(cache_name, "r")); + did_init = true; + } +void DNS_Mgr::InitPostScript() + { dns_mapping_valid = internal_handler("dns_mapping_valid"); dns_mapping_unverified = internal_handler("dns_mapping_unverified"); dns_mapping_new_name = internal_handler("dns_mapping_new_name"); @@ -455,14 +457,18 @@ void DNS_Mgr::InitPostScript() dm_rec = internal_type("dns_mapping")->AsRecordType(); - did_init = 1; - + // Registering will call Init() iosource_mgr->Register(this, true); // We never set idle to false, having the main loop only calling us from // time to time. If we're issuing more DNS requests than we can handle // in this way, we are having problems anyway ... SetIdle(true); + + const char* cache_dir = dir ? dir : "."; + cache_name = new char[strlen(cache_dir) + 64]; + sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache"); + LoadCache(fopen(cache_name, "r")); } static TableVal* fake_name_lookup_result(const char* name) @@ -497,12 +503,11 @@ TableVal* DNS_Mgr::LookupHost(const char* name) if ( mode == DNS_FAKE ) return fake_name_lookup_result(name); + Init(); + if ( ! nb_dns ) return empty_addr_set(); - if ( ! did_init ) - Init(); - if ( mode != DNS_PRIME ) { HostMap::iterator it = host_mappings.find(name); @@ -553,8 +558,7 @@ TableVal* DNS_Mgr::LookupHost(const char* name) Val* DNS_Mgr::LookupAddr(const IPAddr& addr) { - if ( ! did_init ) - Init(); + Init(); if ( mode != DNS_PRIME ) { @@ -699,25 +703,27 @@ int DNS_Mgr::Save() return 1; } +void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm) + { + if ( ! e ) + return; + + mgr.QueueEventFast(e, {BuildMappingVal(dm)}); + } + void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2) { if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(dm)); + Unref(l1); + Unref(l2); - if ( l1 ) - { - vl->append(l1->ConvertToSet()); - if ( l2 ) - vl->append(l2->ConvertToSet()); - - Unref(l1); - Unref(l2); - } - - mgr.QueueEvent(e, vl); + mgr.QueueEventFast(e, { + BuildMappingVal(dm), + l1->ConvertToSet(), + l2->ConvertToSet(), + }); } void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) @@ -725,10 +731,10 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(old_dm)); - vl->append(BuildMappingVal(new_dm)); - mgr.QueueEvent(e, vl); + mgr.QueueEventFast(e, { + BuildMappingVal(old_dm), + BuildMappingVal(new_dm), + }); } Val* DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) @@ -1072,8 +1078,7 @@ static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback, void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { @@ -1111,8 +1116,7 @@ void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback) void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { @@ -1150,8 +1154,7 @@ void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback) void DNS_Mgr::AsyncLookupNameText(const string& name, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { @@ -1250,8 +1253,17 @@ void DNS_Mgr::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, double DNS_Mgr::NextTimestamp(double* network_time) { - // This is kind of cheating ... - return asyncs_timeouts.size() ? timer_mgr->Time() : -1.0; + if ( asyncs_timeouts.empty() ) + // No pending requests. + return -1.0; + + if ( next_timestamp < 0 ) + // Store the timestamp to help prevent starvation by some other + // IOSource always trying to use the same timestamp + // (assuming network_time does actually increase). + next_timestamp = timer_mgr->Time(); + + return next_timestamp; } void DNS_Mgr::CheckAsyncAddrRequest(const IPAddr& addr, bool timeout) @@ -1357,7 +1369,7 @@ void DNS_Mgr::CheckAsyncHostRequest(const char* host, bool timeout) void DNS_Mgr::Flush() { - DoProcess(false); + DoProcess(); HostMap::iterator it; for ( it = host_mappings.begin(); it != host_mappings.end(); ++it ) @@ -1379,10 +1391,11 @@ void DNS_Mgr::Flush() void DNS_Mgr::Process() { - DoProcess(false); + DoProcess(); + next_timestamp = -1.0; } -void DNS_Mgr::DoProcess(bool flush) +void DNS_Mgr::DoProcess() { if ( ! nb_dns ) return; @@ -1391,23 +1404,23 @@ void DNS_Mgr::DoProcess(bool flush) { AsyncRequest* req = asyncs_timeouts.top(); - if ( req->time + DNS_TIMEOUT > current_time() || flush ) + if ( req->time + DNS_TIMEOUT > current_time() ) break; - if ( req->IsAddrReq() ) - CheckAsyncAddrRequest(req->host, true); - else if ( req->is_txt ) - CheckAsyncTextRequest(req->name.c_str(), true); - else - CheckAsyncHostRequest(req->name.c_str(), true); + if ( ! req->processed ) + { + if ( req->IsAddrReq() ) + CheckAsyncAddrRequest(req->host, true); + else if ( req->is_txt ) + CheckAsyncTextRequest(req->name.c_str(), true); + else + CheckAsyncHostRequest(req->name.c_str(), true); + } asyncs_timeouts.pop(); delete req; } - if ( asyncs_addrs.size() == 0 && asyncs_names.size() == 0 && asyncs_texts.size() == 0 ) - return; - if ( AnswerAvailable(0) <= 0 ) return; diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 0358ceba18..39f728c812 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -9,7 +9,7 @@ #include #include "util.h" -#include "BroList.h" +#include "List.h" #include "Dict.h" #include "EventHandler.h" #include "iosource/IOSource.h" @@ -23,6 +23,9 @@ class EventHandler; class RecordType; class DNS_Mgr_Request; +declare(PList,DNS_Mgr_Request); +typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; + struct nb_dns_info; struct nb_dns_result; @@ -96,8 +99,8 @@ protected: friend class LookupCallback; friend class DNS_Mgr_Request; - void Event(EventHandlerPtr e, DNS_Mapping* dm, - ListVal* l1 = 0, ListVal* l2 = 0); + void Event(EventHandlerPtr e, DNS_Mapping* dm); + void Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2); void Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm); Val* BuildMappingVal(DNS_Mapping* dm); @@ -129,13 +132,14 @@ protected: void CheckAsyncTextRequest(const char* host, bool timeout); // Process outstanding requests. - void DoProcess(bool flush); + void DoProcess(); // IOSource interface. void GetFds(iosource::FD_Set* read, iosource::FD_Set* write, iosource::FD_Set* except) override; double NextTimestamp(double* network_time) override; void Process() override; + void Init() override; const char* Tag() override { return "DNS_Mgr"; } DNS_MgrMode mode; @@ -168,12 +172,13 @@ protected: struct AsyncRequest { double time; + bool is_txt; + bool processed; IPAddr host; string name; - bool is_txt; CallbackList callbacks; - AsyncRequest() : time(0.0), is_txt(false) { } + AsyncRequest() : time(0.0), is_txt(false), processed(false) { } bool IsAddrReq() const { return name.length() == 0; } @@ -186,6 +191,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } void Resolved(TableVal* addrs) @@ -197,6 +203,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } void Timeout() @@ -208,6 +215,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } }; @@ -224,7 +232,14 @@ protected: typedef list QueuedList; QueuedList asyncs_queued; - typedef priority_queue TimeoutQueue; + struct AsyncRequestCompare { + bool operator()(const AsyncRequest* a, const AsyncRequest* b) + { + return a->time > b->time; + } + }; + + typedef priority_queue, AsyncRequestCompare> TimeoutQueue; TimeoutQueue asyncs_timeouts; int asyncs_pending; @@ -232,6 +247,7 @@ protected: unsigned long num_requests; unsigned long successful; unsigned long failed; + double next_timestamp; }; extern DNS_Mgr* dns_mgr; diff --git a/src/DbgBreakpoint.cc b/src/DbgBreakpoint.cc index c573a8d3b8..b1223486d3 100644 --- a/src/DbgBreakpoint.cc +++ b/src/DbgBreakpoint.cc @@ -1,6 +1,6 @@ // Implementation of breakpoints. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/DbgHelp.cc b/src/DbgHelp.cc index 6bbf9c6ecb..d7d11de3f0 100644 --- a/src/DbgHelp.cc +++ b/src/DbgHelp.cc @@ -1,5 +1,5 @@ // Bro Debugger Help -#include "bro-config.h" +#include "zeek-config.h" #include "Debug.h" diff --git a/src/DbgWatch.cc b/src/DbgWatch.cc index c34144dc1f..8ea7d96fa1 100644 --- a/src/DbgWatch.cc +++ b/src/DbgWatch.cc @@ -1,6 +1,6 @@ // Implementation of watches -#include "bro-config.h" +#include "zeek-config.h" #include "Debug.h" #include "DbgWatch.h" diff --git a/src/Debug.cc b/src/Debug.cc index a45c27888e..5493b20797 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -1,6 +1,6 @@ // Debugging support for Bro policy files. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/DebugCmds.cc b/src/DebugCmds.cc index 4e856b00f5..d11efb0390 100644 --- a/src/DebugCmds.cc +++ b/src/DebugCmds.cc @@ -1,7 +1,7 @@ // Support routines to help deal with Bro debugging commands and // implementation of most commands. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index baddd2bdd8..7adc7aa65a 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -11,14 +11,14 @@ DebugLogger debug_logger; // Same order here as in DebugStream. DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { - { "serial", 0, false }, { "rules", 0, false }, { "comm", 0, false }, + { "serial", 0, false }, { "rules", 0, false }, { "state", 0, false }, { "chunkedio", 0, false }, - { "compressor", 0, false }, {"string", 0, false }, + {"string", 0, false }, { "notifiers", 0, false }, { "main-loop", 0, false }, { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, { "threading", 0, false }, { "file_analysis", 0, false }, - { "plugins", 0, false }, { "zeexygen", 0, false }, + { "plugins", 0, false }, { "zeekygen", 0, false }, { "pktio", 0, false }, { "broker", 0, false }, { "scripts", 0, false} }; diff --git a/src/DebugLogger.h b/src/DebugLogger.h index 8026e8ba3c..db646bd0cf 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -16,10 +16,8 @@ enum DebugStream { DBG_SERIAL, // Serialization DBG_RULES, // Signature matching - DBG_COMM, // Remote communication DBG_STATE, // StateAccess logging DBG_CHUNKEDIO, // ChunkedIO logging - DBG_COMPRESSOR, // Connection compressor DBG_STRING, // String code DBG_NOTIFIERS, // Notifiers (see StateAccess.h) DBG_MAINLOOP, // Main IOSource loop @@ -30,7 +28,7 @@ enum DebugStream { DBG_THREADING, // Threading system DBG_FILE_ANALYSIS, // File analysis DBG_PLUGINS, // Plugin system - DBG_ZEEXYGEN, // Zeexygen + DBG_ZEEKYGEN, // Zeekygen DBG_PKTIO, // Packet sources and dumpers. DBG_BROKER, // Broker communication DBG_SCRIPTS, // Script initialization diff --git a/src/Desc.cc b/src/Desc.cc index b64bcec8d8..f10f61fa77 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Dict.cc b/src/Dict.cc index d639b0c912..02886c6d5d 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #ifdef HAVE_MEMORY_H #include diff --git a/src/Discard.cc b/src/Discard.cc index 2a20c897aa..f84e901143 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "Var.h" @@ -33,12 +33,11 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) if ( check_ip ) { - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_ip->Call(args)->AsBool(); + discard_packet = check_ip->Call(&args)->AsBool(); } catch ( InterpreterException& e ) @@ -46,8 +45,6 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) discard_packet = false; } - delete args; - if ( discard_packet ) return discard_packet; } @@ -88,21 +85,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct tcphdr* tp = (const struct tcphdr*) data; int th_len = tp->th_off * 4; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, th_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, th_len, len, caplen), + }; try { - discard_packet = check_tcp->Call(args)->AsBool(); + discard_packet = check_tcp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -113,21 +109,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct udphdr* up = (const struct udphdr*) data; int uh_len = sizeof (struct udphdr); - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, uh_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, uh_len, len, caplen), + }; try { - discard_packet = check_udp->Call(args)->AsBool(); + discard_packet = check_udp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -137,20 +132,17 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) { const struct icmp* ih = (const struct icmp*) data; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_icmp->Call(args)->AsBool(); + discard_packet = check_icmp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } diff --git a/src/EquivClass.cc b/src/EquivClass.cc index 7f54f07060..6b2a7aa593 100644 --- a/src/EquivClass.cc +++ b/src/EquivClass.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "EquivClass.h" diff --git a/src/Event.cc b/src/Event.cc index 36ba2dfc3c..aabbcb4ddc 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Event.h" #include "Func.h" @@ -13,28 +13,27 @@ EventMgr mgr; uint64 num_events_queued = 0; uint64 num_events_dispatched = 0; +Event::Event(EventHandlerPtr arg_handler, val_list arg_args, + SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, + BroObj* arg_obj) + : handler(arg_handler), + args(std::move(arg_args)), + src(arg_src), + aid(arg_aid), + mgr(arg_mgr ? arg_mgr : timer_mgr), + obj(arg_obj), + next_event(nullptr) + { + if ( obj ) + Ref(obj); + } + Event::Event(EventHandlerPtr arg_handler, val_list* arg_args, SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, BroObj* arg_obj) + : Event(arg_handler, std::move(*arg_args), arg_src, arg_aid, arg_mgr, arg_obj) { - handler = arg_handler; - args = arg_args; - src = arg_src; - mgr = arg_mgr ? arg_mgr : timer_mgr; // default is global - aid = arg_aid; - obj = arg_obj; - - if ( obj ) - Ref(obj); - - next_event = 0; - } - -Event::~Event() - { - // We don't Unref() the individual arguments by using delete_vals() - // here, because Func::Call already did that. - delete args; + delete arg_args; } void Event::Describe(ODesc* d) const @@ -49,7 +48,7 @@ void Event::Describe(ODesc* d) const if ( ! d->IsBinary() ) d->Add("("); - describe_vals(args, d); + describe_vals(&args, d); if ( ! d->IsBinary() ) d->Add("("); } @@ -62,7 +61,7 @@ void Event::Dispatch(bool no_remote) if ( event_serializer ) { SerialInfo info(event_serializer); - event_serializer->Serialize(&info, handler->Name(), args); + event_serializer->Serialize(&info, handler->Name(), &args); } if ( handler->ErrorHandler() ) @@ -70,7 +69,7 @@ void Event::Dispatch(bool no_remote) try { - handler->Call(args, no_remote); + handler->Call(&args, no_remote); } catch ( InterpreterException& e ) @@ -129,7 +128,7 @@ void EventMgr::QueueEvent(Event* event) void EventMgr::Drain() { if ( event_queue_flush_point ) - QueueEvent(event_queue_flush_point, new val_list()); + QueueEventFast(event_queue_flush_point, val_list{}); SegmentProfiler(segment_logger, "draining-events"); @@ -190,21 +189,3 @@ void EventMgr::Describe(ODesc* d) const d->NL(); } } - -RecordVal* EventMgr::GetLocalPeerVal() - { - if ( ! src_val ) - { - src_val = new RecordVal(peer); - src_val->Assign(0, val_mgr->GetCount(0)); - src_val->Assign(1, new AddrVal("127.0.0.1")); - src_val->Assign(2, val_mgr->GetPort(0)); - src_val->Assign(3, val_mgr->GetTrue()); - - Ref(peer_description); - src_val->Assign(4, peer_description); - src_val->Assign(5, 0); // class (optional). - } - - return src_val; - } diff --git a/src/Event.h b/src/Event.h index 69860daf50..cafe0057d6 100644 --- a/src/Event.h +++ b/src/Event.h @@ -11,12 +11,17 @@ class EventMgr; +// We don't Unref() the individual arguments by using delete_vals() +// in a dtor because Func::Call already does that. class Event : public BroObj { public: + Event(EventHandlerPtr handler, val_list args, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0); + Event(EventHandlerPtr handler, val_list* args, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0); - ~Event() override; void SetNext(Event* n) { next_event = n; } Event* NextEvent() const { return next_event; } @@ -25,7 +30,7 @@ public: analyzer::ID Analyzer() const { return aid; } TimerMgr* Mgr() const { return mgr; } EventHandlerPtr Handler() const { return handler; } - val_list* Args() const { return args; } + const val_list* Args() const { return &args; } void Describe(ODesc* d) const override; @@ -37,7 +42,7 @@ protected: void Dispatch(bool no_remote = false); EventHandlerPtr handler; - val_list* args; + val_list args; SourceID src; analyzer::ID aid; TimerMgr* mgr; @@ -53,14 +58,50 @@ public: EventMgr(); ~EventMgr() override; - void QueueEvent(const EventHandlerPtr &h, val_list* vl, + // Queues an event without first checking if there's any available event + // handlers (or remote consumers). If it turns out there's actually + // nothing that will consume the event, then this may leak memory due to + // failing to decrement the reference count of each element in 'vl'. i.e. + // use this function instead of QueueEvent() if you've already guarded + // against the case where there's no handlers (one usually also does that + // because it would be a waste of effort to construct all the event + // arguments when there's no handlers to consume them). + void QueueEventFast(const EventHandlerPtr &h, val_list vl, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0) + { + QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); + } + + // Queues an event if there's an event handler (or remote consumer). This + // function always takes ownership of decrementing the reference count of + // each element of 'vl', even if there's no event handler. If you've + // checked for event handler existence, you may wish to call + // QueueEventFast() instead of this function to prevent the redundant + // existence check. + void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) { if ( h ) - QueueEvent(new Event(h, vl, src, aid, mgr, obj)); + QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } + } + + // Same as QueueEvent, except taking the event's argument list via a + // pointer instead of by value. This function takes ownership of the + // memory pointed to by 'vl' as well as decrementing the reference count of + // each of its elements. + void QueueEvent(const EventHandlerPtr &h, val_list* vl, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0) + { + QueueEvent(h, std::move(*vl), src, aid, mgr, obj); + delete vl; } void Dispatch(Event* event, bool no_remote = false) @@ -88,9 +129,6 @@ public: int Size() const { return num_events_queued - num_events_dispatched; } - // Returns a peer record describing the local Bro. - RecordVal* GetLocalPeerVal(); - void Describe(ODesc* d) const override; protected: diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 00b19f7832..718e6d6ae8 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -2,7 +2,6 @@ #include "EventHandler.h" #include "Func.h" #include "Scope.h" -#include "RemoteSerializer.h" #include "NetVar.h" #include "broker/Manager.h" @@ -28,7 +27,6 @@ EventHandler::~EventHandler() EventHandler::operator bool() const { return enabled && ((local && local->HasBodies()) - || receivers.length() || generate_always || ! auto_publish.empty()); } @@ -73,12 +71,6 @@ void EventHandler::Call(val_list* vl, bool no_remote) if ( ! no_remote ) { - loop_over_list(receivers, i) - { - SerialInfo info(remote_serializer); - remote_serializer->SendCall(&info, receivers[i], name, vl); - } - if ( ! auto_publish.empty() ) { // Send event in form [name, xs...] where xs represent the arguments. @@ -172,24 +164,13 @@ void EventHandler::NewEvent(val_list* vl) vargs->Assign(i, rec); } - val_list* mvl = new val_list(2); - mvl->append(new StringVal(name)); - mvl->append(vargs); - - Event* ev = new Event(new_event, mvl); + Event* ev = new Event(new_event, { + new StringVal(name), + vargs, + }); mgr.Dispatch(ev); } -void EventHandler::AddRemoteHandler(SourceID peer) - { - receivers.append(peer); - } - -void EventHandler::RemoveRemoteHandler(SourceID peer) - { - receivers.remove(peer); - } - bool EventHandler::Serialize(SerialInfo* info) const { return SERIALIZE(name); diff --git a/src/EventHandler.h b/src/EventHandler.h index bad3d278fa..216badee4b 100644 --- a/src/EventHandler.h +++ b/src/EventHandler.h @@ -26,9 +26,6 @@ public: void SetLocalHandler(Func* f); - void AddRemoteHandler(SourceID peer); - void RemoveRemoteHandler(SourceID peer); - void AutoPublish(std::string topic) { auto_publish.insert(std::move(topic)); @@ -75,10 +72,6 @@ private: bool error_handler; // this handler reports error messages. bool generate_always; - declare(List, SourceID); - typedef List(SourceID) receiver_list; - receiver_list receivers; - std::unordered_set auto_publish; }; diff --git a/src/EventRegistry.cc b/src/EventRegistry.cc index 875d6d6b26..be3cf13799 100644 --- a/src/EventRegistry.cc +++ b/src/EventRegistry.cc @@ -1,6 +1,6 @@ #include "EventRegistry.h" #include "RE.h" -#include "RemoteSerializer.h" +#include "Reporter.h" void EventRegistry::Register(EventHandlerPtr handler) { @@ -73,7 +73,7 @@ EventRegistry::string_list* EventRegistry::UsedHandlers() EventRegistry::string_list* EventRegistry::AllHandlers() { - string_list* names = new string_list; + string_list* names = new string_list(handlers.Length()); IterCookie* c = handlers.InitForIteration(); diff --git a/src/Expr.cc b/src/Expr.cc index 737a9455ca..cd86dc56c7 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Expr.h" #include "Event.h" @@ -10,7 +10,6 @@ #include "Scope.h" #include "Stmt.h" #include "EventRegistry.h" -#include "RemoteSerializer.h" #include "Net.h" #include "Traverse.h" #include "Trigger.h" @@ -1884,13 +1883,6 @@ BoolExpr::BoolExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) else SetType(base_type(TYPE_BOOL)); } - - else if ( bt1 == TYPE_PATTERN && bt2 == bt1 ) - { - reporter->Warning("&& and || operators deprecated for pattern operands"); - SetType(base_type(TYPE_PATTERN)); - } - else ExprError("requires boolean operands"); } @@ -2565,7 +2557,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( attrs ) { - attr_copy = new attr_list; + attr_copy = new attr_list(attrs->length()); loop_over_list(*attrs, i) attr_copy->append((*attrs)[i]); } @@ -2634,7 +2626,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( sce->Attrs() ) { attr_list* a = sce->Attrs()->Attrs(); - attrs = new attr_list; + attrs = new attr_list(a->length()); loop_over_list(*a, i) attrs->append((*a)[i]); } @@ -2925,7 +2917,12 @@ IndexExpr::IndexExpr(Expr* arg_op1, ListExpr* arg_op2, bool is_slice) int match_type = op1->Type()->MatchesIndex(arg_op2); if ( match_type == DOES_NOT_MATCH_INDEX ) - SetError("not an index type"); + { + std::string error_msg = + fmt("expression with type '%s' is not a type that can be indexed", + type_name(op1->Type()->Tag())); + SetError(error_msg.data()); + } else if ( ! op1->Type()->YieldType() ) { @@ -3467,9 +3464,9 @@ RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list) // Spin through the list, which should be comprised only of // record-field-assign expressions, and build up a // record type to associate with this constructor. - type_decl_list* record_types = new type_decl_list; - const expr_list& exprs = constructor_list->Exprs(); + type_decl_list* record_types = new type_decl_list(exprs.length()); + loop_over_list(exprs, i) { Expr* e = exprs[i]; @@ -4469,11 +4466,12 @@ bool FlattenExpr::DoUnserialize(UnserialInfo* info) ScheduleTimer::ScheduleTimer(EventHandlerPtr arg_event, val_list* arg_args, double t, TimerMgr* arg_tmgr) -: Timer(t, TIMER_SCHEDULE) + : Timer(t, TIMER_SCHEDULE), + event(arg_event), + args(std::move(*arg_args)), + tmgr(arg_tmgr) { - event = arg_event; - args = arg_args; - tmgr = arg_tmgr; + delete arg_args; } ScheduleTimer::~ScheduleTimer() @@ -4482,7 +4480,7 @@ ScheduleTimer::~ScheduleTimer() void ScheduleTimer::Dispatch(double /* t */, int /* is_expire */) { - mgr.QueueEvent(event, args, SOURCE_LOCAL, 0, tmgr); + mgr.QueueEvent(event, std::move(args), SOURCE_LOCAL, 0, tmgr); } ScheduleExpr::ScheduleExpr(Expr* arg_when, EventExpr* arg_event) @@ -4998,7 +4996,8 @@ Val* EventExpr::Eval(Frame* f) const return 0; val_list* v = eval_list(f, args); - mgr.QueueEvent(handler, v); + mgr.QueueEvent(handler, std::move(*v)); + delete v; return 0; } @@ -5128,7 +5127,7 @@ BroType* ListExpr::InitType() const if ( exprs[0]->IsRecordElement(0) ) { - type_decl_list* types = new type_decl_list; + type_decl_list* types = new type_decl_list(exprs.length()); loop_over_list(exprs, i) { TypeDecl* td = new TypeDecl(0, 0); diff --git a/src/Expr.h b/src/Expr.h index 820de2b876..e268f07648 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -937,7 +937,7 @@ public: protected: EventHandlerPtr event; - val_list* args; + val_list args; TimerMgr* tmgr; }; diff --git a/src/File.cc b/src/File.cc index 609ea4f0ac..710693fe0b 100644 --- a/src/File.cc +++ b/src/File.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #ifdef TIME_WITH_SYS_TIME @@ -65,10 +65,8 @@ void RotateTimer::Dispatch(double t, int is_expire) { if ( raise ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - mgr.QueueEvent(rotate_interval, vl); + mgr.QueueEvent(rotate_interval, {new Val(file)}); } file->InstallRotateTimer(); @@ -641,19 +639,15 @@ void BroFile::CloseCachedFiles() // Send final rotate events (immediately). if ( f->rotate_interval ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new Event(::rotate_interval, vl); + Event* event = new Event(::rotate_interval, {new Val(f)}); mgr.Dispatch(event, true); } if ( f->rotate_size ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new ::Event(::rotate_size, vl); + Event* event = new ::Event(::rotate_size, {new Val(f)}); mgr.Dispatch(event, true); } @@ -801,9 +795,7 @@ int BroFile::Write(const char* data, int len) if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size ) { - val_list* vl = new val_list; - vl->append(new Val(this)); - mgr.QueueEvent(::rotate_size, vl); + mgr.QueueEvent(::rotate_size, {new Val(this)}); } // This does not work if we seek around. But none of the logs does that @@ -818,10 +810,8 @@ void BroFile::RaiseOpenEvent() if ( ! ::file_opened ) return; - val_list* vl = new val_list; Ref(this); - vl->append(new Val(this)); - Event* event = new ::Event(::file_opened, vl); + Event* event = new ::Event(::file_opened, {new Val(this)}); mgr.Dispatch(event, true); } diff --git a/src/Frag.cc b/src/Frag.cc index 842059e218..c6a5b3ba0d 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Hash.h" diff --git a/src/Frame.cc b/src/Frame.cc index f30312aaec..d065fb440a 100644 --- a/src/Frame.cc +++ b/src/Frame.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Frame.h" #include "Stmt.h" diff --git a/src/Func.cc b/src/Func.cc index cbbbef6fa5..90515a0f8f 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -42,7 +42,6 @@ #include "Sessions.h" #include "RE.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "Event.h" #include "Traverse.h" #include "Reporter.h" diff --git a/src/Hash.cc b/src/Hash.cc index bb1c103677..1955684738 100644 --- a/src/Hash.cc +++ b/src/Hash.cc @@ -15,7 +15,7 @@ // for the adversary to construct conflicts, though I do not know if // HMAC/MD5 is provably universal. -#include "bro-config.h" +#include "zeek-config.h" #include "Hash.h" #include "Reporter.h" diff --git a/src/ID.cc b/src/ID.cc index 24c1c829ff..48b8aee6b9 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "ID.h" #include "Expr.h" @@ -10,11 +10,9 @@ #include "Scope.h" #include "File.h" #include "Serializer.h" -#include "RemoteSerializer.h" -#include "PersistenceSerializer.h" #include "Scope.h" #include "Traverse.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export) { @@ -78,12 +76,6 @@ void ID::SetVal(Val* v, Opcode op, bool arg_weak_ref) MutableVal::Properties props = 0; - if ( attrs && attrs->FindAttr(ATTR_SYNCHRONIZED) ) - props |= MutableVal::SYNCHRONIZED; - - if ( attrs && attrs->FindAttr(ATTR_PERSISTENT) ) - props |= MutableVal::PERSISTENT; - if ( attrs && attrs->FindAttr(ATTR_TRACKED) ) props |= MutableVal::TRACKED; @@ -198,27 +190,12 @@ void ID::UpdateValAttrs() if ( val && val->IsMutableVal() ) { - if ( attrs->FindAttr(ATTR_SYNCHRONIZED) ) - props |= MutableVal::SYNCHRONIZED; - - if ( attrs->FindAttr(ATTR_PERSISTENT) ) - props |= MutableVal::PERSISTENT; - if ( attrs->FindAttr(ATTR_TRACKED) ) props |= MutableVal::TRACKED; val->AsMutableVal()->AddProperties(props); } - if ( ! IsInternalGlobal() ) - { - if ( attrs->FindAttr(ATTR_SYNCHRONIZED) ) - remote_serializer->Register(this); - - if ( attrs->FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Register(this); - } - if ( val && val->Type()->Tag() == TYPE_TABLE ) val->AsTableVal()->SetAttrs(attrs); @@ -258,8 +235,7 @@ void ID::MakeDeprecated() if ( IsDeprecated() ) return; - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_DEPRECATED)); + attr_list* attr = new attr_list{new Attr(ATTR_DEPRECATED)}; AddAttrs(new Attributes(attr, Type(), false)); } @@ -282,12 +258,6 @@ void ID::RemoveAttr(attr_tag a) { MutableVal::Properties props = 0; - if ( a == ATTR_SYNCHRONIZED ) - props |= MutableVal::SYNCHRONIZED; - - if ( a == ATTR_PERSISTENT ) - props |= MutableVal::PERSISTENT; - if ( a == ATTR_TRACKED ) props |= MutableVal::TRACKED; @@ -305,8 +275,7 @@ void ID::SetOption() // option implied redefinable if ( ! IsRedefinable() ) { - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_REDEF)); + attr_list* attr = new attr_list{new Attr(ATTR_REDEF)}; AddAttrs(new Attributes(attr, Type(), false)); } } @@ -339,9 +308,6 @@ void ID::CopyFrom(const ID* id) offset = id->offset ; infer_return_type = id->infer_return_type; - if ( FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Unregister(this); - if ( id->type ) Ref(id->type); if ( id->val && ! id->weak_ref ) @@ -362,10 +328,6 @@ void ID::CopyFrom(const ID* id) #ifdef DEBUG UpdateValID(); #endif - - if ( FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Unregister(this); - } #endif ID* ID::Unserialize(UnserialInfo* info) @@ -398,12 +360,6 @@ ID* ID::Unserialize(UnserialInfo* info) else { - if ( info->id_policy != UnserialInfo::InstantiateNew ) - { - persistence_serializer->Unregister(current); - remote_serializer->Unregister(current); - } - switch ( info->id_policy ) { case UnserialInfo::Keep: @@ -475,12 +431,6 @@ ID* ID::Unserialize(UnserialInfo* info) } } - if ( id->FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Register(id); - - if ( id->FindAttr(ATTR_SYNCHRONIZED) ) - remote_serializer->Register(id); - return id; } @@ -682,7 +632,7 @@ void ID::DescribeReSTShort(ODesc* d) const if ( is_type ) d->Add(type_name(t)); else - d->Add(zeexygen_mgr->GetEnumTypeName(Name()).c_str()); + d->Add(zeekygen_mgr->GetEnumTypeName(Name()).c_str()); break; default: diff --git a/src/IP.h b/src/IP.h index 8be2d3e609..3d5c7bfe96 100644 --- a/src/IP.h +++ b/src/IP.h @@ -3,7 +3,7 @@ #ifndef ip_h #define ip_h -#include "bro-config.h" +#include "zeek-config.h" #include "net_util.h" #include "IPAddr.h" #include "Reporter.h" diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 7917e82c29..c215b463b9 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -101,38 +101,44 @@ void IPAddr::ReverseMask(int top_bits_to_chop) p[i] &= mask_bits[i]; } -void IPAddr::Init(const std::string& s) +bool IPAddr::ConvertString(const char* s, in6_addr* result) { - if ( s.find(':') == std::string::npos ) // IPv4. + for ( auto p = s; *p; ++p ) + if ( *p == ':' ) + // IPv6 + return (inet_pton(AF_INET6, s, result->s6_addr) == 1); + + // IPv4 + // Parse the address directly instead of using inet_pton since + // some platforms have more sensitive implementations than others + // that can't e.g. handle leading zeroes. + int a[4]; + int n = 0; + int match_count = sscanf(s, "%d.%d.%d.%d%n", a+0, a+1, a+2, a+3, &n); + + if ( match_count != 4 ) + return false; + + if ( s[n] != '\0' ) + return false; + + for ( auto i = 0; i < 4; ++i ) + if ( a[i] < 0 || a[i] > 255 ) + return false; + + uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; + addr = htonl(addr); + memcpy(result->s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); + memcpy(&result->s6_addr[12], &addr, sizeof(uint32_t)); + return true; + } + +void IPAddr::Init(const char* s) + { + if ( ! ConvertString(s, &in6) ) { - memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); - - // Parse the address directly instead of using inet_pton since - // some platforms have more sensitive implementations than others - // that can't e.g. handle leading zeroes. - int a[4]; - int n = sscanf(s.c_str(), "%d.%d.%d.%d", a+0, a+1, a+2, a+3); - - if ( n != 4 || a[0] < 0 || a[1] < 0 || a[2] < 0 || a[3] < 0 || - a[0] > 255 || a[1] > 255 || a[2] > 255 || a[3] > 255 ) - { - reporter->Error("Bad IP address: %s", s.c_str()); - memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); - return; - } - - uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; - addr = htonl(addr); - memcpy(&in6.s6_addr[12], &addr, sizeof(uint32_t)); - } - - else - { - if ( inet_pton(AF_INET6, s.c_str(), in6.s6_addr) <=0 ) - { - reporter->Error("Bad IP address: %s", s.c_str()); - memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); - } + reporter->Error("Bad IP address: %s", s); + memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); } } diff --git a/src/IPAddr.h b/src/IPAddr.h index 8ff258a860..1fdff9d979 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -68,7 +68,7 @@ public: */ IPAddr(const std::string& s) { - Init(s); + Init(s.data()); } /** @@ -366,6 +366,29 @@ public: unsigned int MemoryAllocation() const { return padded_sizeof(*this); } + /** + * Converts an IPv4 or IPv6 string into a network address structure + * (IPv6 or v4-to-v6-mapping in network bytes order). + * + * @param s the IPv4 or IPv6 string to convert (ASCII, NUL-terminated). + * + * @param result buffer that the caller supplies to store the result. + * + * @return whether the conversion was successful. + */ + static bool ConvertString(const char* s, in6_addr* result); + + /** + * @param s the IPv4 or IPv6 string to convert (ASCII, NUL-terminated). + * + * @return whether the string is a valid IP address + */ + static bool IsValid(const char* s) + { + in6_addr tmp; + return ConvertString(s, &tmp); + } + private: friend class IPPrefix; @@ -373,9 +396,9 @@ private: * Initializes an address instance from a string representation. * * @param s String containing an IP address as either a dotted IPv4 - * address or a hex IPv6 address. + * address or a hex IPv6 address (ASCII, NUL-terminated). */ - void Init(const std::string& s); + void Init(const char* s); in6_addr in6; // IPv6 or v4-to-v6-mapped address diff --git a/src/IntSet.cc b/src/IntSet.cc index f5b004666c..afc538d6ff 100644 --- a/src/IntSet.cc +++ b/src/IntSet.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #ifdef HAVE_MEMORY_H #include diff --git a/src/List.cc b/src/List.cc index 0f7f706bcd..1b8c2fd5e5 100644 --- a/src/List.cc +++ b/src/List.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -12,11 +12,13 @@ BaseList::BaseList(int size) { num_entries = 0; - max_entries = 0; - entry = 0; if ( size <= 0 ) + { + max_entries = 0; + entry = 0; return; + } max_entries = size; @@ -24,7 +26,7 @@ BaseList::BaseList(int size) } -BaseList::BaseList(BaseList& b) +BaseList::BaseList(const BaseList& b) { max_entries = b.max_entries; num_entries = b.num_entries; @@ -38,18 +40,34 @@ BaseList::BaseList(BaseList& b) entry[i] = b.entry[i]; } +BaseList::BaseList(BaseList&& b) + { + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + } + +BaseList::BaseList(const ent* arr, int n) + { + num_entries = max_entries = n; + entry = (ent*) safe_malloc(max_entries * sizeof(ent)); + memcpy(entry, arr, n * sizeof(ent)); + } + void BaseList::sort(list_cmp_func cmp_func) { qsort(entry, num_entries, sizeof(ent), cmp_func); } -void BaseList::operator=(BaseList& b) +BaseList& BaseList::operator=(const BaseList& b) { if ( this == &b ) - return; // i.e., this already equals itself + return *this; - if ( entry ) - free(entry); + free(entry); max_entries = b.max_entries; num_entries = b.num_entries; @@ -61,6 +79,23 @@ void BaseList::operator=(BaseList& b) for ( int i = 0; i < num_entries; ++i ) entry[i] = b.entry[i]; + + return *this; + } + +BaseList& BaseList::operator=(BaseList&& b) + { + if ( this == &b ) + return *this; + + free(entry); + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + return *this; } void BaseList::insert(ent a) @@ -145,12 +180,8 @@ ent BaseList::get() void BaseList::clear() { - if ( entry ) - { - free(entry); - entry = 0; - } - + free(entry); + entry = 0; num_entries = max_entries = 0; } diff --git a/src/List.h b/src/List.h index 6fb2bbcec6..15e99eb0dd 100644 --- a/src/List.h +++ b/src/List.h @@ -20,6 +20,8 @@ // Entries must be either a pointer to the data or nonzero data with // sizeof(data) <= sizeof(void*). +#include +#include #include #include "util.h" @@ -28,8 +30,6 @@ typedef int (*list_cmp_func)(const void* v1, const void* v2); class BaseList { public: - ~BaseList() { clear(); } - void clear(); // remove all entries int length() const { return num_entries; } int max() const { return max_entries; } @@ -41,8 +41,14 @@ public: { return padded_sizeof(*this) + pad_size(max_entries * sizeof(ent)); } protected: + ~BaseList() { free(entry); } explicit BaseList(int = 0); - BaseList(BaseList&); + BaseList(const BaseList&); + BaseList(BaseList&&); + BaseList(const ent* arr, int n); + + BaseList& operator=(const BaseList&); + BaseList& operator=(BaseList&&); void insert(ent); // add at head of list @@ -75,7 +81,29 @@ protected: return entry[i]; } - void operator=(BaseList&); + // This could essentially be an std::vector if we wanted. Some + // reasons to maybe not refactor to use std::vector ? + // + // - Harder to use a custom growth factor. Also, the growth + // factor would be implementation-specific, taking some control over + // performance out of our hands. + // + // - It won't ever take advantage of realloc's occasional ability to + // grow in-place. + // + // - Combine above point this with lack of control of growth + // factor means the common choice of 2x growth factor causes + // a growth pattern that crawls forward in memory with no possible + // re-use of previous chunks (the new capacity is always larger than + // all previously allocated chunks combined). This point and + // whether 2x is empirically an issue still seems debated (at least + // GCC seems to stand by 2x as empirically better). + // + // - Sketchy shrinking behavior: standard says that requests to + // shrink are non-binding (it's expected implementations heed, but + // still not great to have no guarantee). Also, it would not take + // advantage of realloc's ability to contract in-place, it would + // allocate-and-copy. ent* entry; int max_entries; @@ -103,10 +131,13 @@ struct List(type) : BaseList \ explicit List(type)(type ...); \ List(type)() : BaseList(0) {} \ explicit List(type)(int sz) : BaseList(sz) {} \ - List(type)(List(type)& l) : BaseList((BaseList&)l) {} \ + List(type)(const List(type)& l) : BaseList(l) {} \ + List(type)(List(type)&& l) : BaseList(std::move(l)) {} \ \ - void operator=(List(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + List(type)& operator=(const List(type)& l) \ + { return (List(type)&) BaseList::operator=(l); } \ + List(type)& operator=(List(type)&& l) \ + { return (List(type)&) BaseList::operator=(std::move(l)); } \ void insert(type a) { BaseList::insert(ent(a)); } \ void sortedinsert(type a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ @@ -144,10 +175,14 @@ struct PList(type) : BaseList \ explicit PList(type)(type* ...); \ PList(type)() : BaseList(0) {} \ explicit PList(type)(int sz) : BaseList(sz) {} \ - PList(type)(PList(type)& l) : BaseList((BaseList&)l) {} \ + PList(type)(const PList(type)& l) : BaseList(l) {} \ + PList(type)(PList(type)&& l) : BaseList(std::move(l)) {} \ + PList(type)(std::initializer_list il) : BaseList((const ent*)il.begin(), il.size()) {} \ \ - void operator=(PList(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + PList(type)& operator=(const PList(type)& l) \ + { return (PList(type)&) BaseList::operator=(l); } \ + PList(type)& operator=(PList(type)&& l) \ + { return (PList(type)&) BaseList::operator=(std::move(l)); } \ void insert(type* a) { BaseList::insert(ent(a)); } \ void sortedinsert(type* a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ diff --git a/src/NFA.cc b/src/NFA.cc index c53aa4304b..cf2650b21d 100644 --- a/src/NFA.cc +++ b/src/NFA.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NFA.h" #include "EquivClass.h" diff --git a/src/Net.cc b/src/Net.cc index b61d365a2a..96aaeddc69 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #ifdef TIME_WITH_SYS_TIME @@ -49,8 +49,6 @@ int reading_live = 0; int reading_traces = 0; int have_pending_timers = 0; double pseudo_realtime = 0.0; -bool using_communication = false; - double network_time = 0.0; // time according to last packet timestamp // (or current time) double processing_start_time = 0.0; // time started working on current pkt @@ -309,7 +307,7 @@ void net_run() } #endif current_iosrc = src; - auto communication_enabled = using_communication || broker_mgr->Active(); + auto communication_enabled = broker_mgr->Active(); if ( src ) src->Process(); // which will call net_packet_dispatch() @@ -372,11 +370,6 @@ void net_run() // current packet and its related events. termination_signal(); -#ifdef DEBUG_COMMUNICATION - if ( signal_val == SIGPROF && remote_serializer ) - remote_serializer->DumpDebugData(); -#endif - if ( ! reading_traces ) // Check whether we have timers scheduled for // the future on which we need to wait. diff --git a/src/Net.h b/src/Net.h index bdc84ec74f..26a3d0f883 100644 --- a/src/Net.h +++ b/src/Net.h @@ -7,7 +7,6 @@ #include "util.h" #include "List.h" #include "Func.h" -#include "RemoteSerializer.h" #include "iosource/IOSource.h" #include "iosource/PktSrc.h" #include "iosource/PktDumper.h" @@ -67,9 +66,6 @@ extern double bro_start_network_time; // True if we're a in the process of cleaning-up just before termination. extern bool terminating; -// True if the remote serializer is to be activated. -extern bool using_communication; - // True if Bro is currently parsing scripts. extern bool is_parsing; @@ -83,8 +79,6 @@ extern iosource::PktDumper* pkt_dumper; // where to save packets extern char* writefile; -extern int old_comm_usage_count; - // Script file we have already scanned (or are in the process of scanning). // They are identified by inode number. struct ScannedFile { diff --git a/src/NetVar.cc b/src/NetVar.cc index 57a5452123..d45ecd2693 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Var.h" #include "NetVar.h" @@ -30,7 +30,6 @@ RecordType* mime_match; int watchdog_interval; int max_timer_expires; -int max_remote_events_processed; int ignore_checksums; int partial_connection_ok; @@ -173,10 +172,6 @@ StringVal* log_encryption_key; StringVal* log_rotate_base_time; StringVal* peer_description; -RecordType* peer; -int forward_remote_state_changes; -int forward_remote_events; -int remote_check_sync_consistency; bro_uint_t chunked_io_buffer_soft_cap; StringVal* ssl_ca_certificate; @@ -199,8 +194,6 @@ int packet_filter_default; int sig_max_group_size; -int enable_syslog; - TableType* irc_join_list; RecordType* irc_join_info; TableVal* irc_servers; @@ -212,9 +205,6 @@ int dpd_ignore_ports; TableVal* likely_server_ports; -double remote_trace_sync_interval; -int remote_trace_sync_peers; - int check_for_unused_event_handlers; int dump_used_event_handlers; @@ -267,12 +257,6 @@ void init_general_global_var() peer_description = internal_val("peer_description")->AsStringVal(); - peer = internal_type("event_peer")->AsRecordType(); - forward_remote_state_changes = - opt_internal_int("forward_remote_state_changes"); - forward_remote_events = opt_internal_int("forward_remote_events"); - remote_check_sync_consistency = - opt_internal_int("remote_check_sync_consistency"); chunked_io_buffer_soft_cap = opt_internal_unsigned("chunked_io_buffer_soft_cap"); ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal(); @@ -282,7 +266,6 @@ void init_general_global_var() packet_filter_default = opt_internal_int("packet_filter_default"); sig_max_group_size = opt_internal_int("sig_max_group_size"); - enable_syslog = opt_internal_int("enable_syslog"); check_for_unused_event_handlers = opt_internal_int("check_for_unused_event_handlers"); @@ -395,8 +378,6 @@ void init_net_var() watchdog_interval = int(opt_internal_double("watchdog_interval")); max_timer_expires = opt_internal_int("max_timer_expires"); - max_remote_events_processed = - opt_internal_int("max_remote_events_processed"); skip_authentication = internal_list_val("skip_authentication"); direct_login_prompts = internal_list_val("direct_login_prompts"); @@ -498,10 +479,6 @@ void init_net_var() irc_join_list = internal_type("irc_join_list")->AsTableType(); irc_servers = internal_val("irc_servers")->AsTableVal(); - remote_trace_sync_interval = - opt_internal_double("remote_trace_sync_interval"); - remote_trace_sync_peers = opt_internal_int("remote_trace_sync_peers"); - dpd_reassemble_first_packets = opt_internal_int("dpd_reassemble_first_packets"); dpd_buffer_size = opt_internal_int("dpd_buffer_size"); diff --git a/src/NetVar.h b/src/NetVar.h index 1dee27f372..92d717f50a 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -33,7 +33,6 @@ extern RecordType* mime_match; extern int watchdog_interval; extern int max_timer_expires; -extern int max_remote_events_processed; extern int ignore_checksums; extern int partial_connection_ok; @@ -176,10 +175,6 @@ extern StringVal* log_encryption_key; extern StringVal* log_rotate_base_time; extern StringVal* peer_description; -extern RecordType* peer; -extern int forward_remote_state_changes; -extern int forward_remote_events; -extern int remote_check_sync_consistency; extern bro_uint_t chunked_io_buffer_soft_cap; extern StringVal* ssl_ca_certificate; @@ -201,8 +196,6 @@ extern int packet_filter_default; extern int sig_max_group_size; -extern int enable_syslog; - extern TableType* irc_join_list; extern RecordType* irc_join_info; extern TableVal* irc_servers; @@ -214,9 +207,6 @@ extern int dpd_ignore_ports; extern TableVal* likely_server_ports; -extern double remote_trace_sync_interval; -extern int remote_trace_sync_peers; - extern int check_for_unused_event_handlers; extern int dump_used_event_handlers; diff --git a/src/Obj.cc b/src/Obj.cc index 023fa0d237..9c3b50a950 100644 --- a/src/Obj.cc +++ b/src/Obj.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/PacketDumper.cc b/src/PacketDumper.cc index 1a53550dfd..0d64c89290 100644 --- a/src/PacketDumper.cc +++ b/src/PacketDumper.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc deleted file mode 100644 index ae5c531aa7..0000000000 --- a/src/PersistenceSerializer.cc +++ /dev/null @@ -1,576 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -#include "PersistenceSerializer.h" -#include "RemoteSerializer.h" -#include "Conn.h" -#include "Event.h" -#include "Reporter.h" -#include "Net.h" - -static void persistence_serializer_delete_func(void* val) - { - time_t* t = reinterpret_cast(val); - free(t); - } - -class IncrementalWriteTimer : public Timer { -public: - IncrementalWriteTimer(double t, PersistenceSerializer::SerialStatus* s) - : Timer(t, TIMER_INCREMENTAL_WRITE), status(s) {} - - void Dispatch(double t, int is_expire); - - PersistenceSerializer::SerialStatus* status; -}; - -void IncrementalWriteTimer::Dispatch(double t, int is_expire) - { - // Never suspend when we're finishing up. - if ( terminating ) - status->info.may_suspend = false; - - persistence_serializer->RunSerialization(status); - } - -PersistenceSerializer::PersistenceSerializer() - { - dir = 0; - files.SetDeleteFunc(persistence_serializer_delete_func); - } - -PersistenceSerializer::~PersistenceSerializer() - { - } - -void PersistenceSerializer::Register(ID* id) - { - if ( id->Type()->Tag() == TYPE_FUNC ) - { - Error("can't register functions as persistent ID"); - return; - } - - DBG_LOG(DBG_STATE, "&persistent %s", id->Name()); - - HashKey key(id->Name()); - if ( persistent_ids.Lookup(&key) ) - return; - - Ref(id); - persistent_ids.Insert(&key, id); - } - -void PersistenceSerializer::Unregister(ID* id) - { - HashKey key(id->Name()); - Unref((ID*) persistent_ids.Remove(&key)); - } - -void PersistenceSerializer::Register(Connection* conn) - { - if ( persistent_conns.Lookup(conn->Key()) ) - return; - - Ref(conn); - HashKey* k = conn->Key(); - HashKey* new_key = new HashKey(k->Key(), k->Size(), k->Hash()); - persistent_conns.Insert(new_key, conn); - delete new_key; - } - -void PersistenceSerializer::Unregister(Connection* conn) - { - Unref(persistent_conns.RemoveEntry(conn->Key())); - } - -bool PersistenceSerializer::CheckTimestamp(const char* file) - { - struct stat s; - if ( stat(file, &s) < 0 ) - return false; - - if ( ! S_ISREG(s.st_mode) ) - return false; - - bool changed = true; - - HashKey* key = new HashKey(file, strlen(file)); - time_t* t = files.Lookup(key); - - if ( ! t ) - { - t = (time_t*) malloc(sizeof(time_t)); - if ( ! t ) - out_of_memory("saving file timestamp"); - files.Insert(key, t); - } - - else if ( *t >= s.st_mtime ) - changed = false; - - *t = s.st_mtime; - - delete key; - return changed; - } - -bool PersistenceSerializer::CheckForFile(UnserialInfo* info, const char* file, - bool delete_file) - { - bool ret = true; - if ( CheckTimestamp(file) ) - { - // Need to copy the filename here, as it may be passed - // in via fmt(). - const char* f = copy_string(file); - - bool ret = Read(info, f); - - if ( delete_file && unlink(f) < 0 ) - Error(fmt("can't delete file %s: %s", f, strerror(errno))); - - delete [] f; - } - - return ret; - } - -bool PersistenceSerializer::ReadAll(bool is_init, bool delete_files) - { -#ifdef USE_PERFTOOLS_DEBUG - HeapLeakChecker::Disabler disabler; -#endif - - assert(dir); - - UnserialInfo config_info(this); - config_info.id_policy = is_init ? - UnserialInfo::Replace : UnserialInfo::CopyCurrentToNew; - - if ( ! CheckForFile(&config_info, fmt("%s/config.bst", dir), - delete_files) ) - return false; - - UnserialInfo state_info(this); - state_info.id_policy = UnserialInfo::CopyNewToCurrent; - if ( ! CheckForFile(&state_info, fmt("%s/state.bst", dir), - delete_files) ) - return false; - - return true; - } - -bool PersistenceSerializer::MoveFileUp(const char* dir, const char* file) - { - char oldname[PATH_MAX]; - char newname[PATH_MAX]; - - safe_snprintf(oldname, PATH_MAX, "%s/.tmp/%s", dir, file ); - safe_snprintf(newname, PATH_MAX, "%s/%s", dir, file ); - - if ( rename(oldname, newname) < 0 ) - { - Error(fmt("can't move %s to %s: %s", oldname, newname, - strerror(errno))); - return false; - } - - CheckTimestamp(newname); - return true; - } - -#if 0 -void PersistenceSerializer::RaiseFinishedSendState() - { - val_list* vl = new val_list; - vl->append(new AddrVal(htonl(remote_host))); - vl->append(val_mgr->GetPort(remote_port)); - - mgr.QueueEvent(finished_send_state, vl); - reporter->Log("Serialization done."); - } -#endif - -void PersistenceSerializer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - mgr.QueueEvent(event, args); - } - -void PersistenceSerializer::GotFunctionCall(const char* name, double time, - Func* func, val_list* args) - { - try - { - func->Call(args); - } - - catch ( InterpreterException& e ) - { /* Already reported. */ } - } - -void PersistenceSerializer::GotStateAccess(StateAccess* s) - { - s->Replay(); - delete s; - } - -void PersistenceSerializer::GotTimer(Timer* s) - { - reporter->Error("PersistenceSerializer::GotTimer not implemented"); - } - -void PersistenceSerializer::GotConnection(Connection* c) - { - Unref(c); - } - -void PersistenceSerializer::GotID(ID* id, Val* /* val */) - { - Unref(id); - } - -void PersistenceSerializer::GotPacket(Packet* p) - { - reporter->Error("PersistenceSerializer::GotPacket not implemented"); - } - -bool PersistenceSerializer::LogAccess(const StateAccess& s) - { - if ( ! IsSerializationRunning() ) - return true; - - loop_over_list(running, i) - { - running[i]->accesses.append(new StateAccess(s)); - } - - return true; - } - -bool PersistenceSerializer::WriteState(bool may_suspend) - { - SerialStatus* status = - new SerialStatus(this, SerialStatus::WritingState); - - status->info.may_suspend = may_suspend; - - status->ids = &persistent_ids; - status->conns = &persistent_conns; - status->filename = "state.bst"; - - return RunSerialization(status); - } - -bool PersistenceSerializer::WriteConfig(bool may_suspend) - { - if ( mgr.IsDraining() && may_suspend ) - // Events which trigger checkpoint are flushed. Ignore; we'll - // checkpoint at termination in any case. - return true; - - SerialStatus* status = - new SerialStatus(this, SerialStatus::WritingConfig); - - status->info.may_suspend = may_suspend; - status->info.clear_containers = true; - status->ids = global_scope()->GetIDs(); - status->filename = "config.bst"; - - return RunSerialization(status); - } - -bool PersistenceSerializer::SendState(SourceID peer, bool may_suspend) - { - SerialStatus* status = - new SerialStatus(remote_serializer, SerialStatus::SendingState); - - status->info.may_suspend = may_suspend; - status->ids = &persistent_ids; - status->conns = &persistent_conns; - status->peer = peer; - - reporter->Info("Sending state..."); - - return RunSerialization(status); - } - -bool PersistenceSerializer::SendConfig(SourceID peer, bool may_suspend) - { - SerialStatus* status = - new SerialStatus(remote_serializer, SerialStatus::SendingConfig); - - status->info.may_suspend = may_suspend; - status->info.clear_containers = true; - status->ids = global_scope()->GetIDs(); - status->peer = peer; - - reporter->Info("Sending config..."); - - return RunSerialization(status); - } - -bool PersistenceSerializer::RunSerialization(SerialStatus* status) - { - Continuation* cont = &status->info.cont; - - if ( cont->NewInstance() ) - { - // Serialization is starting. Initialize. - - // See if there is already a serialization of this type running. - loop_over_list(running, i) - { - if ( running[i]->type == status->type ) - { - reporter->Warning("Serialization of type %d already running.", status->type); - return false; - } - } - - running.append(status); - - // Initialize. - if ( ! (ensure_dir(dir) && ensure_dir(fmt("%s/.tmp", dir))) ) - return false; - - if ( ! OpenFile(fmt("%s/.tmp/%s", dir, status->filename), false) ) - return false; - - if ( ! PrepareForWriting() ) - return false; - - if ( status->ids ) - { - status->id_cookie = status->ids->InitForIteration(); - status->ids->MakeRobustCookie(status->id_cookie); - } - - if ( status->conns ) - { - status->conn_cookie = status->conns->InitForIteration(); - status->conns->MakeRobustCookie(status->conn_cookie); - } - } - - else if ( cont->ChildSuspended() ) - { - // One of our former Serialize() calls suspended itself. - // We have to call it again. - - if ( status->id_cookie ) - { - if ( ! DoIDSerialization(status, status->current.id) ) - return false; - - if ( cont->ChildSuspended() ) - { - // Oops, it did it again. - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - } - - else if ( status->conn_cookie ) - { - if ( ! DoConnSerialization(status, status->current.conn) ) - return false; - - if ( cont->ChildSuspended() ) - { - // Oops, it did it again. - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - } - - else - reporter->InternalError("unknown suspend state"); - } - - else if ( cont->Resuming() ) - cont->Resume(); - - else - reporter->InternalError("unknown continuation state"); - - if ( status->id_cookie ) - { - ID* id; - - while ( (id = status->ids->NextEntry(status->id_cookie)) ) - { - if ( ! DoIDSerialization(status, id) ) - return false; - - if ( cont->ChildSuspended() ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - - if ( status->info.may_suspend ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - cont->Suspend(); - return true; - } - } - - // Cookie has been set to 0 by NextEntry(). - } - - if ( status->conn_cookie ) - { - Connection* conn; - while ( (conn = status->conns->NextEntry(status->conn_cookie)) ) - { - if ( ! DoConnSerialization(status, conn) ) - return false; - - if ( cont->ChildSuspended() ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - - if ( status->info.may_suspend ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - cont->Suspend(); - return true; - } - - } - - // Cookie has been set to 0 by NextEntry(). - } - - DBG_LOG(DBG_STATE, "finished serialization; %d accesses pending", - status->accesses.length()); - - if ( status->accesses.length() ) - { - // Serialize pending state accesses. - // FIXME: Does this need to suspend? - StateAccess* access; - loop_over_list(status->accesses, i) - { - // Serializing a StateAccess will not suspend. - if ( ! DoAccessSerialization(status, status->accesses[i]) ) - return false; - - delete status->accesses[i]; - } - } - - // Finalize. - CloseFile(); - - bool ret = MoveFileUp(dir, status->filename); - - loop_over_list(running, i) - { - if ( running[i]->type == status->type ) - { - running.remove_nth(i); - break; - } - } - - delete status; - return ret; - } - -bool PersistenceSerializer::DoIDSerialization(SerialStatus* status, ID* id) - { - bool success = false; - Continuation* cont = &status->info.cont; - - status->current.id = id; - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - cont->SaveContext(); - success = Serialize(&status->info, *id); - cont->RestoreContext(); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - cont->SaveContext(); - success = remote_serializer->SendID(&status->info, - status->peer, *id); - cont->RestoreContext(); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } - -bool PersistenceSerializer::DoConnSerialization(SerialStatus* status, - Connection* conn) - { - bool success = false; - Continuation* cont = &status->info.cont; - - status->current.conn = conn; - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - cont->SaveContext(); - success = Serialize(&status->info, *conn); - cont->RestoreContext(); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - cont->SaveContext(); - success = remote_serializer->SendConnection(&status->info, - status->peer, *conn); - cont->RestoreContext(); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } - -bool PersistenceSerializer::DoAccessSerialization(SerialStatus* status, - StateAccess* access) - { - bool success = false; - DisableSuspend suspend(&status->info); - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - success = Serialize(&status->info, *access); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - success = remote_serializer->SendAccess(&status->info, - status->peer, *access); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } diff --git a/src/PersistenceSerializer.h b/src/PersistenceSerializer.h deleted file mode 100644 index 99d8da88c4..0000000000 --- a/src/PersistenceSerializer.h +++ /dev/null @@ -1,165 +0,0 @@ -// Implements persistance for Bro's data structures. - -#ifndef persistence_serializer_h -#define persistence_serializer_h - -#include "Serializer.h" -#include "List.h" - -class StateAccess; - -class PersistenceSerializer : public FileSerializer { -public: - PersistenceSerializer(); - - ~PersistenceSerializer() override; - - // Define the directory where to store the data. - void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); } - - // Register/unregister the ID/connection to be saved by WriteAll(). - void Register(ID* id); - void Unregister(ID* id); - void Register(Connection* conn); - void Unregister(Connection* conn); - - // Read all data that has been changed since last scan of directory. - // is_init should be true for the first read upon start-up. All existing - // state will be cleared. If delete_files is true, file which have been - // read are removed (even if the read was unsuccessful!). - bool ReadAll(bool is_init, bool delete_files); - - // Each of the following four methods may suspend operation. - // If they do, they install a Timer which resumes after some - // amount of time. If a function is called again before it - // has completely finished its task, it will do nothing and - // return false. - - bool WriteState(bool may_suspend); - - // Writes Bro's configuration (w/o dynamic state). - bool WriteConfig(bool may_suspend); - - // Sends all registered state to remote host - // (by leveraging the remote_serializer). - bool SendState(SourceID peer, bool may_suspend); - - // Sends Bro's config to remote host - // (by leveraging the remote_serializer). - bool SendConfig(SourceID peer, bool may_suspend); - - // Returns true if a serialization is currently running. - bool IsSerializationRunning() const { return running.length(); } - - // Tells the serializer that this access was performed. If a - // serialization is going on, it may store it. (Need only be called if - // IsSerializationRunning() returns true.) - bool LogAccess(const StateAccess& s); - -protected: - friend class RemoteSerializer; - friend class IncrementalWriteTimer; - - void GotID(ID* id, Val* val) override; - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - void GotStateAccess(StateAccess* s) override; - void GotTimer(Timer* t) override; - void GotConnection(Connection* c) override; - void GotPacket(Packet* packet) override; - - // If file has changed since last check, read it. - bool CheckForFile(UnserialInfo* info, const char* file, - bool delete_file); - - // Returns true if it's a regular file and has a more recent timestamp - // than last time we checked it. - bool CheckTimestamp(const char* file); - - // Move file from /tmp/ to /. Afterwards, call - // CheckTimestamp() with /. - bool MoveFileUp(const char* dir, const char* file); - - // Generates an error message, terminates current serialization, - // and returns false. - bool SerialError(const char* msg); - - // Start a new serialization. - struct SerialStatus; - bool RunSerialization(SerialStatus* status); - - // Helpers for RunSerialization. - bool DoIDSerialization(SerialStatus* status, ID* id); - bool DoConnSerialization(SerialStatus* status, Connection* conn); - bool DoAccessSerialization(SerialStatus* status, StateAccess* access); - - typedef PDict(ID) id_map; - - declare(PDict, Connection); - typedef PDict(Connection) conn_map; - - struct SerialStatus { - enum Type { - WritingState, WritingConfig, - SendingState, SendingConfig, - }; - - SerialStatus(Serializer* s, Type arg_type) : info(s) - { - type = arg_type; - ids = 0; - id_cookie = 0; - conns = 0; - conn_cookie = 0; - peer = SOURCE_LOCAL; - filename = 0; - } - - Type type; - SerialInfo info; - - // IDs to serialize. - id_map* ids; - IterCookie* id_cookie; - - // Connections to serialize. - conn_map* conns; - IterCookie* conn_cookie; - - // Accesses performed while we're serializing. - declare(PList,StateAccess); - typedef PList(StateAccess) state_access_list; - state_access_list accesses; - - // The ID/Conn we're currently serializing. - union { - ID* id; - Connection* conn; - } current; - - // Only set if type is Writing{State,Config}. - const char* filename; - - // Only set if type is Sending{State,Config}. - SourceID peer; - }; - - const char* dir; - - declare(PList, SerialStatus); - PList(SerialStatus) running; - - id_map persistent_ids; - conn_map persistent_conns; - - // To keep track of files' modification times. - declare(PDict, time_t); - typedef PDict(time_t) file_map; - file_map files; -}; - -extern PersistenceSerializer* persistence_serializer; - -#endif diff --git a/src/PolicyFile.cc b/src/PolicyFile.cc index 22f09e6970..a6f93c8d88 100644 --- a/src/PolicyFile.cc +++ b/src/PolicyFile.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/PriorityQueue.cc b/src/PriorityQueue.cc index 5fe0cbef81..9d5278108b 100644 --- a/src/PriorityQueue.cc +++ b/src/PriorityQueue.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Queue.cc b/src/Queue.cc index 587e37063f..90f63a85be 100644 --- a/src/Queue.cc +++ b/src/Queue.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/RE.cc b/src/RE.cc index 517fab4c91..b994f16cc2 100644 --- a/src/RE.cc +++ b/src/RE.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/RE.h b/src/RE.h index 06b0699864..286eb1b44d 100644 --- a/src/RE.h +++ b/src/RE.h @@ -229,9 +229,6 @@ protected: Specific_RE_Matcher* re_exact; }; -declare(PList, RE_Matcher); -typedef PList(RE_Matcher) re_matcher_list; - extern RE_Matcher* RE_Matcher_conjunction(const RE_Matcher* re1, const RE_Matcher* re2); extern RE_Matcher* RE_Matcher_disjunction(const RE_Matcher* re1, const RE_Matcher* re2); diff --git a/src/Reassem.cc b/src/Reassem.cc index 0cdeadf80d..7fa70091e0 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "Reassem.h" #include "Serializer.h" diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc deleted file mode 100644 index f55fba167c..0000000000 --- a/src/RemoteSerializer.cc +++ /dev/null @@ -1,4583 +0,0 @@ -// Processes involved in the communication: -// -// (Local-Parent) <-> (Local-Child) <-> (Remote-Child) <-> (Remote-Parent) -// -// Message types (for parent<->child communication the CMsg's peer indicates -// about whom we're talking). -// -// Communication protocol version -// VERSION -// [] -// -// Send serialization -// SERIAL -// -// Terminate(d) connection -// CLOSE -// -// Close(d) all connections -// CLOSE_ALL -// -// Connect to remote side -// CONNECT_TO -// -// Connected to remote side -// CONNECTED -// -// Request events from remote side -// REQUEST_EVENTS -// -// Request synchronization of IDs with remote side -// REQUEST_SYNC -// -// Listen for connection on ip/port (ip may be INADDR_ANY) -// LISTEN -// -// Close listen ports. -// LISTEN_STOP -// -// Error caused by host -// ERROR -// -// Some statistics about the given peer connection -// STATS -// -// Requests to set a new capture_filter -// CAPTURE_FILTER -// -// Ping to peer -// PING -// -// Pong from peer -// PONG -// -// Announce our capabilities -// CAPS -// -// Activate compression (parent->child) -// COMPRESS -// -// Indicate that all following blocks are compressed (child->child) -// COMPRESS -// -// Synchronize for pseudo-realtime processing. -// Signals that we have reached sync-point number . -// SYNC_POINT -// -// Signals the child that we want to terminate. Anything sent after this may -// get lost. When the child answers with another TERMINATE it is safe to -// shutdown. -// TERMINATE -// -// Debug-only: tell child to dump recently received/sent data to disk. -// DEBUG_DUMP -// -// Valid messages between processes: -// -// Main -> Child -// CONNECT_TO -// REQUEST_EVENTS -// SERIAL -// CLOSE -// CLOSE_ALL -// LISTEN -// LISTEN_STOP -// CAPTURE_FILTER -// VERSION -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// COMPRESS -// SYNC_POINT -// DEBUG_DUMP -// REMOTE_PRINT -// -// Child -> Main -// CONNECTED -// REQUEST_EVENTS -// SERIAL -// CLOSE -// ERROR -// STATS -// VERSION -// CAPTURE_FILTER -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// LOG -// SYNC_POINT -// REMOTE_PRINT -// -// Child <-> Child -// VERSION -// SERIAL -// REQUEST_EVENTS -// CAPTURE_FILTER -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// COMPRESS -// SYNC_POINT -// REMOTE_PRINT -// -// A connection between two peers has four phases: -// -// Setup: -// Initial phase. -// VERSION messages must be exchanged. -// Ends when both peers have sent VERSION. -// Handshake: -// REQUEST_EVENTS/REQUEST_SYNC/CAPTURE_FILTER/CAPS/selected SERIALs -// may be exchanged. -// Phase ends when both peers have sent PHASE_DONE. -// State synchronization: -// Entered iff at least one of the peers has sent REQUEST_SYNC. -// The peer with the smallest runtime (incl. in VERSION msg) sends -// SERIAL messages compromising all of its state. -// Phase ends when peer sends another PHASE_DONE. -// Running: -// Peers exchange SERIAL (and PING/PONG) messages. -// Phase ends with connection tear-down by one of the peers. - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bro-config.h" -#ifdef TIME_WITH_SYS_TIME -# include -# include -#else -# ifdef HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif -#include - -#include -#include -#include -#include - -#include "RemoteSerializer.h" -#include "Func.h" -#include "EventRegistry.h" -#include "Event.h" -#include "Net.h" -#include "NetVar.h" -#include "Scope.h" -#include "Sessions.h" -#include "File.h" -#include "Conn.h" -#include "Reporter.h" -#include "IPAddr.h" -#include "bro_inet_ntop.h" -#include "iosource/Manager.h" -#include "logging/Manager.h" -#include "logging/logging.bif.h" - -extern "C" { -#include "setsignal.h" -}; - -// Gets incremented each time there's an incompatible change -// to the communication internals. -static const unsigned short PROTOCOL_VERSION = 0x07; - -static const char MSG_NONE = 0x00; -static const char MSG_VERSION = 0x01; -static const char MSG_SERIAL = 0x02; -static const char MSG_CLOSE = 0x03; -static const char MSG_CLOSE_ALL = 0x04; -static const char MSG_ERROR = 0x05; -static const char MSG_CONNECT_TO = 0x06; -static const char MSG_CONNECTED = 0x07; -static const char MSG_REQUEST_EVENTS = 0x08; -static const char MSG_LISTEN = 0x09; -static const char MSG_LISTEN_STOP = 0x0a; -static const char MSG_STATS = 0x0b; -static const char MSG_CAPTURE_FILTER = 0x0c; -static const char MSG_REQUEST_SYNC = 0x0d; -static const char MSG_PHASE_DONE = 0x0e; -static const char MSG_PING = 0x0f; -static const char MSG_PONG = 0x10; -static const char MSG_CAPS = 0x11; -static const char MSG_COMPRESS = 0x12; -static const char MSG_LOG = 0x13; -static const char MSG_SYNC_POINT = 0x14; -static const char MSG_TERMINATE = 0x15; -static const char MSG_DEBUG_DUMP = 0x16; -static const char MSG_REMOTE_PRINT = 0x17; -static const char MSG_LOG_CREATE_WRITER = 0x18; -static const char MSG_LOG_WRITE = 0x19; -static const char MSG_REQUEST_LOGS = 0x20; - -// Update this one whenever adding a new ID: -static const char MSG_ID_MAX = MSG_REQUEST_LOGS; - -static const uint32 FINAL_SYNC_POINT = /* UINT32_MAX */ 4294967295U; - -// Buffer size for remote-print data -static const int PRINT_BUFFER_SIZE = 10 * 1024; -static const int SOCKBUF_SIZE = 1024 * 1024; - -// Buffer size for remote-log data. -static const int LOG_BUFFER_SIZE = 50 * 1024; - -struct ping_args { - uint32 seq; - double time1; // Round-trip time parent1<->parent2 - double time2; // Round-trip time child1<->parent2 - double time3; // Round-trip time child2<->parent2 -}; - -#ifdef DEBUG -# define DEBUG_COMM(msg) DBG_LOG(DBG_COMM, "%s", msg) -#else -# define DEBUG_COMM(msg) -#endif - -#define READ_CHUNK(i, c, do_if_eof, kill_me) \ - { \ - if ( ! i->Read(&c) ) \ - { \ - if ( i->Eof() ) \ - { \ - do_if_eof; \ - } \ - else \ - Error(fmt("can't read data chunk: %s", io->Error()), kill_me); \ - return false; \ - } \ - \ - if ( ! c ) \ - return true; \ - } - -#define READ_CHUNK_FROM_CHILD(c) \ - { \ - if ( ! io->Read(&c) ) \ - { \ - if ( io->Eof() ) \ - ChildDied(); \ - else \ - Error(fmt("can't read data chunk: %s", io->Error())); \ - return false; \ - } \ - \ - if ( ! c ) \ - { \ - SetIdle(io->IsIdle());\ - return true; \ - } \ - SetIdle(false); \ - } - -static const char* msgToStr(int msg) - { -# define MSG_STR(x) case x: return #x; - switch ( msg ) { - MSG_STR(MSG_VERSION) - MSG_STR(MSG_NONE) - MSG_STR(MSG_SERIAL) - MSG_STR(MSG_CLOSE) - MSG_STR(MSG_CLOSE_ALL) - MSG_STR(MSG_ERROR) - MSG_STR(MSG_CONNECT_TO) - MSG_STR(MSG_CONNECTED) - MSG_STR(MSG_REQUEST_EVENTS) - MSG_STR(MSG_LISTEN) - MSG_STR(MSG_LISTEN_STOP) - MSG_STR(MSG_STATS) - MSG_STR(MSG_CAPTURE_FILTER) - MSG_STR(MSG_REQUEST_SYNC) - MSG_STR(MSG_PHASE_DONE) - MSG_STR(MSG_PING) - MSG_STR(MSG_PONG) - MSG_STR(MSG_CAPS) - MSG_STR(MSG_COMPRESS) - MSG_STR(MSG_LOG) - MSG_STR(MSG_SYNC_POINT) - MSG_STR(MSG_TERMINATE) - MSG_STR(MSG_DEBUG_DUMP) - MSG_STR(MSG_REMOTE_PRINT) - MSG_STR(MSG_LOG_CREATE_WRITER) - MSG_STR(MSG_LOG_WRITE) - MSG_STR(MSG_REQUEST_LOGS) - default: - return "UNKNOWN_MSG"; - } - } - -static vector tokenize(const string& s, char delim) - { - vector tokens; - stringstream ss(s); - string token; - - while ( std::getline(ss, token, delim) ) - tokens.push_back(token); - - return tokens; - } - -// Start of every message between two processes. We do the low-level work -// ourselves to make this 64-bit safe. (The actual layout is an artifact of -// an earlier design that depended on how a 32-bit GCC lays out its structs ...) -class CMsg { -public: - CMsg(char type, RemoteSerializer::PeerID peer) - { - buffer[0] = type; - uint32 tmp = htonl(peer); - memcpy(buffer + 4, &tmp, sizeof(tmp)); - } - - char Type() { return buffer[0]; } - - RemoteSerializer::PeerID Peer() - { - uint32 tmp; - memcpy(&tmp, buffer + 4, sizeof(tmp)); - return ntohl(tmp); - } - - const char* Raw() { return buffer; } - -private: - char buffer[8]; -}; - -static bool sendCMsg(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id) - { - // We use the new[] operator here to avoid mismatches - // when deleting the data. - CMsg* msg = (CMsg*) new char[sizeof(CMsg)]; - new (msg) CMsg(msg_type, id); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)msg, sizeof(CMsg)); - return io->Write(c); - } - -static ChunkedIO::Chunk* makeSerialMsg(RemoteSerializer::PeerID id) - { - // We use the new[] operator here to avoid mismatches - // when deleting the data. - CMsg* msg = (CMsg*) new char[sizeof(CMsg)]; - new (msg) CMsg(MSG_SERIAL, id); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)msg, sizeof(CMsg)); - return c; - } - -inline void RemoteSerializer::SetupSerialInfo(SerialInfo* info, Peer* peer) - { - info->chunk = makeSerialMsg(peer->id); - if ( peer->caps & Peer::NO_CACHING ) - info->cache = false; - - if ( ! (peer->caps & Peer::PID_64BIT) || peer->phase != Peer::RUNNING ) - info->pid_32bit = true; - - if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) && - peer->phase == Peer::RUNNING ) - info->new_cache_strategy = true; - - if ( (peer->caps & Peer::BROCCOLI_PEER) ) - info->broccoli_peer = true; - - info->include_locations = false; - } - -static bool sendToIO(ChunkedIO* io, ChunkedIO::Chunk* c) - { - if ( ! io->Write(c) ) - { - reporter->Warning("can't send chunk: %s", io->Error()); - return false; - } - - return true; - } - -static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id, - const char* str, int len = -1, bool delete_with_free = false) - { - if ( ! sendCMsg(io, msg_type, id) ) - { - reporter->Warning("can't send message of type %d: %s", msg_type, io->Error()); - return false; - } - - uint32 sz = len >= 0 ? len : strlen(str) + 1; - ChunkedIO::Chunk* c = new ChunkedIO::Chunk(const_cast(str), sz); - - if ( delete_with_free ) - c->free_func = ChunkedIO::Chunk::free_func_free; - else - c->free_func = ChunkedIO::Chunk::free_func_delete; - - return sendToIO(io, c); - } - -static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id, - int nargs, va_list ap) - { - if ( ! sendCMsg(io, msg_type, id) ) - { - reporter->Warning("can't send message of type %d: %s", msg_type, io->Error()); - return false; - } - - if ( nargs == 0 ) - return true; - - uint32* args = new uint32[nargs]; - - for ( int i = 0; i < nargs; i++ ) - args[i] = htonl(va_arg(ap, uint32)); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)args, - sizeof(uint32) * nargs); - return sendToIO(io, c); - } - -#ifdef DEBUG -static inline char* fmt_uint32s(int nargs, va_list ap) - { - static char buf[512]; - char* p = buf; - *p = '\0'; - for ( int i = 0; i < nargs; i++ ) - p += snprintf(p, sizeof(buf) - (p - buf), - " 0x%08x", va_arg(ap, uint32)); - buf[511] = '\0'; - return buf; - } -#endif - -static pid_t child_pid = 0; - -// Return true if message type is sent by a peer (rather than the child -// process itself). -static inline bool is_peer_msg(int msg) - { - return msg == MSG_VERSION || - msg == MSG_SERIAL || - msg == MSG_REQUEST_EVENTS || - msg == MSG_REQUEST_SYNC || - msg == MSG_CAPTURE_FILTER || - msg == MSG_PHASE_DONE || - msg == MSG_PING || - msg == MSG_PONG || - msg == MSG_CAPS || - msg == MSG_COMPRESS || - msg == MSG_SYNC_POINT || - msg == MSG_REMOTE_PRINT || - msg == MSG_LOG_CREATE_WRITER || - msg == MSG_LOG_WRITE || - msg == MSG_REQUEST_LOGS; - } - -bool RemoteSerializer::IsConnectedPeer(PeerID id) - { - if ( id == PEER_NONE ) - return true; - - return LookupPeer(id, true) != 0; - } - -class IncrementalSendTimer : public Timer { -public: - IncrementalSendTimer(double t, RemoteSerializer::Peer* p, SerialInfo* i) - : Timer(t, TIMER_INCREMENTAL_SEND), info(i), peer(p) {} - virtual void Dispatch(double t, int is_expire) - { - // Never suspend when we're finishing up. - if ( terminating ) - info->may_suspend = false; - - remote_serializer->SendAllSynchronized(peer, info); - } - - SerialInfo* info; - RemoteSerializer::Peer* peer; -}; - -RemoteSerializer::RemoteSerializer() - { - initialized = false; - current_peer = 0; - msgstate = TYPE; - id_counter = 1; - listening = false; - ignore_accesses = false; - propagate_accesses = 1; - current_sync_point = 0; - syncing_times = false; - io = 0; - terminating = false; - in_sync = 0; - last_flush = 0; - received_logs = 0; - current_id = 0; - current_msgtype = 0; - current_args = 0; - source_peer = 0; - - // Register as a "dont-count" source first, we may change that later. - iosource_mgr->Register(this, true); - } - -RemoteSerializer::~RemoteSerializer() - { - if ( child_pid ) - { - if ( kill(child_pid, SIGKILL) < 0 ) - reporter->Warning("warning: cannot kill child (pid %d), %s", child_pid, strerror(errno)); - - else if ( waitpid(child_pid, 0, 0) < 0 ) - reporter->Warning("warning: error encountered during waitpid(%d), %s", child_pid, strerror(errno)); - } - - delete io; - } - -void RemoteSerializer::Enable() - { - if ( initialized ) - return; - - if ( reading_traces && ! pseudo_realtime ) - { - using_communication = 0; - return; - } - - Fork(); - - Log(LogInfo, fmt("communication started, parent pid is %d, child pid is %d", getpid(), child_pid)); - initialized = 1; - } - -void RemoteSerializer::SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose) - { - int defsize = 0; - socklen_t len = sizeof(defsize); - - if ( getsockopt(fd, SOL_SOCKET, opt, (void *)&defsize, &len) < 0 ) - { - if ( verbose ) - Log(LogInfo, fmt("warning: cannot get socket buffer size (%s): %s", what, strerror(errno))); - return; - } - - for ( int trysize = size; trysize > defsize; trysize -= 1024 ) - { - if ( setsockopt(fd, SOL_SOCKET, opt, &trysize, sizeof(trysize)) >= 0 ) - { - if ( verbose ) - { - if ( trysize == size ) - Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK", defsize / 1024, trysize / 1024)); - else - Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK (%dK was requested)", defsize / 1024, trysize / 1024, size / 1024)); - } - return; - } - } - - Log(LogInfo, fmt("warning: cannot increase %s socket buffer size from %dK (%dK was requested)", what, defsize / 1024, size / 1024)); - } - -void RemoteSerializer::Fork() - { - if ( child_pid ) - return; - - // Register as a "does-count" source now. - iosource_mgr->Register(this, false); - - // If we are re-forking, remove old entries - loop_over_list(peers, i) - RemovePeer(peers[i]); - - // Create pipe for communication between parent and child. - int pipe[2]; - - if ( socketpair(AF_UNIX, SOCK_STREAM, 0, pipe) < 0 ) - { - Error(fmt("can't create pipe: %s", strerror(errno))); - return; - } - - // Try to increase the size of the socket send and receive buffers. - SetSocketBufferSize(pipe[0], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 1); - SetSocketBufferSize(pipe[0], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); - SetSocketBufferSize(pipe[1], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 0); - SetSocketBufferSize(pipe[1], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); - - child_pid = 0; - - int pid = fork(); - - if ( pid < 0 ) - { - Error(fmt("can't fork: %s", strerror(errno))); - return; - } - - if ( pid > 0 ) - { - // Parent - child_pid = pid; - - io = new ChunkedIOFd(pipe[0], "parent->child", child_pid); - if ( ! io->Init() ) - { - Error(fmt("can't init child io: %s", io->Error())); - exit(1); // FIXME: Better way to handle this? - } - - safe_close(pipe[1]); - - return; - } - else - { // child - SocketComm child; - - ChunkedIOFd* io = - new ChunkedIOFd(pipe[1], "child->parent", getppid()); - if ( ! io->Init() ) - { - Error(fmt("can't init parent io: %s", io->Error())); - exit(1); - } - - child.SetParentIO(io); - safe_close(pipe[0]); - - // Close file descriptors. - safe_close(0); - safe_close(1); - safe_close(2); - - // Be nice. - setpriority(PRIO_PROCESS, 0, 5); - - child.Run(); - reporter->InternalError("cannot be reached"); - } - } - -RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip, - const string& zone_id, uint16 port, const char* our_class, double retry, - bool use_ssl) - { - if ( ! using_communication ) - return true; - - if ( ! initialized ) - reporter->InternalError("remote serializer not initialized"); - - if ( ! child_pid ) - Fork(); - - Peer* p = AddPeer(ip, port); - p->orig = true; - - if ( our_class ) - p->our_class = our_class; - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, - "%" PRI_PTR_COMPAT_UINT",%s,%s,%" PRIu16",%" PRIu32",%d", p->id, - ip.AsString().c_str(), zone_id.c_str(), port, uint32(retry), - use_ssl); - - if ( ! SendToChild(MSG_CONNECT_TO, p, data) ) - { - RemovePeer(p); - return false; - } - - p->state = Peer::PENDING; - return p->id; - } - -bool RemoteSerializer::CloseConnection(PeerID id) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for closing connection", int(id)); - return false; - } - - return CloseConnection(peer); - } - -bool RemoteSerializer::CloseConnection(Peer* peer) - { - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - if ( peer->state == Peer::CLOSING ) - return true; - - FlushPrintBuffer(peer); - FlushLogBuffer(peer); - - Log(LogInfo, "closing connection", peer); - - peer->state = Peer::CLOSING; - return SendToChild(MSG_CLOSE, peer, 0); - } - -bool RemoteSerializer::RequestSync(PeerID id, bool auth) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request sync", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request sync from peer; wrong phase %d", - peer->phase); - return false; - } - - if ( ! SendToChild(MSG_REQUEST_SYNC, peer, 1, auth ? 1 : 0) ) - return false; - - peer->sync_requested |= Peer::WE | (auth ? Peer::AUTH_WE : 0); - - return true; - } - -bool RemoteSerializer::RequestLogs(PeerID id) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request logs", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request logs from peer; wrong phase %d", - peer->phase); - return false; - } - - if ( ! SendToChild(MSG_REQUEST_LOGS, peer, 0) ) - return false; - - return true; - } - -bool RemoteSerializer::RequestEvents(PeerID id, RE_Matcher* pattern) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request sync", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request events from peer; wrong phase %d", - peer->phase); - return false; - } - - EventRegistry::string_list* handlers = event_registry->Match(pattern); - - // Concat the handlers' names. - int len = 0; - loop_over_list(*handlers, i) - len += strlen((*handlers)[i]) + 1; - - if ( ! len ) - { - Log(LogInfo, "warning: no events to request"); - delete handlers; - return true; - } - - char* data = new char[len]; - char* d = data; - loop_over_list(*handlers, j) - { - for ( const char* p = (*handlers)[j]; *p; *d++ = *p++ ) - ; - *d++ = '\0'; - } - - delete handlers; - - return SendToChild(MSG_REQUEST_EVENTS, peer, data, len); - } - -bool RemoteSerializer::SetAcceptState(PeerID id, bool accept) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - p->accept_state = accept; - return true; - } - -bool RemoteSerializer::SetCompressionLevel(PeerID id, int level) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - p->comp_level = level; - return true; - } - -bool RemoteSerializer::CompleteHandshake(PeerID id) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - if ( p->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't complete handshake; wrong phase %d", - p->phase); - return false; - } - - p->handshake_done |= Peer::WE; - - if ( ! SendToChild(MSG_PHASE_DONE, p, 0) ) - return false; - - if ( p->handshake_done == Peer::BOTH ) - HandshakeDone(p); - - return true; - } - -bool RemoteSerializer::SendCall(SerialInfo* info, PeerID id, - const char* name, val_list* vl) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - return SendCall(info, peer, name, vl); - } - -bool RemoteSerializer::SendCall(SerialInfo* info, Peer* peer, - const char* name, val_list* vl) - { - if ( peer->phase != Peer::RUNNING || terminating ) - return false; - - ++stats.events.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, name, vl) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendCall(SerialInfo* info, const char* name, - val_list* vl) - { - if ( ! IsOpen() || ! PropagateAccesses() || terminating ) - return true; - - loop_over_list(peers, i) - { - // Do not send event back to originating peer. - if ( peers[i] == current_peer ) - continue; - - SerialInfo new_info(*info); - if ( ! SendCall(&new_info, peers[i], name, vl) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, Peer* peer, - const StateAccess& access) - { - if ( ! (peer->sync_requested & Peer::PEER) || terminating ) - return true; - -#ifdef DEBUG - ODesc desc; - access.Describe(&desc); - DBG_LOG(DBG_COMM, "Sending %s", desc.Description()); -#endif - - ++stats.accesses.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - info->globals_as_names = true; - - if ( ! Serialize(info, access) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, PeerID pid, - const StateAccess& access) - { - Peer* p = LookupPeer(pid, false); - if ( ! p ) - return true; - - return SendAccess(info, p, access); - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, const StateAccess& access) - { - if ( ! IsOpen() || ! PropagateAccesses() || terminating ) - return true; - - // A real broadcast would be nice here. But the different peers have - // different serialization caches, so we cannot simply send the same - // serialization to all of them ... - loop_over_list(peers, i) - { - // Do not send access back to originating peer. - if ( peers[i] == source_peer ) - continue; - - // Only sent accesses for fully setup peers. - if ( peers[i]->phase != Peer::RUNNING ) - continue; - - SerialInfo new_info(*info); - if ( ! SendAccess(&new_info, peers[i], access) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendAllSynchronized(Peer* peer, SerialInfo* info) - { - // FIXME: When suspending ID serialization works, remove! - DisableSuspend suspend(info); - - current_peer = peer; - - Continuation* cont = &info->cont; - ptr_compat_int index; - - if ( info->cont.NewInstance() ) - { - Log(LogInfo, "starting to send full state", peer); - index = 0; - } - - else - { - index = int(ptr_compat_int(cont->RestoreState())); - if ( ! cont->ChildSuspended() ) - cont->Resume(); - } - - for ( ; index < sync_ids.length(); ++index ) - { - if ( ! sync_ids[index]->ID_Val() ) - { -#ifdef DEBUG - DBG_LOG(DBG_COMM, "Skip sync of ID with null value: %s\n", - sync_ids[index]->Name()); -#endif - continue; - } - cont->SaveContext(); - - StateAccess sa(OP_ASSIGN, sync_ids[index], - sync_ids[index]->ID_Val()); - // FIXME: When suspending ID serialization works, we need to - // addsupport to StateAccesses, too. - bool result = SendAccess(info, peer, sa); - cont->RestoreContext(); - - if ( ! result ) - return false; - - if ( cont->ChildSuspended() || info->may_suspend ) - { - double t = network_time + state_write_delay; - timer_mgr->Add(new IncrementalSendTimer(t, peer, info)); - - cont->SaveState((void*) index); - if ( info->may_suspend ) - cont->Suspend(); - - return true; - } - } - - if ( ! SendToChild(MSG_PHASE_DONE, peer, 0) ) - return false; - - suspend.Release(); - delete info; - - Log(LogInfo, "done sending full state", peer); - - return EnterPhaseRunning(peer); - } - -bool RemoteSerializer::SendID(SerialInfo* info, Peer* peer, const ID& id) - { - if ( terminating ) - return true; - - // FIXME: When suspending ID serialization works, remove! - DisableSuspend suspend(info); - - if ( info->cont.NewInstance() ) - ++stats.ids.out; - - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - info->cont.SaveContext(); - bool result = Serialize(info, id); - info->cont.RestoreContext(); - - if ( ! result ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendID(SerialInfo* info, PeerID pid, const ID& id) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(pid, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::RUNNING ) - return false; - - return SendID(info, peer, id); - } - -bool RemoteSerializer::SendConnection(SerialInfo* info, PeerID id, - const Connection& c) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::RUNNING ) - return false; - - ++stats.conns.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, c) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendCaptureFilter(PeerID id, const char* filter) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't sent capture filter to peer; wrong phase %d", peer->phase); - return false; - } - - return SendToChild(MSG_CAPTURE_FILTER, peer, copy_string(filter)); - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, const Packet& p) - { - if ( ! IsOpen() || !PropagateAccesses() || terminating ) - return true; - - loop_over_list(peers, i) - { - // Only sent packet for fully setup peers. - if ( peers[i]->phase != Peer::RUNNING ) - continue; - - SerialInfo new_info(*info); - if ( ! SendPacket(&new_info, peers[i], p) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, PeerID id, const Packet& p) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - return SendPacket(info, peer, p); - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, Peer* peer, const Packet& p) - { - ++stats.packets.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, p) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendPing(PeerID id, uint32 seq) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - char* data = new char[sizeof(ping_args)]; - - ping_args* args = (ping_args*) data; - args->seq = htonl(seq); - args->time1 = htond(current_time(true)); - args->time2 = 0; - args->time3 = 0; - - return SendToChild(MSG_PING, peer, data, sizeof(ping_args)); - } - -bool RemoteSerializer::SendCapabilities(Peer* peer) - { - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't sent capabilties to peer; wrong phase %d", - peer->phase); - return false; - } - - uint32 caps = 0; - - caps |= Peer::COMPRESSION; - caps |= Peer::PID_64BIT; - caps |= Peer::NEW_CACHE_STRATEGY; - - return SendToChild(MSG_CAPS, peer, 3, caps, 0, 0); - } - -bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl, - bool ipv6, const string& zone_id, double retry) - { - if ( ! using_communication ) - return true; - - if ( ! initialized ) - reporter->InternalError("remote serializer not initialized"); - - if ( ! ipv6 && ip.GetFamily() == IPv6 && - ip != IPAddr("0.0.0.0") && ip != IPAddr("::") ) - reporter->FatalError("Attempt to listen on address %s, but IPv6 " - "communication disabled", ip.AsString().c_str()); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu16",%d,%d,%s,%" PRIu32, - ip.AsString().c_str(), port, expect_ssl, ipv6, zone_id.c_str(), - (uint32) retry); - - if ( ! SendToChild(MSG_LISTEN, 0, data) ) - return false; - - listening = true; - SetClosed(false); - return true; - } - -void RemoteSerializer::SendSyncPoint(uint32 point) - { - if ( ! (remote_trace_sync_interval && pseudo_realtime) || terminating ) - return; - - current_sync_point = point; - - loop_over_list(peers, i) - if ( peers[i]->phase == Peer::RUNNING && - ! SendToChild(MSG_SYNC_POINT, peers[i], - 1, current_sync_point) ) - return; - - if ( ! syncing_times ) - { - Log(LogInfo, "waiting for peers"); - syncing_times = true; - - loop_over_list(peers, i) - { - // Need to do this once per peer to correctly - // track the number of suspend calls. - net_suspend_processing(); - peers[i]->suspended_processing = true; - } - } - - CheckSyncPoints(); - } - -uint32 RemoteSerializer::SendSyncPoint() - { - Log(LogInfo, fmt("reached sync-point %u", current_sync_point)); - SendSyncPoint(current_sync_point + 1); - return current_sync_point; - } - -void RemoteSerializer::SendFinalSyncPoint() - { - Log(LogInfo, fmt("reached end of trace, sending final sync point")); - SendSyncPoint(FINAL_SYNC_POINT); - } - -bool RemoteSerializer::Terminate() - { - loop_over_list(peers, i) - { - FlushPrintBuffer(peers[i]); - FlushLogBuffer(peers[i]); - } - - Log(LogInfo, fmt("terminating...")); - - return terminating = SendToChild(MSG_TERMINATE, 0, 0); - } - -bool RemoteSerializer::StopListening() - { - if ( ! listening ) - return true; - - if ( ! SendToChild(MSG_LISTEN_STOP, 0, 0) ) - return false; - - listening = false; - SetClosed(! IsActive()); - return true; - } - -void RemoteSerializer::Register(ID* id) - { - DBG_LOG(DBG_STATE, "&synchronized %s", id->Name()); - Unregister(id); - Ref(id); - sync_ids.append(id); - } - -void RemoteSerializer::Unregister(ID* id) - { - loop_over_list(sync_ids, i) - if ( streq(sync_ids[i]->Name(), id->Name()) ) - { - Unref(sync_ids[i]); - sync_ids.remove_nth(i); - break; - } - } - -void RemoteSerializer::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) - { - read->Insert(io->Fd()); - read->Insert(io->ExtraReadFDs()); - - if ( io->CanWrite() ) - write->Insert(io->Fd()); - } - -double RemoteSerializer::NextTimestamp(double* local_network_time) - { - Poll(false); - - if ( received_logs > 0 ) - { - // If we processed logs last time, assume there's more. - SetIdle(false); - received_logs = 0; - return timer_mgr->Time(); - } - - double et = events.length() ? events[0]->time : -1; - double pt = packets.length() ? packets[0]->time : -1; - - if ( ! et ) - et = timer_mgr->Time(); - - if ( ! pt ) - pt = timer_mgr->Time(); - - if ( packets.length() ) - SetIdle(false); - - if ( et >= 0 && (et < pt || pt < 0) ) - return et; - - if ( pt >= 0 ) - { - // Return packet time as network time. - *local_network_time = packets[0]->p->time; - return pt; - } - - return -1; - } - -TimerMgr::Tag* RemoteSerializer::GetCurrentTag() - { - return packets.length() ? &packets[0]->p->tag : 0; - } - -void RemoteSerializer::Process() - { - Poll(false); - - int i = 0; - while ( events.length() ) - { - if ( max_remote_events_processed && - ++i > max_remote_events_processed ) - break; - - BufferedEvent* be = events[0]; - ::Event* event = new ::Event(be->handler, be->args, be->src); - - Peer* old_current_peer = current_peer; - // Prevent the source peer from getting the event back. - current_peer = LookupPeer(be->src, true); // may be null. - mgr.Dispatch(event, ! forward_remote_events); - current_peer = old_current_peer; - - assert(events[0] == be); - delete be; - events.remove_nth(0); - } - - // We shouldn't pass along more than one packet, as otherwise the - // timer mgr will not advance. - if ( packets.length() ) - { - BufferedPacket* bp = packets[0]; - const Packet* p = bp->p; - - // FIXME: The following chunk of code is copied from - // net_packet_dispatch(). We should change that function - // to accept an IOSource instead of the PktSrc. - net_update_time(p->time); - - SegmentProfiler(segment_logger, "expiring-timers"); - TimerMgr* tmgr = sessions->LookupTimerMgr(GetCurrentTag()); - current_dispatched = - tmgr->Advance(network_time, max_timer_expires); - - current_pkt = p; - current_pktsrc = 0; - current_iosrc = this; - sessions->NextPacket(p->time, p); - mgr.Drain(); - - current_pkt = 0; - current_iosrc = 0; - - delete p; - delete bp; - packets.remove_nth(0); - } - - if ( packets.length() ) - SetIdle(false); - } - -void RemoteSerializer::Finish() - { - if ( ! using_communication ) - return; - - do - Poll(true); - while ( io->CanWrite() ); - - loop_over_list(peers, i) - { - CloseConnection(peers[i]); - } - } - -bool RemoteSerializer::Poll(bool may_block) - { - if ( ! child_pid ) - return true; - - // See if there's any peer waiting for initial state synchronization. - if ( sync_pending.length() && ! in_sync ) - { - Peer* p = sync_pending[0]; - sync_pending.remove_nth(0); - HandshakeDone(p); - } - - io->Flush(); - SetIdle(false); - - switch ( msgstate ) { - case TYPE: - { - current_peer = 0; - current_msgtype = MSG_NONE; - - // CMsg follows - ChunkedIO::Chunk* c; - READ_CHUNK_FROM_CHILD(c); - - CMsg* msg = (CMsg*) c->data; - current_peer = LookupPeer(msg->Peer(), false); - current_id = msg->Peer(); - current_msgtype = msg->Type(); - current_args = 0; - - delete c; - - switch ( current_msgtype ) { - case MSG_CLOSE: - case MSG_CLOSE_ALL: - case MSG_LISTEN_STOP: - case MSG_PHASE_DONE: - case MSG_TERMINATE: - case MSG_DEBUG_DUMP: - case MSG_REQUEST_LOGS: - { - // No further argument chunk. - msgstate = TYPE; - return DoMessage(); - } - case MSG_VERSION: - case MSG_SERIAL: - case MSG_ERROR: - case MSG_CONNECT_TO: - case MSG_CONNECTED: - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_LISTEN: - case MSG_STATS: - case MSG_CAPTURE_FILTER: - case MSG_PING: - case MSG_PONG: - case MSG_CAPS: - case MSG_COMPRESS: - case MSG_LOG: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // One further argument chunk. - msgstate = ARGS; - return Poll(may_block); - } - - case MSG_NONE: - InternalCommError(fmt("unexpected msg type %d", - current_msgtype)); - return true; - - default: - InternalCommError(fmt("unknown msg type %d in Poll()", - current_msgtype)); - return true; - } - } - - case ARGS: - { - // Argument chunk follows. - ChunkedIO::Chunk* c; - READ_CHUNK_FROM_CHILD(c); - - current_args = c; - msgstate = TYPE; - bool result = DoMessage(); - - delete current_args; - current_args = 0; - - return result; - } - - default: - reporter->InternalError("unknown msgstate"); - } - - reporter->InternalError("cannot be reached"); - return false; - } - -bool RemoteSerializer::DoMessage() - { - if ( current_peer && - (current_peer->state == Peer::CLOSING || - current_peer->state == Peer::CLOSED) && - is_peer_msg(current_msgtype) ) - { - // We shut the connection to this peer down, - // so we ignore all further messages. - DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%" PRI_SOURCE_ID, - msgToStr(current_msgtype), - current_peer ? current_peer->id : 0)); - return true; - } - - DEBUG_COMM(fmt("parent: %s from child; peer is #%" PRI_SOURCE_ID, - msgToStr(current_msgtype), - current_peer ? current_peer->id : 0)); - - if ( current_peer && - (current_msgtype < 0 || current_msgtype > MSG_ID_MAX) ) - { - Log(LogError, "garbage message from peer, shutting down", - current_peer); - CloseConnection(current_peer); - return true; - } - - // As long as we haven't finished the version - // handshake, no other messages than MSG_VERSION - // are allowed from peer. - if ( current_peer && current_peer->phase == Peer::SETUP && - is_peer_msg(current_msgtype) && current_msgtype != MSG_VERSION ) - { - Log(LogError, "peer did not send version", current_peer); - CloseConnection(current_peer); - return true; - } - - switch ( current_msgtype ) { - case MSG_CLOSE: - PeerDisconnected(current_peer); - return true; - - case MSG_CONNECTED: - return ProcessConnected(); - - case MSG_SERIAL: - return ProcessSerialization(); - - case MSG_REQUEST_EVENTS: - return ProcessRequestEventsMsg(); - - case MSG_REQUEST_SYNC: - return ProcessRequestSyncMsg(); - - case MSG_PHASE_DONE: - return ProcessPhaseDone(); - - case MSG_ERROR: - return ProcessLogMsg(true); - - case MSG_LOG: - return ProcessLogMsg(false); - - case MSG_STATS: - return ProcessStatsMsg(); - - case MSG_CAPTURE_FILTER: - return ProcessCaptureFilterMsg(); - - case MSG_VERSION: - return ProcessVersionMsg(); - - case MSG_PING: - return ProcessPingMsg(); - - case MSG_PONG: - return ProcessPongMsg(); - - case MSG_CAPS: - return ProcessCapsMsg(); - - case MSG_SYNC_POINT: - return ProcessSyncPointMsg(); - - case MSG_TERMINATE: - assert(terminating); - iosource_mgr->Terminate(); - return true; - - case MSG_REMOTE_PRINT: - return ProcessRemotePrint(); - - case MSG_LOG_CREATE_WRITER: - return ProcessLogCreateWriter(); - - case MSG_LOG_WRITE: - return ProcessLogWrite(); - - case MSG_REQUEST_LOGS: - return ProcessRequestLogs(); - - default: - DEBUG_COMM(fmt("unexpected msg type: %d", - int(current_msgtype))); - InternalCommError(fmt("unexpected msg type in DoMessage(): %d", - int(current_msgtype))); - return true; // keep going - } - - reporter->InternalError("cannot be reached"); - return false; - } - -void RemoteSerializer::PeerDisconnected(Peer* peer) - { - assert(peer); - - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - if ( peer->state == Peer::CLOSED || peer->state == Peer::INIT ) - return; - - if ( peer->state == Peer::PENDING ) - { - peer->state = Peer::CLOSED; - Log(LogError, "could not connect", peer); - return; - } - - Log(LogInfo, "peer disconnected", peer); - - if ( peer->phase != Peer::SETUP ) - RaiseEvent(remote_connection_closed, peer); - - if ( in_sync == peer ) - in_sync = 0; - - peer->state = Peer::CLOSED; - peer->phase = Peer::UNKNOWN; - peer->cache_in->Clear(); - peer->cache_out->Clear(); - UnregisterHandlers(peer); - } - -void RemoteSerializer::PeerConnected(Peer* peer) - { - if ( peer->state == Peer::CONNECTED ) - return; - - peer->state = Peer::CONNECTED; - peer->phase = Peer::SETUP; - peer->sent_version = Peer::NONE; - peer->sync_requested = Peer::NONE; - peer->handshake_done = Peer::NONE; - - peer->cache_in->Clear(); - peer->cache_out->Clear(); - peer->our_runtime = int(current_time(true) - bro_start_time); - peer->sync_point = 0; - peer->logs_requested = false; - - if ( ! SendCMsgToChild(MSG_VERSION, peer) ) - return; - - int len = 4 * sizeof(uint32) + peer->our_class.size() + 1; - char* data = new char[len]; - uint32* args = (uint32*) data; - - *args++ = htonl(PROTOCOL_VERSION); - *args++ = htonl(peer->cache_out->GetMaxCacheSize()); - *args++ = htonl(DATA_FORMAT_VERSION); - *args++ = htonl(peer->our_runtime); - strcpy((char*) args, peer->our_class.c_str()); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk(data, len); - - if ( peer->our_class.size() ) - Log(LogInfo, fmt("sending class \"%s\"", peer->our_class.c_str()), peer); - - if ( ! SendToChild(c) ) - { - Log(LogError, "can't send version message"); - CloseConnection(peer); - return; - } - - peer->sent_version |= Peer::WE; - Log(LogInfo, "peer connected", peer); - Log(LogInfo, "phase: version", peer); - } - -RecordVal* RemoteSerializer::MakePeerVal(Peer* peer) - { - RecordVal* v = new RecordVal(::peer); - v->Assign(0, val_mgr->GetCount(uint32(peer->id))); - // Sic! Network order for AddrVal, host order for PortVal. - v->Assign(1, new AddrVal(peer->ip)); - v->Assign(2, val_mgr->GetPort(peer->port, TRANSPORT_TCP)); - v->Assign(3, val_mgr->GetFalse()); - v->Assign(4, val_mgr->GetEmptyString()); // set when received - v->Assign(5, peer->peer_class.size() ? - new StringVal(peer->peer_class.c_str()) : 0); - return v; - } - -RemoteSerializer::Peer* RemoteSerializer::AddPeer(const IPAddr& ip, uint16 port, - PeerID id) - { - Peer* peer = new Peer; - peer->id = id != PEER_NONE ? id : id_counter++; - peer->ip = ip; - peer->port = port; - peer->state = Peer::INIT; - peer->phase = Peer::UNKNOWN; - peer->sent_version = Peer::NONE; - peer->sync_requested = Peer::NONE; - peer->handshake_done = Peer::NONE; - peer->orig = false; - peer->accept_state = false; - peer->send_state = false; - peer->logs_requested = false; - peer->caps = 0; - peer->comp_level = 0; - peer->suspended_processing = false; - peer->caps = 0; - peer->val = MakePeerVal(peer); - peer->cache_in = new SerializationCache(MAX_CACHE_SIZE); - peer->cache_out = new SerializationCache(MAX_CACHE_SIZE); - peer->sync_point = 0; - peer->print_buffer = 0; - peer->print_buffer_used = 0; - peer->log_buffer = new char[LOG_BUFFER_SIZE]; - peer->log_buffer_used = 0; - - peers.append(peer); - Log(LogInfo, "added peer", peer); - - return peer; - } - -void RemoteSerializer::UnregisterHandlers(Peer* peer) - { - // Unregister the peers for the EventHandlers. - loop_over_list(peer->handlers, i) - { - peer->handlers[i]->RemoveRemoteHandler(peer->id); - } - } - -void RemoteSerializer::RemovePeer(Peer* peer) - { - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - peers.remove(peer); - UnregisterHandlers(peer); - - Log(LogInfo, "removed peer", peer); - - int id = peer->id; - Unref(peer->val); - delete [] peer->print_buffer; - delete [] peer->log_buffer; - delete peer->cache_in; - delete peer->cache_out; - delete peer; - - SetClosed(! IsActive()); - - if ( in_sync == peer ) - in_sync = 0; - } - -RemoteSerializer::Peer* RemoteSerializer::LookupPeer(PeerID id, - bool only_if_connected) - { - Peer* peer = 0; - loop_over_list(peers, i) - if ( peers[i]->id == id ) - { - peer = peers[i]; - break; - } - - if ( ! only_if_connected || (peer && peer->state == Peer::CONNECTED) ) - return peer; - else - return 0; - } - -bool RemoteSerializer::ProcessVersionMsg() - { - uint32* args = (uint32*) current_args->data; - uint32 version = ntohl(args[0]); - uint32 data_version = ntohl(args[2]); - - if ( PROTOCOL_VERSION != version ) - { - Log(LogError, fmt("remote protocol version mismatch: got %d, but expected %d", - version, PROTOCOL_VERSION), current_peer); - CloseConnection(current_peer); - return true; - } - - // For backwards compatibility, data_version may be null. - if ( data_version && DATA_FORMAT_VERSION != data_version ) - { - Log(LogError, fmt("remote data version mismatch: got %d, but expected %d", - data_version, DATA_FORMAT_VERSION), - current_peer); - CloseConnection(current_peer); - return true; - } - - uint32 cache_size = ntohl(args[1]); - current_peer->cache_in->SetMaxCacheSize(cache_size); - current_peer->runtime = ntohl(args[3]); - - current_peer->sent_version |= Peer::PEER; - - if ( current_args->len > 4 * sizeof(uint32) ) - { - // The peer sends us a class string. - const char* pclass = (const char*) &args[4]; - current_peer->peer_class = pclass; - if ( *pclass ) - Log(LogInfo, fmt("peer sent class \"%s\"", pclass), current_peer); - if ( current_peer->val ) - current_peer->val->Assign(5, new StringVal(pclass)); - } - - assert(current_peer->sent_version == Peer::BOTH); - current_peer->phase = Peer::HANDSHAKE; - Log(LogInfo, "phase: handshake", current_peer); - - if ( ! SendCapabilities(current_peer) ) - return false; - - RaiseEvent(remote_connection_established, current_peer); - - return true; - } - -bool RemoteSerializer::EnterPhaseRunning(Peer* peer) - { - if ( in_sync == peer ) - in_sync = 0; - - peer->phase = Peer::RUNNING; - Log(LogInfo, "phase: running", peer); - RaiseEvent(remote_connection_handshake_done, peer); - - if ( remote_trace_sync_interval ) - { - loop_over_list(peers, i) - { - if ( ! SendToChild(MSG_SYNC_POINT, peers[i], - 1, current_sync_point) ) - return false; - } - } - - return true; - } - -bool RemoteSerializer::ProcessConnected() - { - // IP and port follow. - vector args = tokenize(current_args->data, ','); - - if ( args.size() != 2 ) - { - InternalCommError("ProcessConnected() bad number of arguments"); - return false; - } - - IPAddr host = IPAddr(args[0]); - uint16 port; - - if ( ! atoi_n(args[1].size(), args[1].c_str(), 0, 10, port) ) - { - InternalCommError("ProcessConnected() bad peer port string"); - return false; - } - - if ( ! current_peer ) - { - // The other side connected to one of our listening ports. - current_peer = AddPeer(host, port, current_id); - current_peer->orig = false; - } - else if ( current_peer->orig ) - { - // It's a successful retry. - current_peer->port = port; - current_peer->accept_state = false; - Unref(current_peer->val); - current_peer->val = MakePeerVal(current_peer); - } - - PeerConnected(current_peer); - - ID* descr = global_scope()->Lookup("peer_description"); - if ( ! descr ) - reporter->InternalError("peer_description not defined"); - - SerialInfo info(this); - SendID(&info, current_peer, *descr); - - return true; - } - -bool RemoteSerializer::ProcessRequestEventsMsg() - { - if ( ! current_peer ) - return false; - - // Register new handlers. - char* p = current_args->data; - while ( p < current_args->data + current_args->len ) - { - EventHandler* handler = event_registry->Lookup(p); - if ( handler ) - { - handler->AddRemoteHandler(current_peer->id); - current_peer->handlers.append(handler); - RaiseEvent(remote_event_registered, current_peer, p); - Log(LogInfo, fmt("registered for event %s", p), - current_peer); - - // If the other side requested the print_hook event, - // we initialize the buffer. - if ( current_peer->print_buffer == 0 && - streq(p, "print_hook") ) - { - current_peer->print_buffer = - new char[PRINT_BUFFER_SIZE]; - current_peer->print_buffer_used = 0; - Log(LogInfo, "initialized print buffer", - current_peer); - } - } - else - Log(LogInfo, fmt("request for unknown event %s", p), - current_peer); - - p += strlen(p) + 1; - } - - return true; - } - -bool RemoteSerializer::ProcessRequestSyncMsg() - { - if ( ! current_peer ) - return false; - - int auth = 0; - uint32* args = (uint32*) current_args->data; - if ( ntohl(args[0]) != 0 ) - { - Log(LogInfo, "peer considers its state authoritative", current_peer); - auth = Peer::AUTH_PEER; - } - - current_peer->sync_requested |= Peer::PEER | auth; - return true; - } - -bool RemoteSerializer::ProcessRequestLogs() - { - if ( ! current_peer ) - return false; - - Log(LogInfo, "peer requested logs", current_peer); - - current_peer->logs_requested = true; - return true; - } - -bool RemoteSerializer::ProcessPhaseDone() - { - switch ( current_peer->phase ) { - case Peer::HANDSHAKE: - { - current_peer->handshake_done |= Peer::PEER; - - if ( current_peer->handshake_done == Peer::BOTH ) - HandshakeDone(current_peer); - break; - } - - case Peer::SYNC: - { - // Make sure that the other side is supposed to sent us this. - if ( current_peer->send_state ) - { - Log(LogError, "unexpected phase_done in sync phase from peer", current_peer); - CloseConnection(current_peer); - return false; - } - - if ( ! EnterPhaseRunning(current_peer) ) - { - if ( current_peer->suspended_processing ) - { - net_continue_processing(); - current_peer->suspended_processing = false; - } - - return false; - } - - if ( current_peer->suspended_processing ) - { - net_continue_processing(); - current_peer->suspended_processing = false; - } - - break; - } - - default: - Log(LogError, "unexpected phase_done", current_peer); - CloseConnection(current_peer); - } - - return true; - } - -bool RemoteSerializer::HandshakeDone(Peer* peer) - { - if ( peer->caps & Peer::COMPRESSION && peer->comp_level > 0 ) - if ( ! SendToChild(MSG_COMPRESS, peer, 1, peer->comp_level) ) - return false; - - if ( ! (peer->caps & Peer::PID_64BIT) ) - Log(LogInfo, "peer does not support 64bit PIDs; using compatibility mode", peer); - - if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) ) - Log(LogInfo, "peer supports keep-in-cache; using that", peer); - - if ( (peer->caps & Peer::BROCCOLI_PEER) ) - Log(LogInfo, "peer is a Broccoli", peer); - - if ( peer->logs_requested ) - log_mgr->SendAllWritersTo(peer->id); - - if ( peer->sync_requested != Peer::NONE ) - { - if ( in_sync ) - { - Log(LogInfo, "another sync in progress, waiting...", - peer); - sync_pending.append(peer); - return true; - } - - if ( (peer->sync_requested & Peer::AUTH_PEER) && - (peer->sync_requested & Peer::AUTH_WE) ) - { - Log(LogError, "misconfiguration: authoritative state on both sides", - current_peer); - CloseConnection(peer); - return false; - } - - in_sync = peer; - peer->phase = Peer::SYNC; - - // If only one side has requested state synchronization, - // it will get all the state from the peer. - // - // If both sides have shown interest, the one considering - // itself authoritative will send the state. If none is - // authoritative, the peer which is running longest sends - // its state. - // - if ( (peer->sync_requested & Peer::BOTH) != Peer::BOTH ) - { - // One side. - if ( peer->sync_requested & Peer::PEER ) - peer->send_state = true; - else if ( peer->sync_requested & Peer::WE ) - peer->send_state = false; - else - reporter->InternalError("illegal sync_requested value"); - } - else - { - // Both. - if ( peer->sync_requested & Peer::AUTH_WE ) - peer->send_state = true; - else if ( peer->sync_requested & Peer::AUTH_PEER ) - peer->send_state = false; - else - { - if ( peer->our_runtime == peer->runtime ) - peer->send_state = peer->orig; - else - peer->send_state = (peer->our_runtime > - peer->runtime); - } - } - - Log(LogInfo, fmt("phase: sync (%s)", (peer->send_state ? "sender" : "receiver")), peer); - - if ( peer->send_state ) - { - SerialInfo* info = new SerialInfo(this); - SendAllSynchronized(peer, info); - } - - else - { - // Suspend until we got everything. - net_suspend_processing(); - peer->suspended_processing = true; - } - } - else - return EnterPhaseRunning(peer); - - return true; - } - -bool RemoteSerializer::ProcessPingMsg() - { - if ( ! current_peer ) - return false; - - if ( ! SendToChild(MSG_PONG, current_peer, - current_args->data, current_args->len) ) - return false; - - return true; - } - -bool RemoteSerializer::ProcessPongMsg() - { - if ( ! current_peer ) - return false; - - ping_args* args = (ping_args*) current_args->data; - - val_list* vl = new val_list; - vl->append(current_peer->val->Ref()); - vl->append(val_mgr->GetCount((unsigned int) ntohl(args->seq))); - vl->append(new Val(current_time(true) - ntohd(args->time1), - TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time2), TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time3), TYPE_INTERVAL)); - mgr.QueueEvent(remote_pong, vl); - return true; - } - -bool RemoteSerializer::ProcessCapsMsg() - { - if ( ! current_peer ) - return false; - - uint32* args = (uint32*) current_args->data; - current_peer->caps = ntohl(args[0]); - return true; - } - -bool RemoteSerializer::ProcessLogMsg(bool is_error) - { - Log(is_error ? LogError : LogInfo, current_args->data, 0, LogChild); - return true; - } - -bool RemoteSerializer::ProcessStatsMsg() - { - // Take the opportunity to log our stats, too. - LogStats(); - - // Split the concatenated child stats into indiviual log messages. - int count = 0; - for ( char* p = current_args->data; - p < current_args->data + current_args->len; p += strlen(p) + 1 ) - Log(LogInfo, fmt("child statistics: [%d] %s", count++, p), - current_peer); - - return true; - } - -bool RemoteSerializer::ProcessCaptureFilterMsg() - { - if ( ! current_peer ) - return false; - - RaiseEvent(remote_capture_filter, current_peer, current_args->data); - return true; - } - -bool RemoteSerializer::CheckSyncPoints() - { - if ( ! current_sync_point ) - return false; - - int ready = 0; - - loop_over_list(peers, i) - if ( peers[i]->sync_point >= current_sync_point ) - ready++; - - if ( ready < remote_trace_sync_peers ) - return false; - - if ( current_sync_point == FINAL_SYNC_POINT ) - { - Log(LogInfo, fmt("all peers reached final sync-point, going to finish")); - Terminate(); - } - else - Log(LogInfo, fmt("all peers reached sync-point %u", - current_sync_point)); - - if ( syncing_times ) - { - loop_over_list(peers, i) - { - if ( peers[i]->suspended_processing ) - { - net_continue_processing(); - peers[i]->suspended_processing = false; - } - } - - syncing_times = false; - } - - return true; - } - -bool RemoteSerializer::ProcessSyncPointMsg() - { - if ( ! current_peer ) - return false; - - uint32* args = (uint32*) current_args->data; - uint32 count = ntohl(args[0]); - - current_peer->sync_point = max(current_peer->sync_point, count); - - if ( current_peer->sync_point == FINAL_SYNC_POINT ) - Log(LogInfo, fmt("reached final sync-point"), current_peer); - else - Log(LogInfo, fmt("reached sync-point %u", current_peer->sync_point), current_peer); - - if ( syncing_times ) - CheckSyncPoints(); - - return true; - } - -bool RemoteSerializer::ProcessSerialization() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - SetCache(current_peer->cache_in); - UnserialInfo info(this); - - bool accept_state = current_peer->accept_state; - -#if 0 - // If processing is suspended, we unserialize the data but throw - // it away. - if ( current_peer->phase == Peer::RUNNING && - net_is_processing_suspended() ) - accept_state = false; -#endif - - assert(current_args); - info.chunk = current_args; - - info.install_globals = accept_state; - info.install_conns = accept_state; - info.ignore_callbacks = ! accept_state; - - if ( current_peer->phase != Peer::RUNNING ) - info.id_policy = UnserialInfo::InstantiateNew; - else - info.id_policy = accept_state ? - UnserialInfo::CopyNewToCurrent : - UnserialInfo::Keep; - - if ( ! (current_peer->caps & Peer::PID_64BIT) || - current_peer->phase != Peer::RUNNING ) - info.pid_32bit = true; - - if ( (current_peer->caps & Peer::NEW_CACHE_STRATEGY) && - current_peer->phase == Peer::RUNNING ) - info.new_cache_strategy = true; - - if ( current_peer->caps & Peer::BROCCOLI_PEER ) - info.broccoli_peer = true; - - if ( ! forward_remote_state_changes ) - ignore_accesses = true; - - source_peer = current_peer; - int i = Unserialize(&info); - source_peer = 0; - - if ( ! forward_remote_state_changes ) - ignore_accesses = false; - - if ( i < 0 ) - { - Log(LogError, "unserialization error", current_peer); - CloseConnection(current_peer); - // Error - return false; - } - - return true; - } - -bool RemoteSerializer::FlushPrintBuffer(Peer* p) - { - if ( p->state == Peer::CLOSING ) - return false; - - if ( ! (p->print_buffer && p->print_buffer_used) ) - return true; - - SendToChild(MSG_REMOTE_PRINT, p, p->print_buffer, p->print_buffer_used); - - p->print_buffer = new char[PRINT_BUFFER_SIZE]; - p->print_buffer_used = 0; - return true; - } - -bool RemoteSerializer::SendPrintHookEvent(BroFile* f, const char* txt, size_t len) - { - loop_over_list(peers, i) - { - Peer* p = peers[i]; - - if ( ! p->print_buffer ) - continue; - - const char* fname = f->Name(); - if ( ! fname ) - continue; // not a managed file. - - // We cut off everything after the max buffer size. That - // makes the code a bit easier, and we shouldn't have such - // long lines anyway. - len = min(len, PRINT_BUFFER_SIZE - strlen(fname) - 2); - - // If there's not enough space in the buffer, flush it. - - int need = strlen(fname) + 1 + len + 1; - if ( p->print_buffer_used + need > PRINT_BUFFER_SIZE ) - { - if ( ! FlushPrintBuffer(p) ) - return false; - } - - assert(p->print_buffer_used + need <= PRINT_BUFFER_SIZE); - - char* dst = p->print_buffer + p->print_buffer_used; - strcpy(dst, fname); - dst += strlen(fname) + 1; - memcpy(dst, txt, len); - dst += len; - *dst++ = '\0'; - - p->print_buffer_used = dst - p->print_buffer; - } - - return true; - } - -bool RemoteSerializer::ProcessRemotePrint() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - const char* p = current_args->data; - while ( p < current_args->data + current_args->len ) - { - const char* fname = p; - p += strlen(p) + 1; - const char* txt = p; - p += strlen(p) + 1; - - val_list* vl = new val_list(2); - BroFile* f = BroFile::GetFile(fname); - Ref(f); - vl->append(new Val(f)); - vl->append(new StringVal(txt)); - GotEvent("print_hook", -1.0, print_hook, vl); - } - - return true; - } - -bool RemoteSerializer::SendLogCreateWriter(EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields) - { - loop_over_list(peers, i) - { - SendLogCreateWriter(peers[i]->id, id, writer, info, num_fields, fields); - } - - return true; - } - -bool RemoteSerializer::SendLogCreateWriter(PeerID peer_id, EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields) - { - SetErrorDescr("logging"); - - ChunkedIO::Chunk* c = 0; - - Peer* peer = LookupPeer(peer_id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::HANDSHAKE && peer->phase != Peer::RUNNING ) - return false; - - if ( ! peer->logs_requested ) - return false; - - BinarySerializationFormat fmt; - - fmt.StartWrite(); - - bool success = fmt.Write(id->AsEnum(), "id") && - fmt.Write(writer->AsEnum(), "writer") && - fmt.Write(num_fields, "num_fields") && - info.Write(&fmt); - - if ( ! success ) - goto error; - - for ( int i = 0; i < num_fields; i++ ) - { - if ( ! fields[i]->Write(&fmt) ) - goto error; - } - - if ( ! SendToChild(MSG_LOG_CREATE_WRITER, peer, 0) ) - goto error; - - c = new ChunkedIO::Chunk; - c->len = fmt.EndWrite(&c->data); - c->free_func = ChunkedIO::Chunk::free_func_free; - - if ( ! SendToChild(c) ) - goto error; - - return true; - -error: - delete c; - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendLogWrite(EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals) - { - loop_over_list(peers, i) - { - SendLogWrite(peers[i], id, writer, path, num_fields, vals); - } - - return true; - } - -bool RemoteSerializer::SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals) - { - if ( peer->phase != Peer::HANDSHAKE && peer->phase != Peer::RUNNING ) - return false; - - if ( ! peer->logs_requested ) - return false; - - if ( ! peer->log_buffer ) - // Peer shutting down. - return false; - - // Serialize the log record entry. - - BinarySerializationFormat fmt; - - fmt.StartWrite(); - - bool success = fmt.Write(id->AsEnum(), "id") && - fmt.Write(writer->AsEnum(), "writer") && - fmt.Write(path, "path") && - fmt.Write(num_fields, "num_fields"); - - if ( ! success ) - goto error; - - for ( int i = 0; i < num_fields; i++ ) - { - if ( ! vals[i]->Write(&fmt) ) - goto error; - } - - // Ok, we have the binary data now. - char* data; - int len; - - len = fmt.EndWrite(&data); - - assert(len > 10); - - // Do we have not enough space in the buffer, or was the last flush a - // while ago? If so, flush first. - if ( len > (LOG_BUFFER_SIZE - peer->log_buffer_used) || (network_time - last_flush > 1.0) ) - { - if ( ! FlushLogBuffer(peer) ) - { - free(data); - return false; - } - } - - // If the data is actually larger than our complete buffer, just send it out. - if ( len > LOG_BUFFER_SIZE ) - return SendToChild(MSG_LOG_WRITE, peer, data, len, true); - - // Now we have space in the buffer, copy it into there. - memcpy(peer->log_buffer + peer->log_buffer_used, data, len); - peer->log_buffer_used += len; - assert(peer->log_buffer_used <= LOG_BUFFER_SIZE); - - free(data); - - return true; - -error: - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::FlushLogBuffer(Peer* p) - { - if ( ! p->logs_requested ) - return false; - - last_flush = network_time; - - if ( p->state == Peer::CLOSING ) - return false; - - if ( ! (p->log_buffer && p->log_buffer_used) ) - return true; - - char* data = new char[p->log_buffer_used]; - memcpy(data, p->log_buffer, p->log_buffer_used); - SendToChild(MSG_LOG_WRITE, p, data, p->log_buffer_used); - - p->log_buffer_used = 0; - return true; - } - -bool RemoteSerializer::ProcessLogCreateWriter() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - -#ifdef USE_PERFTOOLS_DEBUG - // Don't track allocations here, they'll be released only after the - // main loop exists. And it's just a tiny amount anyway. - HeapLeakChecker::Disabler disabler; -#endif - - assert(current_args); - - EnumVal* id_val = 0; - EnumVal* writer_val = 0; - threading::Field** fields = 0; - int delete_fields_up_to = -1; - - BinarySerializationFormat fmt; - fmt.StartRead(current_args->data, current_args->len); - - int id, writer; - int num_fields; - logging::WriterBackend::WriterInfo* info = new logging::WriterBackend::WriterInfo(); - - bool success = fmt.Read(&id, "id") && - fmt.Read(&writer, "writer") && - fmt.Read(&num_fields, "num_fields") && - info->Read(&fmt); - - if ( ! success ) - goto error; - - fields = new threading::Field* [num_fields]; - - for ( int i = 0; i < num_fields; i++ ) - { - fields[i] = new threading::Field; - if ( ! fields[i]->Read(&fmt) ) - { - delete_fields_up_to = i + 1; - goto error; - } - } - - fmt.EndRead(); - - id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); - writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); - - if ( ! log_mgr->CreateWriterForRemoteLog(id_val, writer_val, info, num_fields, fields) ) - { - info = 0; - fields = 0; - goto error; - } - - Unref(id_val); - Unref(writer_val); - - return true; - -error: - Unref(id_val); - Unref(writer_val); - delete info; - - for ( int i = 0; i < delete_fields_up_to; ++i ) - delete fields[i]; - - delete [] fields; - Error("write error for creating writer"); - return false; - } - -bool RemoteSerializer::ProcessLogWrite() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - assert(current_args); - - BinarySerializationFormat fmt; - fmt.StartRead(current_args->data, current_args->len); - - while ( fmt.BytesRead() != (int)current_args->len ) - { - // Unserialize one entry. - EnumVal* id_val = 0; - EnumVal* writer_val = 0; - threading::Value** vals = 0; - - int id, writer; - string path; - int num_fields; - - bool success = fmt.Read(&id, "id") && - fmt.Read(&writer, "writer") && - fmt.Read(&path, "path") && - fmt.Read(&num_fields, "num_fields"); - - if ( ! success ) - goto error; - - vals = new threading::Value* [num_fields]; - - for ( int i = 0; i < num_fields; i++ ) - { - vals[i] = new threading::Value; - - if ( ! vals[i]->Read(&fmt) ) - { - for ( int j = 0; j <= i; ++j ) - delete vals[j]; - - delete [] vals; - goto error; - } - } - - id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); - writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); - - success = log_mgr->WriteFromRemote(id_val, writer_val, path, num_fields, vals); - - Unref(id_val); - Unref(writer_val); - - if ( ! success ) - goto error; - - } - - fmt.EndRead(); - - ++received_logs; - - return true; - -error: - Error("write error for log entry"); - return false; - } - -void RemoteSerializer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - if ( time >= 0 ) - { - // Marker for being called from ProcessRemotePrint(). - DEBUG_COMM("parent: got event"); - ++stats.events.in; - } - - if ( ! current_peer ) - { - Error("unserialized event from unknown peer"); - delete_vals(args); - return; - } - - BufferedEvent* e = new BufferedEvent; - - // Our time, not the time when the event was generated. - e->time = iosource_mgr->GetPktSrcs().size() ? - time_t(network_time) : time_t(timer_mgr->Time()); - - e->src = current_peer->id; - e->handler = event; - e->args = args; - - // If needed, coerce received record arguments to the expected record type. - if ( e->handler->FType() ) - { - const type_list* arg_types = e->handler->FType()->ArgTypes()->Types(); - loop_over_list(*args, i) - { - Val* v = (*args)[i]; - BroType* v_t = v->Type(); - BroType* arg_t = (*arg_types)[i]; - if ( v_t->Tag() == TYPE_RECORD && arg_t->Tag() == TYPE_RECORD ) - { - if ( ! same_type(v_t, arg_t) ) - { - Val* nv = v->AsRecordVal()->CoerceTo(arg_t->AsRecordType()); - if ( nv ) - { - args->replace(i, nv); - Unref(v); - } - } - } - } - } - - events.append(e); - } - -void RemoteSerializer::GotFunctionCall(const char* name, double time, - Func* function, val_list* args) - { - DEBUG_COMM("parent: got function call"); - ++stats.events.in; - - if ( ! current_peer ) - { - Error("unserialized function from unknown peer"); - delete_vals(args); - return; - } - - try - { - function->Call(args); - } - - catch ( InterpreterException& e ) - { /* Already reported. */ } - } - -void RemoteSerializer::GotID(ID* id, Val* val) - { - ++stats.ids.in; - - if ( ! current_peer ) - { - Error("unserialized id from unknown peer"); - Unref(id); - return; - } - - if ( current_peer->phase == Peer::HANDSHAKE && - streq(id->Name(), "peer_description") ) - { - if ( val->Type()->Tag() != TYPE_STRING ) - { - Error("peer_description not a string"); - Unref(id); - return; - } - - const char* desc = val->AsString()->CheckString(); - current_peer->val->Assign(4, new StringVal(desc)); - - Log(LogInfo, fmt("peer_description is %s", *desc ? desc : "not set"), - current_peer); - - Unref(id); - return; - } - - if ( id->Name()[0] == '#' ) - { - // This is a globally unique, non-user-visible ID. - - // Only MutableVals can be bound to names starting with '#'. - assert(val->IsMutableVal()); - - // It must be already installed in the global namespace: - // either we saw it before, or MutableVal::Unserialize() - // installed it. - assert(global_scope()->Lookup(id->Name())); - - // Only synchronized values can arrive here. - assert(((MutableVal*) val)->GetProperties() & MutableVal::SYNCHRONIZED); - - DBG_LOG(DBG_COMM, "got ID %s from peer\n", id->Name()); - } - - Unref(id); - } - -void RemoteSerializer::GotConnection(Connection* c) - { - ++stats.conns.in; - - // Nothing else to-do. Connection will be installed automatically - // (if allowed). - - Unref(c); - } - -void RemoteSerializer::GotStateAccess(StateAccess* s) - { - ++stats.accesses.in; - - ODesc d; - DBG_LOG(DBG_COMM, "got StateAccess: %s", (s->Describe(&d), d.Description())); - - if ( ! current_peer ) - { - Error("unserialized function from unknown peer"); - return; - } - - if ( current_peer->sync_requested & Peer::WE ) - s->Replay(); - - delete s; - } - -void RemoteSerializer::GotTimer(Timer* s) - { - reporter->Error("RemoteSerializer::GotTimer not implemented"); - } - -void RemoteSerializer::GotPacket(Packet* p) - { - ++stats.packets.in; - - BufferedPacket* bp = new BufferedPacket; - bp->time = time_t(timer_mgr->Time()); - bp->p = p; - packets.append(bp); - } - -void RemoteSerializer::Log(LogLevel level, const char* msg) - { - Log(level, msg, 0, LogParent); - } - -void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, - LogSrc src) - { - if ( peer ) - { - val_list* vl = new val_list(); - vl->append(peer->val->Ref()); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log_peer, vl); - } - else - { - val_list* vl = new val_list(); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log, vl); - } - -#ifdef DEBUG - const int BUFSIZE = 1024; - char buffer[BUFSIZE]; - int len = 0; - - if ( peer ) - len += snprintf(buffer + len, sizeof(buffer) - len, "[#%d/%s:%d] ", - int(peer->id), peer->ip.AsURIString().c_str(), - peer->port); - - len += safe_snprintf(buffer + len, sizeof(buffer) - len, "%s", msg); - - DEBUG_COMM(fmt("parent: %.6f %s", current_time(), buffer)); -#endif - } - -void RemoteSerializer::RaiseEvent(EventHandlerPtr event, Peer* peer, - const char* arg) - { - val_list* vl = new val_list; - - if ( peer ) - { - Ref(peer->val); - vl->append(peer->val); - } - else - { - Val* v = mgr.GetLocalPeerVal(); - v->Ref(); - vl->append(v); - } - - if ( arg ) - vl->append(new StringVal(arg)); - - // If we only have remote sources, the network time - // will not increase as long as no peers are connected. - // Therefore, we send these events immediately. - mgr.Dispatch(new Event(event, vl, PEER_LOCAL)); - } - -void RemoteSerializer::LogStats() - { - if ( ! io ) - return; - - char buffer[512]; - io->Stats(buffer, 512); - Log(LogInfo, fmt("parent statistics: %s events=%lu/%lu operations=%lu/%lu", - buffer, stats.events.in, stats.events.out, - stats.accesses.in, stats.accesses.out)); - } - -RecordVal* RemoteSerializer::GetPeerVal(PeerID id) - { - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return 0; - - Ref(peer->val); - return peer->val; - } - -void RemoteSerializer::ChildDied() - { - Log(LogError, "child died"); - SetClosed(true); - child_pid = 0; - - // Shut down the main process as well. - terminate_processing(); - } - -bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer) - { - if ( ! sendCMsg(io, msg_type, peer ? peer->id : PEER_NONE) ) - { - reporter->Warning("can't send message of type %d: %s", - msg_type, io->Error()); - return false; - } - return true; - } - -bool RemoteSerializer::SendToChild(char type, Peer* peer, char* str, int len, - bool delete_with_free) - { - DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str)); - - if ( child_pid && sendToIO(io, type, peer ? peer->id : PEER_NONE, str, len, - delete_with_free) ) - return true; - - if ( delete_with_free ) - free(str); - else - delete [] str; - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendToChild(char type, Peer* peer, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap, nargs); - DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ",%s)", - msgToStr(type), peer ? peer->id : PEER_NONE, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - if ( child_pid ) - { - va_start(ap, nargs); - bool ret = sendToIO(io, type, peer ? peer->id : PEER_NONE, nargs, ap); - va_end(ap); - - if ( ret ) - return true; - } - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendToChild(ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("parent: (->child) chunk of size %d", c->len)); - - if ( child_pid && sendToIO(io, c) ) - return true; - - c->free_func(c->data); - c->data = 0; - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -void RemoteSerializer::FatalError(const char* msg) - { - msg = fmt("fatal error, shutting down communication: %s", msg); - Log(LogError, msg); - reporter->Error("%s", msg); - - SetClosed(true); - - if ( kill(child_pid, SIGQUIT) < 0 ) - reporter->Warning("warning: cannot kill child pid %d, %s", child_pid, strerror(errno)); - - child_pid = 0; - using_communication = false; - io->Clear(); - - loop_over_list(peers, i) - { - // Make perftools happy. - Peer* p = peers[i]; - delete [] p->log_buffer; - delete [] p->print_buffer; - p->log_buffer = p->print_buffer = 0; - } - } - -bool RemoteSerializer::IsActive() - { - if ( listening ) - return true; - - loop_over_list(peers, i) - if ( peers[i]->state == Peer::PENDING || - peers[i]->state == Peer::CONNECTED ) - return true; - - return false; - } - -void RemoteSerializer::ReportError(const char* msg) - { - if ( current_peer && current_peer->phase != Peer::SETUP ) - RaiseEvent(remote_connection_error, current_peer, msg); - Log(LogError, msg, current_peer); - } - -void RemoteSerializer::InternalCommError(const char* msg) - { -#ifdef DEBUG_COMMUNICATION - DumpDebugData(); -#else - reporter->InternalError("%s", msg); -#endif - } - -#ifdef DEBUG_COMMUNICATION - -void RemoteSerializer::DumpDebugData() - { - Log(LogError, "dumping debug data and terminating ..."); - io->DumpDebugData("comm-dump.parent", true); - io->DumpDebugData("comm-dump.parent", false); - SendToChild(MSG_DEBUG_DUMP, 0, 0); - Terminate(); - } - -static ChunkedIO* openDump(const char* file) - { - int fd = open(file, O_RDONLY, 0600); - - if ( fd < 0 ) - { - reporter->Error("cannot open %s: %s\n", file, strerror(errno)); - return 0; - } - - return new ChunkedIOFd(fd, "dump-file"); - } - -void RemoteSerializer::ReadDumpAsMessageType(const char* file) - { - ChunkedIO* io = openDump(file); - if ( ! io ) - return; - - ChunkedIO::Chunk* chunk; - - if ( ! io->Read(&chunk, true ) ) - { - reporter->Error("cannot read %s: %s\n", file, strerror(errno)); - return; - } - - CMsg* msg = (CMsg*) chunk->data; - - delete [] chunk->data; - delete io; - } - -void RemoteSerializer::ReadDumpAsSerialization(const char* file) - { - FileSerializer s; - UnserialInfo info(&s); - info.print = stdout; - info.install_uniques = info.ignore_callbacks = true; - s.Read(&info, file, false); - } - -#endif - -//////////////////////////// - -// If true (set by signal handler), we will log some stats to parent. -static bool log_stats = false; -static bool log_prof = false; - -// How often stats are sent (in seconds). -// Perhaps we should make this configurable... -const int STATS_INTERVAL = 60; - -static RETSIGTYPE sig_handler_log(int signo) - { - // SIGALRM is the only one we get. - log_stats = true; - } - -static RETSIGTYPE sig_handler_prof(int signo) - { - log_prof = true; - } - -SocketComm::SocketComm() - { - io = 0; - - // We start the ID counter high so that IDs assigned by us - // (hopefully) don't conflict with those of our parent. - id_counter = 10000; - parent_peer = 0; - parent_msgstate = TYPE; - parent_id = RemoteSerializer::PEER_NONE; - parent_msgtype = 0; - parent_args = 0; - shutting_conns_down = false; - terminating = false; - killing = false; - - listen_port = 0; - listen_ssl = false; - enable_ipv6 = false; - bind_retry_interval = 0; - listen_next_try = 0; - - // We don't want to use the signal handlers of our parent. - (void) setsignal(SIGTERM, SIG_DFL); - (void) setsignal(SIGINT, SIG_DFL); - (void) setsignal(SIGUSR1, SIG_DFL); - (void) setsignal(SIGUSR2, SIG_DFL); - (void) setsignal(SIGCONT, SIG_DFL); - (void) setsignal(SIGCHLD, SIG_DFL); - - // Raping SIGPROF for profiling - (void) setsignal(SIGPROF, sig_handler_prof); - (void) setsignal(SIGALRM, sig_handler_log); - alarm(STATS_INTERVAL); - } - -SocketComm::~SocketComm() - { - loop_over_list(peers, i) - delete peers[i]->io; - - delete io; - CloseListenFDs(); - } - -static unsigned int first_rtime = 0; - -static void fd_vector_set(const std::vector& fds, fd_set* set, int* max) - { - for ( size_t i = 0; i < fds.size(); ++i ) - { - FD_SET(fds[i], set); - *max = ::max(fds[i], *max); - } - } - -void SocketComm::Run() - { - first_rtime = (unsigned int) current_time(true); - - while ( true ) - { - // Logging signaled? - if ( log_stats ) - LogStats(); - - // Termination signaled - if ( terminating ) - CheckFinished(); - - // Build FDSets for select. - fd_set fd_read, fd_write, fd_except; - - FD_ZERO(&fd_read); - FD_ZERO(&fd_write); - FD_ZERO(&fd_except); - - int max_fd = io->Fd(); - FD_SET(io->Fd(), &fd_read); - max_fd = std::max(max_fd, io->ExtraReadFDs().Set(&fd_read)); - - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - { - FD_SET(peers[i]->io->Fd(), &fd_read); - if ( peers[i]->io->Fd() > max_fd ) - max_fd = peers[i]->io->Fd(); - max_fd = std::max(max_fd, - peers[i]->io->ExtraReadFDs().Set(&fd_read)); - } - else - { - if ( peers[i]->next_try > 0 && - time(0) > peers[i]->next_try ) - // Try reconnect. - Connect(peers[i]); - } - } - - if ( listen_next_try && time(0) > listen_next_try ) - Listen(); - - for ( size_t i = 0; i < listen_fds.size(); ++i ) - { - FD_SET(listen_fds[i], &fd_read); - if ( listen_fds[i] > max_fd ) - max_fd = listen_fds[i]; - } - - if ( io->IsFillingUp() && ! shutting_conns_down ) - { - Error("queue to parent filling up; shutting down heaviest connection"); - - const ChunkedIO::Statistics* stats = 0; - unsigned long max = 0; - Peer* max_peer = 0; - - loop_over_list(peers, i) - { - if ( ! peers[i]->connected ) - continue; - - stats = peers[i]->io->Stats(); - if ( stats->bytes_read > max ) - { - max = stats->bytes_read; - max_peer = peers[i]; - } - } - - if ( max_peer ) - CloseConnection(max_peer, true); - - shutting_conns_down = true; - } - - if ( ! io->IsFillingUp() && shutting_conns_down ) - shutting_conns_down = false; - - static long selects = 0; - static long canwrites = 0; - - ++selects; - if ( io->CanWrite() ) - ++canwrites; - - struct timeval timeout; - timeout.tv_sec = 1; - timeout.tv_usec = 0; - - int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, &timeout); - - if ( selects % 100000 == 0 ) - Log(fmt("selects=%ld canwrites=%ld pending=%lu", - selects, canwrites, io->Stats()->pending)); - - if ( a < 0 ) - // Ignore errors for now. - continue; - - if ( io->CanRead() ) - ProcessParentMessage(); - - io->Flush(); - - loop_over_list(peers, j) - { - // We have to be careful here as the peer may - // be removed when an error occurs. - Peer* current = peers[j]; - int round = 0; - while ( ++round <= 10 && j < peers.length() && - peers[j] == current && current->connected && - current->io->CanRead() ) - { - ProcessRemoteMessage(current); - } - } - - for ( size_t i = 0; i < listen_fds.size(); ++i ) - if ( FD_ISSET(listen_fds[i], &fd_read) ) - AcceptConnection(listen_fds[i]); - - // Hack to display CPU usage of the child, triggered via - // SIGPROF. - static unsigned int first_rtime = 0; - if ( first_rtime == 0 ) - first_rtime = (unsigned int) current_time(true); - - if ( log_prof ) - { - LogProf(); - log_prof = false; - } - } - } - -bool SocketComm::ProcessParentMessage() - { - switch ( parent_msgstate ) { - case TYPE: - { - parent_peer = 0; - parent_msgtype = MSG_NONE; - - // CMsg follows - ChunkedIO::Chunk* c; - if ( ! io->Read(&c) ) - { - if ( io->Eof() ) - Error("parent died", true); - - Error(fmt("can't read parent's cmsg: %s", - io->Error()), true); - return false; - } - - if ( ! c ) - return true; - - CMsg* msg = (CMsg*) c->data; - parent_peer = LookupPeer(msg->Peer(), false); - parent_id = msg->Peer(); - parent_msgtype = msg->Type(); - parent_args = 0; - - delete c; - - switch ( parent_msgtype ) { - case MSG_LISTEN_STOP: - case MSG_CLOSE: - case MSG_CLOSE_ALL: - case MSG_TERMINATE: - case MSG_PHASE_DONE: - case MSG_DEBUG_DUMP: - case MSG_REQUEST_LOGS: - { - // No further argument chunk. - parent_msgstate = TYPE; - return DoParentMessage(); - } - - case MSG_LISTEN: - case MSG_CONNECT_TO: - case MSG_COMPRESS: - case MSG_PING: - case MSG_PONG: - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // One further argument chunk. - parent_msgstate = ARGS; - return ProcessParentMessage(); - } - - default: - InternalError(fmt("unknown msg type %d", parent_msgtype)); - return true; - } - } - - case ARGS: - { - // Argument chunk follows. - ChunkedIO::Chunk* c = 0; - READ_CHUNK(io, c, Error("parent died", true), true); - parent_args = c; - parent_msgstate = TYPE; - bool result = DoParentMessage(); - - if ( parent_args ) - { - delete parent_args; - parent_args = 0; - } - - return result; - } - - default: - InternalError("unknown msgstate"); - } - - // Cannot be reached. - return false; - } - -bool SocketComm::DoParentMessage() - { - switch ( parent_msgtype ) { - - case MSG_LISTEN_STOP: - { - CloseListenFDs(); - - Log("stopped listening"); - - return true; - } - - case MSG_CLOSE: - { - if ( parent_peer && parent_peer->connected ) - CloseConnection(parent_peer, false); - return true; - } - - case MSG_CLOSE_ALL: - { - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - CloseConnection(peers[i], false); - } - return true; - } - - case MSG_TERMINATE: - { - terminating = true; - CheckFinished(); - return true; - } - - case MSG_DEBUG_DUMP: - { -#ifdef DEBUG_COMMUNICATION - io->DumpDebugData("comm-dump.child.pipe", true); - io->DumpDebugData("comm-dump.child.pipe", false); - - loop_over_list(peers, j) - { - RemoteSerializer::PeerID id = peers[j]->id; - peers[j]->io->DumpDebugData(fmt("comm-dump.child.peer.%d", id), true); - peers[j]->io->DumpDebugData(fmt("comm-dump.child.peer.%d", id), false); - } -#else - InternalError("DEBUG_DUMP support not compiled in"); -#endif - return true; - } - - case MSG_LISTEN: - return ProcessListen(); - - case MSG_CONNECT_TO: - return ProcessConnectTo(); - - case MSG_COMPRESS: - return ProcessParentCompress(); - - case MSG_PING: - { - // Set time2. - assert(parent_args); - ping_args* args = (ping_args*) parent_args->data; - args->time2 = htond(current_time(true)); - return ForwardChunkToPeer(); - } - - case MSG_PONG: - { - assert(parent_args); - // Calculate time delta. - ping_args* args = (ping_args*) parent_args->data; - args->time3 = htond(current_time(true) - ntohd(args->time3)); - return ForwardChunkToPeer(); - } - - case MSG_PHASE_DONE: - case MSG_REQUEST_LOGS: - { - // No argument block follows. - if ( parent_peer && parent_peer->connected ) - { - DEBUG_COMM(fmt("child: forwarding %s to peer", msgToStr(parent_msgtype))); - if ( ! SendToPeer(parent_peer, parent_msgtype, 0) ) - return false; - } - - return true; - } - - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - assert(parent_args); - return ForwardChunkToPeer(); - - default: - InternalError("ProcessParentMessage: unexpected state"); - } - - InternalError("cannot be reached"); - return false; - } - -bool SocketComm::ForwardChunkToPeer() - { - char state = parent_msgtype; - - if ( parent_peer && parent_peer->connected ) - { - DEBUG_COMM("child: forwarding with 1 arg to peer"); - - if ( ! SendToPeer(parent_peer, state, 0) ) - return false; - - if ( ! SendToPeer(parent_peer, parent_args) ) - return false; - - parent_args = 0; - } - else - { -#ifdef DEBUG - if ( parent_peer ) - DEBUG_COMM(fmt("child: not connected to #%" PRI_SOURCE_ID, parent_id)); -#endif - } - - return true; - } - -bool SocketComm::ProcessConnectTo() - { - assert(parent_args); - vector args = tokenize(parent_args->data, ','); - - if ( args.size() != 6 ) - { - Error(fmt("ProcessConnectTo() bad number of arguments")); - return false; - } - - Peer* peer = new Peer; - - if ( ! atoi_n(args[0].size(), args[0].c_str(), 0, 10, peer->id) ) - { - Error(fmt("ProccessConnectTo() bad peer id string")); - delete peer; - return false; - } - - peer->ip = IPAddr(args[1]); - peer->zone_id = args[2]; - - if ( ! atoi_n(args[3].size(), args[3].c_str(), 0, 10, peer->port) ) - { - Error(fmt("ProcessConnectTo() bad peer port string")); - delete peer; - return false; - } - - if ( ! atoi_n(args[4].size(), args[4].c_str(), 0, 10, peer->retry) ) - { - Error(fmt("ProcessConnectTo() bad peer retry string")); - delete peer; - return false; - } - - peer->ssl = false; - if ( args[5] != "0" ) - peer->ssl = true; - - return Connect(peer); - } - -bool SocketComm::ProcessListen() - { - assert(parent_args); - vector args = tokenize(parent_args->data, ','); - - if ( args.size() != 6 ) - { - Error(fmt("ProcessListen() bad number of arguments")); - return false; - } - - listen_if = args[0]; - - if ( ! atoi_n(args[1].size(), args[1].c_str(), 0, 10, listen_port) ) - { - Error(fmt("ProcessListen() bad peer port string")); - return false; - } - - listen_ssl = false; - if ( args[2] != "0" ) - listen_ssl = true; - - enable_ipv6 = false; - if ( args[3] != "0" ) - enable_ipv6 = true; - - listen_zone_id = args[4]; - - if ( ! atoi_n(args[5].size(), args[5].c_str(), 0, 10, bind_retry_interval) ) - { - Error(fmt("ProcessListen() bad peer port string")); - return false; - } - - return Listen(); - } - -bool SocketComm::ProcessParentCompress() - { - assert(parent_args); - uint32* args = (uint32*) parent_args->data; - - uint32 level = ntohl(args[0]); - - if ( ! parent_peer->compressor ) - { - parent_peer->io = new CompressedChunkedIO(parent_peer->io); - parent_peer->io->Init(); - parent_peer->compressor = true; - } - - // Signal compression to peer. - if ( ! SendToPeer(parent_peer, MSG_COMPRESS, 0) ) - return false; - - // This cast is safe. - CompressedChunkedIO* comp_io = (CompressedChunkedIO*) parent_peer->io; - comp_io->EnableCompression(level); - - Log(fmt("enabling compression (level %d)", level), parent_peer); - - return true; - } - -bool SocketComm::ProcessRemoteMessage(SocketComm::Peer* peer) - { - assert(peer); - - peer->io->Flush(); - - switch ( peer->state ) { - case MSG_NONE: - { // CMsg follows - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - CMsg* msg = (CMsg*) c->data; - - DEBUG_COMM(fmt("child: %s from peer #%" PRI_SOURCE_ID, - msgToStr(msg->Type()), peer->id)); - - switch ( msg->Type() ) { - case MSG_PHASE_DONE: - case MSG_REQUEST_LOGS: - // No further argument block. - DEBUG_COMM("child: forwarding with 0 args to parent"); - if ( ! SendToParent(msg->Type(), peer, 0) ) - return false; - break; - - default: - peer->state = msg->Type(); - } - - delete c; - - break; - } - - case MSG_COMPRESS: - ProcessPeerCompress(peer); - break; - - case MSG_PING: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - // Set time3. - ping_args* args = (ping_args*) c->data; - args->time3 = htond(current_time(true)); - return ForwardChunkToParent(peer, c); - } - - case MSG_PONG: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - // Calculate time delta. - ping_args* args = (ping_args*) c->data; - args->time2 = htond(current_time(true) - ntohd(args->time2)); - return ForwardChunkToParent(peer, c); - } - - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - return ForwardChunkToParent(peer, c); - } - - default: - InternalError("ProcessRemoteMessage: unexpected state"); - } - - return true; - } - -bool SocketComm::ForwardChunkToParent(Peer* peer, ChunkedIO::Chunk* c) - { - char state = peer->state; - peer->state = MSG_NONE; - - DEBUG_COMM("child: forwarding message with 1 arg to parent"); - - if ( ! SendToParent(state, peer, 0) ) - return false; - - if ( ! SendToParent(c) ) - return false; - - io->Flush(); // FIXME: Needed? - return true; - } - -bool SocketComm::ProcessPeerCompress(Peer* peer) - { - peer->state = MSG_NONE; - - if ( ! parent_peer->compressor ) - { - parent_peer->io = new CompressedChunkedIO(parent_peer->io); - parent_peer->io->Init(); - parent_peer->compressor = true; - } - - // This cast is safe here. - ((CompressedChunkedIO*) peer->io)->EnableDecompression(); - Log("enabling decompression", peer); - return true; - } - -bool SocketComm::Connect(Peer* peer) - { - int status; - addrinfo hints, *res, *res0; - memset(&hints, 0, sizeof(hints)); - - hints.ai_family = PF_UNSPEC; - hints.ai_protocol = IPPROTO_TCP; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_NUMERICHOST; - - char port_str[16]; - modp_uitoa10(peer->port, port_str); - - string gaihostname(peer->ip.AsString()); - if ( peer->zone_id != "" ) - gaihostname.append("%").append(peer->zone_id); - - status = getaddrinfo(gaihostname.c_str(), port_str, &hints, &res0); - if ( status != 0 ) - { - Error(fmt("getaddrinfo error: %s", gai_strerror(status))); - return false; - } - - int sockfd = -1; - for ( res = res0; res; res = res->ai_next ) - { - sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if ( sockfd < 0 ) - { - Error(fmt("can't create connect socket, %s", strerror(errno))); - continue; - } - - if ( connect(sockfd, res->ai_addr, res->ai_addrlen) < 0 ) - { - Error(fmt("connect failed: %s", strerror(errno)), peer); - safe_close(sockfd); - sockfd = -1; - continue; - } - - break; - } - - freeaddrinfo(res0); - - bool connected = sockfd != -1; - - if ( ! (connected || peer->retry) ) - { - CloseConnection(peer, false); - return false; - } - - Peer* existing_peer = LookupPeer(peer->id, false); - if ( existing_peer ) - { - *existing_peer = *peer; - peer = existing_peer; - } - else - peers.append(peer); - - peer->connected = connected; - peer->next_try = connected ? 0 : time(0) + peer->retry; - peer->state = MSG_NONE; - peer->io = 0; - peer->compressor = false; - - if ( connected ) - { - if ( peer->ssl ) - peer->io = new ChunkedIOSSL(sockfd, false); - else - peer->io = new ChunkedIOFd(sockfd, "child->peer"); - - if ( ! peer->io->Init() ) - { - Error(fmt("can't init peer io: %s", - peer->io->Error()), false); - return 0; - } - } - - if ( connected ) - { - Log("connected", peer); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), - peer->port); - - if ( ! SendToParent(MSG_CONNECTED, peer, data) ) - return false; - } - - return connected; - } - -bool SocketComm::CloseConnection(Peer* peer, bool reconnect) - { - if ( ! SendToParent(MSG_CLOSE, peer, 0) ) - return false; - - Log("connection closed", peer); - - if ( ! peer->retry || ! reconnect ) - { - peers.remove(peer); - delete peer->io; // This will close the fd. - delete peer; - } - else - { - delete peer->io; // This will close the fd. - peer->io = 0; - peer->connected = false; - peer->next_try = time(0) + peer->retry; - } - - if ( parent_peer == peer ) - { - parent_peer = 0; - parent_id = RemoteSerializer::PEER_NONE; - } - - return true; - } - -bool SocketComm::Listen() - { - int status, on = 1; - addrinfo hints, *res, *res0; - memset(&hints, 0, sizeof(hints)); - - IPAddr listen_ip(listen_if); - - if ( enable_ipv6 ) - { - if ( listen_ip == IPAddr("0.0.0.0") || listen_ip == IPAddr("::") ) - hints.ai_family = PF_UNSPEC; - else - hints.ai_family = (listen_ip.GetFamily() == IPv4 ? PF_INET : PF_INET6); - } - else - hints.ai_family = PF_INET; - - hints.ai_protocol = IPPROTO_TCP; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; - - char port_str[16]; - modp_uitoa10(listen_port, port_str); - - string scoped_addr(listen_if); - if ( listen_zone_id != "" ) - scoped_addr.append("%").append(listen_zone_id); - - const char* addr_str = 0; - if ( listen_ip != IPAddr("0.0.0.0") && listen_ip != IPAddr("::") ) - addr_str = scoped_addr.c_str(); - - CloseListenFDs(); - - if ( (status = getaddrinfo(addr_str, port_str, &hints, &res0)) != 0 ) - { - Error(fmt("getaddrinfo error: %s", gai_strerror(status))); - return false; - } - - for ( res = res0; res; res = res->ai_next ) - { - if ( res->ai_family != AF_INET && res->ai_family != AF_INET6 ) - { - Error(fmt("can't create listen socket: unknown address family, %d", - res->ai_family)); - continue; - } - - IPAddr a = (res->ai_family == AF_INET) ? - IPAddr(((sockaddr_in*)res->ai_addr)->sin_addr) : - IPAddr(((sockaddr_in6*)res->ai_addr)->sin6_addr); - - string l_addr_str(a.AsURIString()); - if ( listen_zone_id != "") - l_addr_str.append("%").append(listen_zone_id); - - int fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if ( fd < 0 ) - { - Error(fmt("can't create listen socket, %s", strerror(errno))); - continue; - } - - if ( setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0 ) - Error(fmt("can't set SO_REUSEADDR, %s", strerror(errno))); - - // For IPv6 listening sockets, we don't want do dual binding to also - // get IPv4-mapped addresses because that's not as portable. e.g. - // many BSDs don't allow that. - if ( res->ai_family == AF_INET6 && - setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0 ) - Error(fmt("can't set IPV6_V6ONLY, %s", strerror(errno))); - - if ( ::bind(fd, res->ai_addr, res->ai_addrlen) < 0 ) - { - Error(fmt("can't bind to %s:%s, %s", l_addr_str.c_str(), - port_str, strerror(errno))); - - if ( errno == EADDRINUSE ) - { - // Abandon completely this attempt to set up listening sockets, - // try again later. - safe_close(fd); - CloseListenFDs(); - listen_next_try = time(0) + bind_retry_interval; - freeaddrinfo(res0); - return false; - } - - safe_close(fd); - continue; - } - - if ( listen(fd, 50) < 0 ) - { - Error(fmt("can't listen on %s:%s, %s", l_addr_str.c_str(), - port_str, strerror(errno))); - safe_close(fd); - continue; - } - - listen_fds.push_back(fd); - Log(fmt("listening on %s:%s (%s)", l_addr_str.c_str(), port_str, - listen_ssl ? "ssl" : "clear")); - } - - freeaddrinfo(res0); - - listen_next_try = 0; - return listen_fds.size() > 0; - } - -bool SocketComm::AcceptConnection(int fd) - { - union { - sockaddr_storage ss; - sockaddr_in s4; - sockaddr_in6 s6; - } client; - - socklen_t len = sizeof(client.ss); - - int clientfd = accept(fd, (sockaddr*) &client.ss, &len); - if ( clientfd < 0 ) - { - Error(fmt("accept failed, %s %d", strerror(errno), errno)); - return false; - } - - if ( client.ss.ss_family != AF_INET && client.ss.ss_family != AF_INET6 ) - { - Error(fmt("accept fail, unknown address family %d", - client.ss.ss_family)); - safe_close(clientfd); - return false; - } - - Peer* peer = new Peer; - peer->id = id_counter++; - peer->ip = client.ss.ss_family == AF_INET ? - IPAddr(client.s4.sin_addr) : - IPAddr(client.s6.sin6_addr); - - peer->port = client.ss.ss_family == AF_INET ? - ntohs(client.s4.sin_port) : - ntohs(client.s6.sin6_port); - - peer->connected = true; - peer->ssl = listen_ssl; - peer->compressor = false; - - if ( peer->ssl ) - peer->io = new ChunkedIOSSL(clientfd, true); - else - peer->io = new ChunkedIOFd(clientfd, "child->peer"); - - if ( ! peer->io->Init() ) - { - Error(fmt("can't init peer io: %s", peer->io->Error()), false); - delete peer->io; - delete peer; - return false; - } - - peers.append(peer); - - Log(fmt("accepted %s connection", peer->ssl ? "SSL" : "clear"), peer); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), - peer->port); - - if ( ! SendToParent(MSG_CONNECTED, peer, data) ) - return false; - - return true; - } - -const char* SocketComm::MakeLogString(const char* msg, Peer* peer) - { - const int BUFSIZE = 1024; - static char* buffer = 0; - - if ( ! buffer ) - buffer = new char[BUFSIZE]; - - int len = 0; - - if ( peer ) - { - string scoped_addr(peer->ip.AsURIString()); - if ( peer->zone_id != "" ) - scoped_addr.append("%").append(peer->zone_id); - - len = snprintf(buffer, BUFSIZE, "[#%d/%s:%d] ", int(peer->id), - scoped_addr.c_str(), peer->port); - } - - len += safe_snprintf(buffer + len, BUFSIZE - len, "%s", msg); - return buffer; - } - -void SocketComm::CloseListenFDs() - { - for ( size_t i = 0; i < listen_fds.size(); ++i ) - safe_close(listen_fds[i]); - - listen_fds.clear(); - } - -void SocketComm::Error(const char* msg, bool kill_me) - { - if ( kill_me ) - { - fprintf(stderr, "fatal error in child: %s\n", msg); - Kill(); - } - else - { - if ( io->Eof() ) - // Can't send to parent, so fall back to stderr. - fprintf(stderr, "error in child: %s", msg); - else - SendToParent(MSG_ERROR, 0, copy_string(msg)); - } - - DEBUG_COMM(fmt("child: %s", msg)); - } - -bool SocketComm::Error(const char* msg, Peer* peer) - { - const char* buffer = MakeLogString(msg, peer); - Error(buffer); - - // If a remote peer causes an error, we shutdown the connection - // as resynchronizing is in general not possible. But we may - // try again later. - if ( peer->connected ) - CloseConnection(peer, true); - - return true; - } - -void SocketComm::Log(const char* msg, Peer* peer) - { - const char* buffer = MakeLogString(msg, peer); - SendToParent(MSG_LOG, 0, copy_string(buffer)); - DEBUG_COMM(fmt("child: %s", buffer)); - } - -void SocketComm::InternalError(const char* msg) - { - fprintf(stderr, "internal error in child: %s\n", msg); - Kill(); - } - -void SocketComm::Kill() - { - if ( killing ) - // Ignore recursive calls. - return; - - killing = true; - - LogProf(); - Log("terminating"); - - CloseListenFDs(); - - if ( kill(getpid(), SIGTERM) < 0 ) - Log(fmt("warning: cannot kill SocketComm pid %d, %s", getpid(), strerror(errno))); - - while ( 1 ) - ; // loop until killed - } - -SocketComm::Peer* SocketComm::LookupPeer(RemoteSerializer::PeerID id, - bool only_if_connected) - { - loop_over_list(peers, i) - if ( peers[i]->id == id ) - return ! only_if_connected || - peers[i]->connected ? peers[i] : 0; - return 0; - } - -bool SocketComm::LogStats() - { - if ( ! peers.length() ) - return true; - - // Concat stats of all peers into single buffer. - char* buffer = new char[peers.length() * 512]; - int pos = 0; - - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - peers[i]->io->Stats(buffer+pos, 512); - else - strcpy(buffer+pos, "not connected"); - pos += strlen(buffer+pos) + 1; - } - - // Send it. - if ( ! SendToParent(MSG_STATS, 0, buffer, pos) ) - return false; - - log_stats = false; - alarm(STATS_INTERVAL); - return true; - } - -bool SocketComm::LogProf() - { - static struct rusage cld_res; - getrusage(RUSAGE_SELF, &cld_res); - - double Utime = cld_res.ru_utime.tv_sec + cld_res.ru_utime.tv_usec / 1e6; - double Stime = cld_res.ru_stime.tv_sec + cld_res.ru_stime.tv_usec / 1e6; - double Rtime = current_time(true); - - SocketComm::Log(fmt("CPU usage: user %.03f sys %.03f real %0.03f", - Utime, Stime, Rtime - first_rtime)); - - return true; - } - -void SocketComm::CheckFinished() - { - assert(terminating); - - loop_over_list(peers, i) - { - if ( ! peers[i]->connected ) - continue; - if ( ! peers[i]->io->IsIdle() ) - return; - } - - LogProf(); - Log("terminating"); - - // All done. - SendToParent(MSG_TERMINATE, 0, 0); - } - -bool SocketComm::SendToParent(char type, Peer* peer, const char* str, int len) - { -#ifdef DEBUG - // str may already by constructed with fmt() - const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp)); - delete [] tmp; -#endif - if ( sendToIO(io, type, peer ? peer->id : RemoteSerializer::PEER_NONE, - str, len) ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SendToParent(char type, Peer* peer, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ",%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - va_start(ap, nargs); - bool ret = sendToIO(io, type, - peer ? peer->id : RemoteSerializer::PEER_NONE, - nargs, ap); - va_end(ap); - - if ( ret ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SocketComm::SendToParent(ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("child: (->parent) chunk of size %d", c->len)); - if ( sendToIO(io, c) ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SendToPeer(Peer* peer, char type, const char* str, int len) - { -#ifdef DEBUG - // str may already by constructed with fmt() - const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", msgToStr(type), peer->id, tmp)); - delete [] tmp; -#endif - - if ( ! sendToIO(peer->io, type, RemoteSerializer::PEER_NONE, str, len) ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } - -bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", - msgToStr(type), peer->id, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - va_start(ap, nargs); - bool ret = sendToIO(peer->io, type, RemoteSerializer::PEER_NONE, - nargs, ap); - va_end(ap); - - if ( ! ret ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } - -bool SocketComm::SendToPeer(Peer* peer, ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%" PRI_SOURCE_ID, c->len, peer->id)); - if ( ! sendToIO(peer->io, c) ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } diff --git a/src/RemoteSerializer.h b/src/RemoteSerializer.h deleted file mode 100644 index 28ca495f17..0000000000 --- a/src/RemoteSerializer.h +++ /dev/null @@ -1,525 +0,0 @@ -// Communication between two Bro's. - -#ifndef REMOTE_SERIALIZER -#define REMOTE_SERIALIZER - -#include "Dict.h" -#include "List.h" -#include "Serializer.h" -#include "iosource/IOSource.h" -#include "Stats.h" -#include "File.h" -#include "logging/WriterBackend.h" - -#include -#include - -class IncrementalSendTimer; - -namespace threading { - struct Field; - struct Value; -} - -// This class handles the communication done in Bro's main loop. -class RemoteSerializer : public Serializer, public iosource::IOSource { -public: - RemoteSerializer(); - ~RemoteSerializer() override; - - // Initialize the remote serializer (calling this will fork). - void Enable(); - - // FIXME: Use SourceID directly (or rename everything to Peer*). - typedef SourceID PeerID; - static const PeerID PEER_LOCAL = SOURCE_LOCAL; - static const PeerID PEER_NONE = SOURCE_LOCAL; - - // Connect to host (returns PEER_NONE on error). - PeerID Connect(const IPAddr& ip, const string& zone_id, uint16 port, - const char* our_class, double retry, bool use_ssl); - - // Close connection to host. - bool CloseConnection(PeerID peer); - - // Request all events matching pattern from remote side. - bool RequestEvents(PeerID peer, RE_Matcher* pattern); - - // Request synchronization of IDs with remote side. If auth is true, - // we consider our current state to authoritative and send it to - // the peer right after the handshake. - bool RequestSync(PeerID peer, bool auth); - - // Requests logs from the remote side. - bool RequestLogs(PeerID id); - - // Sets flag whether we're accepting state from this peer - // (default: yes). - bool SetAcceptState(PeerID peer, bool accept); - - // Sets compression level (0-9, 0 is defaults and means no compression) - bool SetCompressionLevel(PeerID peer, int level); - - // Signal the other side that we have finished our part of - // the initial handshake. - bool CompleteHandshake(PeerID peer); - - // Start to listen. - bool Listen(const IPAddr& ip, uint16 port, bool expect_ssl, bool ipv6, - const string& zone_id, double retry); - - // Stop it. - bool StopListening(); - - // Broadcast the event/function call. - bool SendCall(SerialInfo* info, const char* name, val_list* vl); - - // Send the event/function call (only if handshake completed). - bool SendCall(SerialInfo* info, PeerID peer, const char* name, val_list* vl); - - // Broadcasts the access (only if handshake completed). - bool SendAccess(SerialInfo* info, const StateAccess& access); - - // Send the access. - bool SendAccess(SerialInfo* info, PeerID pid, const StateAccess& access); - - // Sends ID. - bool SendID(SerialInfo* info, PeerID peer, const ID& id); - - // Sends the internal connection state. - bool SendConnection(SerialInfo* info, PeerID peer, const Connection& c); - - // Send capture filter. - bool SendCaptureFilter(PeerID peer, const char* filter); - - // Send packet. - bool SendPacket(SerialInfo* info, PeerID peer, const Packet& p); - - // Broadcast packet. - bool SendPacket(SerialInfo* info, const Packet& p); - - // Broadcast ping. - bool SendPing(PeerID peer, uint32 seq); - - // Broadcast remote print. - bool SendPrintHookEvent(BroFile* f, const char* txt, size_t len); - - // Send a request to create a writer on a remote side. - bool SendLogCreateWriter(PeerID peer, EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields); - - // Broadcasts a request to create a writer. - bool SendLogCreateWriter(EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields); - - // Broadcast a log entry to everybody interested. - bool SendLogWrite(EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals); - - // Synchronzizes time with all connected peers. Returns number of - // current sync-point, or -1 on error. - uint32 SendSyncPoint(); - void SendFinalSyncPoint(); - - // Registers the ID to be &synchronized. - void Register(ID* id); - void Unregister(ID* id); - - // Stop/restart propagating state updates. - void SuspendStateUpdates() { --propagate_accesses; } - void ResumeStateUpdates() { ++propagate_accesses; } - - // Check for incoming events and queue them. - bool Poll(bool may_block); - - // Returns the corresponding record (already ref'ed). - RecordVal* GetPeerVal(PeerID id); - - // Log some statistics. - void LogStats(); - - // Tries to sent out all remaining data. - // FIXME: Do we still need this? - void Finish(); - - // Overidden from IOSource: - void GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) override; - double NextTimestamp(double* local_network_time) override; - void Process() override; - TimerMgr::Tag* GetCurrentTag() override; - const char* Tag() override { return "RemoteSerializer"; } - - // Gracefully finishes communication by first making sure that all - // remaining data (parent & child) has been sent out. - virtual bool Terminate(); - -#ifdef DEBUG_COMMUNICATION - // Dump data recently read/written into files. - void DumpDebugData(); - - // Read dump file and interpret as message block. - void ReadDumpAsMessageType(const char* file); - - // Read dump file and interpret as serialization. - void ReadDumpAsSerialization(const char* file); -#endif - - enum LogLevel { LogInfo = 1, LogError = 2, }; - static void Log(LogLevel level, const char* msg); - -protected: - friend class PersistenceSerializer; - friend class IncrementalSendTimer; - - // Maximum size of serialization caches. - static const unsigned int MAX_CACHE_SIZE = 3000; - - // When syncing traces in pseudo-realtime mode, we wait this many - // seconds after the final sync-point to make sure that all - // remaining I/O gets propagated. - static const unsigned int FINAL_SYNC_POINT_DELAY = 5; - - declare(PList, EventHandler); - typedef PList(EventHandler) handler_list; - - struct Peer { - PeerID id; // Unique ID (non-zero) per peer. - - IPAddr ip; - - uint16 port; - handler_list handlers; - RecordVal* val; // Record of type event_source. - SerializationCache* cache_in; // One cache for each direction. - SerializationCache* cache_out; - - // TCP-level state of the connection to the peer. - // State of the connection to the peer. - enum { INIT, PENDING, CONNECTED, CLOSING, CLOSED } state; - - // Current protocol phase of the connection (see RemoteSerializer.cc) - enum { UNKNOWN, SETUP, HANDSHAKE, SYNC, RUNNING } phase; - - // Capabilities. - static const int COMPRESSION = 1; - static const int NO_CACHING = 2; - static const int PID_64BIT = 4; - static const int NEW_CACHE_STRATEGY = 8; - static const int BROCCOLI_PEER = 16; - - // Constants to remember to who did something. - static const int NONE = 0; - static const int WE = 1; - static const int PEER = 2; - static const int BOTH = WE | PEER; - - static const int AUTH_WE = 4; - static const int AUTH_PEER = 8; - - int sent_version; // Who has sent the VERSION. - int handshake_done; // Who finished its handshake phase. - int sync_requested; // Who requested sync'ed state. - - bool orig; // True if we connected to the peer. - bool accept_state; // True if we accept state from peer. - bool send_state; // True if we're supposed to initially sent our state. - int comp_level; // Compression level. - bool logs_requested; // True if the peer has requested logs. - - // True if this peer triggered a net_suspend_processing(). - bool suspended_processing; - - uint32 caps; // Capabilities announced by peer. - int runtime; // Runtime we got from the peer. - int our_runtime; // Our runtime as we told it to this peer. - string peer_class; // Class from peer ("" = no class). - string our_class; // Class we send the peer. - uint32 sync_point; // Highest sync-point received so far - char* print_buffer; // Buffer for remote print or null. - int print_buffer_used; // Number of bytes used in buffer. - char* log_buffer; // Buffer for remote log or null. - int log_buffer_used; // Number of bytes used in buffer. - }; - - // Shuts down remote serializer. - void FatalError(const char* msg); - - enum LogSrc { LogChild = 1, LogParent = 2, LogScript = 3, }; - - static void Log(LogLevel level, const char* msg, Peer* peer, LogSrc src = LogParent); - - void ReportError(const char* msg) override; - - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - void GotID(ID* id, Val* val) override; - void GotStateAccess(StateAccess* s) override; - void GotTimer(Timer* t) override; - void GotConnection(Connection* c) override; - void GotPacket(Packet* packet) override; - - void Fork(); - - bool DoMessage(); - bool ProcessConnected(); - bool ProcessSerialization(); - bool ProcessRequestEventsMsg(); - bool ProcessRequestSyncMsg(); - bool ProcessVersionMsg(); - bool ProcessLogMsg(bool is_error); - bool ProcessStatsMsg(); - bool ProcessCaptureFilterMsg(); - bool ProcessPhaseDone(); - bool ProcessPingMsg(); - bool ProcessPongMsg(); - bool ProcessCapsMsg(); - bool ProcessSyncPointMsg(); - bool ProcessRemotePrint(); - bool ProcessLogCreateWriter(); - bool ProcessLogWrite(); - bool ProcessRequestLogs(); - - Peer* AddPeer(const IPAddr& ip, uint16 port, PeerID id = PEER_NONE); - Peer* LookupPeer(PeerID id, bool only_if_connected); - void RemovePeer(Peer* peer); - bool IsConnectedPeer(PeerID id); - void PeerDisconnected(Peer* peer); - void PeerConnected(Peer* peer); - RecordVal* MakePeerVal(Peer* peer); - bool HandshakeDone(Peer* peer); - bool IsActive(); - void SetupSerialInfo(SerialInfo* info, Peer* peer); - bool CheckSyncPoints(); - void SendSyncPoint(uint32 syncpoint); - bool PropagateAccesses() - { - return ignore_accesses ? - propagate_accesses > 1 : propagate_accesses > 0; - } - - bool CloseConnection(Peer* peer); - - bool SendAllSynchronized(Peer* peer, SerialInfo* info); - bool SendCall(SerialInfo* info, Peer* peer, const char* name, val_list* vl); - bool SendAccess(SerialInfo* info, Peer* peer, const StateAccess& access); - bool SendID(SerialInfo* info, Peer* peer, const ID& id); - bool SendCapabilities(Peer* peer); - bool SendPacket(SerialInfo* info, Peer* peer, const Packet& p); - bool SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals); - - void UnregisterHandlers(Peer* peer); - void RaiseEvent(EventHandlerPtr event, Peer* peer, const char* arg = 0); - bool EnterPhaseRunning(Peer* peer); - bool FlushPrintBuffer(Peer* p); - bool FlushLogBuffer(Peer* p); - - void ChildDied(); - void InternalCommError(const char* msg); - - // Communication helpers - bool SendCMsgToChild(char msg_type, Peer* peer); - bool SendToChild(char type, Peer* peer, char* str, int len = -1, - bool delete_with_free = false); - bool SendToChild(char type, Peer* peer, int nargs, ...); // can send uints32 only - bool SendToChild(ChunkedIO::Chunk* c); - - void SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose); - -private: - enum { TYPE, ARGS } msgstate; // current state of reading comm. - Peer* current_peer; - PeerID current_id; - char current_msgtype; - ChunkedIO::Chunk* current_args; - double last_flush; - - id_list sync_ids; - - // FIXME: Check which of these are necessary... - bool initialized; - bool listening; - int propagate_accesses; - bool ignore_accesses; - bool terminating; - int received_logs; - Peer* source_peer; - PeerID id_counter; // Keeps track of assigned IDs. - uint32 current_sync_point; - bool syncing_times; - - declare(PList, Peer); - typedef PList(Peer) peer_list; - peer_list peers; - - Peer* in_sync; // Peer we're currently syncing state with. - peer_list sync_pending; // List of peers waiting to sync state. - - // Event buffer - struct BufferedEvent { - time_t time; - PeerID src; - EventHandlerPtr handler; - val_list* args; - }; - - declare(PList, BufferedEvent); - typedef PList(BufferedEvent) EventQueue; - EventQueue events; - - // Packet buffer - struct BufferedPacket { - time_t time; - Packet* p; - }; - - declare(PList, BufferedPacket); - typedef PList(BufferedPacket) PacketQueue; - PacketQueue packets; - - // Some stats - struct Statistics { - struct Pair { - Pair() : in(0), out(0) {} - unsigned long in; - unsigned long out; - }; - - Pair events; // actually events and function calls - Pair accesses; - Pair conns; - Pair packets; - Pair ids; - } stats; - -}; - -// This class handles the communication done in the forked child. -class SocketComm { -public: - SocketComm(); - ~SocketComm(); - - void SetParentIO(ChunkedIO* arg_io) { io = arg_io; } - - void Run(); // does not return - - // Log some statistics (via pipe to parent). - bool LogStats(); - - // Log CPU usage (again via pipe to parent). - bool LogProf(); - -protected: - struct Peer { - Peer() - { - id = 0; - io = 0; - port = 0; - state = 0; - connected = false; - ssl = false; - retry = 0; - next_try = 0; - compressor = false; - } - - RemoteSerializer::PeerID id; - ChunkedIO* io; - IPAddr ip; - string zone_id; - uint16 port; - char state; - bool connected; - bool ssl; - // If we get disconnected, reconnect after this many seconds. - int retry; - // Time of next connection attempt (0 if none). - time_t next_try; - // True if io is a CompressedChunkedIO. - bool compressor; - }; - - bool Listen(); - bool AcceptConnection(int listen_fd); - bool Connect(Peer* peer); - bool CloseConnection(Peer* peer, bool reconnect); - - Peer* LookupPeer(RemoteSerializer::PeerID id, bool only_if_connected); - - bool ProcessRemoteMessage(Peer* peer); - bool ProcessParentMessage(); - bool DoParentMessage(); - - bool ProcessListen(); - bool ProcessConnectTo(); - bool ProcessCompress(); - - void Log(const char* msg, Peer* peer = 0); - - // The connection to the peer will be closed. - bool Error(const char* msg, Peer* peer); - - // If kill is true, this is a fatal error and we kill ourselves. - void Error(const char* msg, bool kill = false); - - // Kill the current process. - void Kill(); - - // Check whether everything has been sent out. - void CheckFinished(); - - // Reports the error and terminates the process. - void InternalError(const char* msg); - - // Communication helpers. - bool SendToParent(char type, Peer* peer, const char* str, int len = -1); - bool SendToParent(char type, Peer* peer, int nargs, ...); // can send uints32 only - bool SendToParent(ChunkedIO::Chunk* c); - bool SendToPeer(Peer* peer, char type, const char* str, int len = -1); - bool SendToPeer(Peer* peer, char type, int nargs, ...); // can send uints32 only - bool SendToPeer(Peer* peer, ChunkedIO::Chunk* c); - bool ProcessParentCompress(); - bool ProcessPeerCompress(Peer* peer); - bool ForwardChunkToParent(Peer* p, ChunkedIO::Chunk* c); - bool ForwardChunkToPeer(); - const char* MakeLogString(const char* msg, Peer *peer); - - // Closes all file descriptors associated with listening sockets. - void CloseListenFDs(); - - // Peers we are communicating with: - declare(PList, Peer); - typedef PList(Peer) peer_list; - - RemoteSerializer::PeerID id_counter; - peer_list peers; - - ChunkedIO* io; // I/O to parent - - // Current state of reading from parent. - enum { TYPE, ARGS } parent_msgstate; - Peer* parent_peer; - RemoteSerializer::PeerID parent_id; - char parent_msgtype; - ChunkedIO::Chunk* parent_args; - - vector listen_fds; - - // If the port we're trying to bind to is already in use, we will retry - // it regularly. - string listen_if; - string listen_zone_id; // RFC 4007 IPv6 zone_id - uint16 listen_port; - bool listen_ssl; // use SSL for IO - bool enable_ipv6; // allow IPv6 listen sockets - uint32 bind_retry_interval; // retry interval for already-in-use sockets - time_t listen_next_try; // time at which to try another bind - bool shutting_conns_down; - bool terminating; - bool killing; -}; - -extern RemoteSerializer* remote_serializer; - -#endif diff --git a/src/Reporter.cc b/src/Reporter.cc index 413f89b9ea..a40ddb9a3d 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -4,7 +4,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Reporter.h" #include "Event.h" #include "NetVar.h" @@ -31,12 +31,14 @@ Reporter::Reporter() via_events = false; in_error_handler = 0; - // Always use stderr at startup/init before scripts have been fully parsed. + // Always use stderr at startup/init before scripts have been fully parsed + // and zeek_init() processed. // Messages may otherwise be missed if an error occurs that prevents events // from ever being dispatched. info_to_stderr = true; warnings_to_stderr = true; errors_to_stderr = true; + after_zeek_init = false; weird_count = 0; weird_sampling_rate = 0; @@ -80,7 +82,7 @@ void Reporter::Info(const char* fmt, ...) { va_list ap; va_start(ap, fmt); - FILE* out = info_to_stderr ? stderr : 0; + FILE* out = EmitToStderr(info_to_stderr) ? stderr : 0; DoLog("", reporter_info, out, 0, 0, true, true, 0, fmt, ap); va_end(ap); } @@ -89,7 +91,7 @@ void Reporter::Warning(const char* fmt, ...) { va_list ap; va_start(ap, fmt); - FILE* out = warnings_to_stderr ? stderr : 0; + FILE* out = EmitToStderr(warnings_to_stderr) ? stderr : 0; DoLog("warning", reporter_warning, out, 0, 0, true, true, 0, fmt, ap); va_end(ap); } @@ -99,7 +101,7 @@ void Reporter::Error(const char* fmt, ...) ++errors; va_list ap; va_start(ap, fmt); - FILE* out = errors_to_stderr ? stderr : 0; + FILE* out = EmitToStderr(errors_to_stderr) ? stderr : 0; DoLog("error", reporter_error, out, 0, 0, true, true, 0, fmt, ap); va_end(ap); } @@ -142,7 +144,7 @@ void Reporter::ExprRuntimeError(const Expr* expr, const char* fmt, ...) PushLocation(expr->GetLocationInfo()); va_list ap; va_start(ap, fmt); - FILE* out = errors_to_stderr ? stderr : 0; + FILE* out = EmitToStderr(errors_to_stderr) ? stderr : 0; DoLog("expression error", reporter_error, out, 0, 0, true, true, d.Description(), fmt, ap); va_end(ap); @@ -156,7 +158,7 @@ void Reporter::RuntimeError(const Location* location, const char* fmt, ...) PushLocation(location); va_list ap; va_start(ap, fmt); - FILE* out = errors_to_stderr ? stderr : 0; + FILE* out = EmitToStderr(errors_to_stderr) ? stderr : 0; DoLog("runtime error", reporter_error, out, 0, 0, true, true, "", fmt, ap); va_end(ap); PopLocation(); @@ -196,7 +198,7 @@ void Reporter::InternalWarning(const char* fmt, ...) { va_list ap; va_start(ap, fmt); - FILE* out = warnings_to_stderr ? stderr : 0; + FILE* out = EmitToStderr(warnings_to_stderr) ? stderr : 0; // TODO: would be nice to also log a call stack. DoLog("internal warning", reporter_warning, out, 0, 0, true, true, 0, fmt, ap); @@ -216,36 +218,30 @@ void Reporter::Syslog(const char* fmt, ...) void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, file_analysis::File* f, const char* addl, const char* fmt_name, ...) { - val_list* vl = new val_list(1); + val_list vl(2); if ( conn_val ) - vl->append(conn_val); + vl.append(conn_val); else if ( f ) - vl->append(f->GetVal()->Ref()); + vl.append(f->GetVal()->Ref()); if ( addl ) - vl->append(new StringVal(addl)); + vl.append(new StringVal(addl)); va_list ap; va_start(ap, fmt_name); - DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", event, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...) { - val_list* vl = new val_list(2); - vl->append(new AddrVal(orig)); - vl->append(new AddrVal(resp)); + val_list vl{new AddrVal(orig), new AddrVal(resp)}; va_list ap; va_start(ap, fmt_name); - DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", flow_weird, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::UpdateWeirdStats(const char* name) @@ -489,29 +485,32 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, if ( raise_event && event && via_events && ! in_error_handler ) { - val_list* vl = new val_list; + auto vl_size = 1 + (bool)time + (bool)location + (bool)conn + + (addl ? addl->length() : 0); + + val_list vl(vl_size); if ( time ) - vl->append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); + vl.append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); - vl->append(new StringVal(buffer)); + vl.append(new StringVal(buffer)); if ( location ) - vl->append(new StringVal(loc_str.c_str())); + vl.append(new StringVal(loc_str.c_str())); if ( conn ) - vl->append(conn->BuildConnVal()); + vl.append(conn->BuildConnVal()); if ( addl ) { loop_over_list(*addl, i) - vl->append((*addl)[i]); + vl.append((*addl)[i]); } if ( conn ) - conn->ConnectionEvent(event, 0, vl); + conn->ConnectionEventFast(event, 0, std::move(vl)); else - mgr.QueueEvent(event, vl); + mgr.QueueEventFast(event, std::move(vl)); } else { diff --git a/src/Reporter.h b/src/Reporter.h index 88270a9dba..dce075de64 100644 --- a/src/Reporter.h +++ b/src/Reporter.h @@ -233,6 +233,13 @@ public: this->weird_sampling_duration = weird_sampling_duration; } + /** + * Called after zeek_init() and toggles whether messages may stop being + * emitted to stderr. + */ + void ZeekInitDone() + { after_zeek_init = true; } + private: void DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Connection* conn, val_list* addl, bool location, bool time, @@ -248,12 +255,16 @@ private: bool PermitNetWeird(const char* name); bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r); + bool EmitToStderr(bool flag) + { return flag || ! after_zeek_init; } + int errors; bool via_events; int in_error_handler; bool info_to_stderr; bool warnings_to_stderr; bool errors_to_stderr; + bool after_zeek_init; std::list > locations; diff --git a/src/Rule.cc b/src/Rule.cc index c483527c63..57cb82f65e 100644 --- a/src/Rule.cc +++ b/src/Rule.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "Rule.h" #include "RuleMatcher.h" diff --git a/src/RuleAction.cc b/src/RuleAction.cc index e67c51b514..edfe2497a2 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -1,7 +1,7 @@ #include using std::string; -#include "bro-config.h" +#include "zeek-config.h" #include "RuleAction.h" #include "RuleMatcher.h" @@ -17,16 +17,11 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, { if ( signature_match ) { - val_list* vl = new val_list; - vl->append(rule_matcher->BuildRuleStateValue(parent, state)); - vl->append(new StringVal(msg)); - - if ( data ) - vl->append(new StringVal(len, (const char*)data)); - else - vl->append(val_mgr->GetEmptyString()); - - mgr.QueueEvent(signature_match, vl); + mgr.QueueEventFast(signature_match, { + rule_matcher->BuildRuleStateValue(parent, state), + new StringVal(msg), + data ? new StringVal(len, (const char*)data) : val_mgr->GetEmptyString(), + }); } } diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index 0534570ed7..6cd2e9e4c1 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "RuleCondition.h" #include "analyzer/protocol/tcp/TCP.h" @@ -162,7 +162,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state, return id->ID_Val()->AsBool(); // Call function with a signature_state value as argument. - val_list args; + val_list args(2); args.append(rule_matcher->BuildRuleStateValue(rule, state)); if ( data ) diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 5b72264926..6fd13d2db7 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -1,7 +1,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "analyzer/Analyzer.h" #include "RuleMatcher.h" diff --git a/src/Scope.cc b/src/Scope.cc index a707336381..5107bd8e9a 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -1,12 +1,15 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "ID.h" #include "Val.h" #include "Scope.h" #include "Reporter.h" +declare(PList,Scope); +typedef PList(Scope) scope_list; + static scope_list scopes; static Scope* top_scope; diff --git a/src/SerialInfo.h b/src/SerialInfo.h index de2d9eeb61..294c5747ba 100644 --- a/src/SerialInfo.h +++ b/src/SerialInfo.h @@ -3,6 +3,8 @@ #ifndef serialinfo_h #define serialinfo_h +#include "ChunkedIO.h" + class SerialInfo { public: SerialInfo(Serializer* arg_s) @@ -15,7 +17,6 @@ public: pid_32bit = false; include_locations = true; new_cache_strategy = false; - broccoli_peer = false; } SerialInfo(const SerialInfo& info) @@ -30,7 +31,6 @@ public: pid_32bit = info.pid_32bit; include_locations = info.include_locations; new_cache_strategy = info.new_cache_strategy; - broccoli_peer = info.broccoli_peer; } // Parameters that control serialization. @@ -49,11 +49,6 @@ public: // If true, we support keeping objs in cache permanently. bool new_cache_strategy; - // If true, we're connecting to a Broccoli. If so, serialization - // specifics may be adapted for functionality Broccoli does not - // support. - bool broccoli_peer; - ChunkedIO::Chunk* chunk; // chunk written right before the serialization // Attributes set during serialization. @@ -78,7 +73,6 @@ public: print = 0; pid_32bit = false; new_cache_strategy = false; - broccoli_peer = false; } UnserialInfo(const UnserialInfo& info) @@ -95,7 +89,6 @@ public: print = info.print; pid_32bit = info.pid_32bit; new_cache_strategy = info.new_cache_strategy; - broccoli_peer = info.broccoli_peer; } // Parameters that control unserialization. @@ -116,11 +109,6 @@ public: // If true, we support keeping objs in cache permanently. bool new_cache_strategy; - // If true, we're connecting to a Broccoli. If so, serialization - // specifics may be adapted for functionality Broccoli does not - // support. - bool broccoli_peer; - // If a global ID already exits, of these policies is used. enum { Keep, // keep the old ID and ignore the new diff --git a/src/SerialObj.h b/src/SerialObj.h index b502414f71..84334716de 100644 --- a/src/SerialObj.h +++ b/src/SerialObj.h @@ -37,7 +37,7 @@ #include "DebugLogger.h" #include "Continuation.h" #include "SerialTypes.h" -#include "bro-config.h" +#include "zeek-config.h" #if SIZEOF_LONG_LONG < 8 # error "Serialization requires that sizeof(long long) is at least 8. (Remove this message only if you know what you're doing.)" diff --git a/src/Serializer.cc b/src/Serializer.cc index 0366c36c81..28dc6bbd01 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -18,7 +18,6 @@ #include "NetVar.h" #include "Conn.h" #include "Timer.h" -#include "RemoteSerializer.h" #include "iosource/Manager.h" Serializer::Serializer(SerializationFormat* arg_format) @@ -365,7 +364,7 @@ bool Serializer::UnserializeCall(UnserialInfo* info) d.SetIncludeStats(true); d.SetShort(); - val_list* args = new val_list; + val_list* args = new val_list(len); for ( int i = 0; i < len; ++i ) { Val* v = Val::Unserialize(info); @@ -508,8 +507,6 @@ bool Serializer::UnserializeConnection(UnserialInfo* info) if ( info->install_conns ) { - if ( c->IsPersistent() && c->Key() ) - persistence_serializer->Register(c); Ref(c); sessions->Insert(c); } @@ -996,7 +993,8 @@ void EventPlayer::GotEvent(const char* name, double time, { ne_time = time; ne_handler = event; - ne_args = args; + ne_args = std::move(*args); + delete args; } void EventPlayer::GotFunctionCall(const char* name, double time, @@ -1054,7 +1052,7 @@ void EventPlayer::Process() if ( ! (io && ne_time) ) return; - Event* event = new Event(ne_handler, ne_args); + Event* event = new Event(ne_handler, std::move(ne_args)); mgr.Dispatch(event); ne_time = 0; diff --git a/src/Serializer.h b/src/Serializer.h index 3b863a5b6e..2c30ef5443 100644 --- a/src/Serializer.h +++ b/src/Serializer.h @@ -353,7 +353,7 @@ protected: // Next event waiting to be dispatched. double ne_time; EventHandlerPtr ne_handler; - val_list* ne_args; + val_list ne_args; }; diff --git a/src/Sessions.cc b/src/Sessions.cc index edccb7e00c..cdad076e27 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -171,11 +171,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) SegmentProfiler(segment_logger, "dispatching-packet"); if ( raw_packet ) - { - val_list* vl = new val_list(); - vl->append(pkt->BuildPktHdrVal()); - mgr.QueueEvent(raw_packet, vl); - } + mgr.QueueEventFast(raw_packet, {pkt->BuildPktHdrVal()}); if ( pkt_profiler ) pkt_profiler->ProfilePkt(t, pkt->cap_len); @@ -415,11 +411,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr { dump_this_packet = 1; if ( esp_packet ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(esp_packet, vl); - } + mgr.QueueEventFast(esp_packet, {ip_hdr->BuildPktHdrVal()}); // Can't do more since upper-layer payloads are going to be encrypted. return; @@ -439,11 +431,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr } if ( mobile_ipv6_message ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(mobile_ipv6_message, vl); - } + mgr.QueueEvent(mobile_ipv6_message, {ip_hdr->BuildPktHdrVal()}); if ( ip_hdr->NextProto() != IPPROTO_NONE ) Weird("mobility_piggyback", pkt, encapsulation); @@ -1113,9 +1101,6 @@ void NetSessions::Remove(Connection* c) tcp_stats.StateLeft(to->state, tr->state); } - if ( c->IsPersistent() ) - persistence_serializer->Unregister(c); - c->Done(); if ( connection_state_remove ) @@ -1206,8 +1191,6 @@ void NetSessions::Insert(Connection* c) // Some clean-ups similar to those in Remove() (but invisible // to the script layer). old->CancelTimers(); - if ( old->IsPersistent() ) - persistence_serializer->Unregister(old); delete old->Key(); old->ClearKey(); Unref(old); @@ -1327,12 +1310,12 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, { conn->Event(new_connection, 0); - if ( external ) + if ( external && connection_external ) { - val_list* vl = new val_list(2); - vl->append(conn->BuildConnVal()); - vl->append(new StringVal(conn->GetTimerMgr()->GetTag().c_str())); - conn->ConnectionEvent(connection_external, 0, vl); + conn->ConnectionEventFast(connection_external, 0, { + conn->BuildConnVal(), + new StringVal(conn->GetTimerMgr()->GetTag().c_str()), + }); } } diff --git a/src/Sessions.h b/src/Sessions.h index b237428d25..880182c7cd 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -180,7 +180,6 @@ public: analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states protected: - friend class RemoteSerializer; friend class ConnCompressor; friend class TimerMgrExpireTimer; friend class IPTunnelTimer; diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index fba3abfc13..857e45bb9b 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 874ed9c5c2..134cca5db5 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -4,8 +4,6 @@ #include "Event.h" #include "NetVar.h" #include "DebugLogger.h" -#include "RemoteSerializer.h" -#include "PersistenceSerializer.h" int StateAccess::replaying = 0; @@ -135,100 +133,6 @@ void StateAccess::RefThem() Ref(op3); } -bool StateAccess::CheckOld(const char* op, ID* id, Val* index, - Val* should, Val* is) - { - if ( ! remote_check_sync_consistency ) - return true; - - if ( ! should && ! is ) - return true; - - // 'should == index' means that 'is' should be non-nil. - if ( should == index && is ) - return true; - - if ( should && is ) - { - // There's no general comparison for non-atomic vals currently. - if ( ! (is_atomic_val(is) && is_atomic_val(should)) ) - return true; - - if ( same_atomic_val(should, is) ) - return true; - } - - Val* arg1; - Val* arg2; - Val* arg3; - - if ( index ) - { - ODesc d; - d.SetShort(); - index->Describe(&d); - arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description())); - } - else - arg1 = new StringVal(id->Name()); - - if ( should ) - { - ODesc d; - d.SetShort(); - should->Describe(&d); - arg2 = new StringVal(d.Description()); - } - else - arg2 = new StringVal(""); - - if ( is ) - { - ODesc d; - d.SetShort(); - is->Describe(&d); - arg3 = new StringVal(d.Description()); - } - else - arg3 = new StringVal(""); - - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); - - return false; - } - -bool StateAccess::CheckOldSet(const char* op, ID* id, Val* index, - bool should, bool is) - { - if ( ! remote_check_sync_consistency ) - return true; - - if ( should == is ) - return true; - - ODesc d; - d.SetShort(); - index->Describe(&d); - - Val* arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description())); - Val* arg2 = new StringVal(should ? "set" : "not set"); - Val* arg3 = new StringVal(is ? "set" : "not set"); - - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); - - return false; - } - bool StateAccess::MergeTables(TableVal* dst, Val* src) { if ( src->Type()->Tag() != TYPE_TABLE ) @@ -287,7 +191,6 @@ void StateAccess::Replay() assert(op1.val); // There mustn't be a direct assignment to a unique ID. assert(target.id->Name()[0] != '#'); - CheckOld("assign", target.id, 0, op2, v); if ( t == TYPE_TABLE && v && v->AsTableVal()->FindAttr(ATTR_MERGEABLE) ) @@ -329,9 +232,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsTableVal()->Lookup(op1.val)); - v->AsTableVal()->Assign(op1.val, op2 ? op2->Ref() : 0); } @@ -353,8 +253,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsRecordVal()->Lookup(idx)); v->AsRecordVal()->Assign(idx, op2 ? op2->Ref() : 0); } else @@ -377,8 +275,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsVectorVal()->Lookup(index)); v->AsVectorVal()->Assign(index, op2 ? op2->Ref() : 0); } @@ -442,8 +338,6 @@ void StateAccess::Replay() assert(op1.val); if ( t == TYPE_TABLE ) { - CheckOldSet("add", target.id, op1.val, op2 != 0, - v->AsTableVal()->Lookup(op1.val) != 0); v->AsTableVal()->Assign(op1.val, 0); } break; @@ -452,13 +346,6 @@ void StateAccess::Replay() assert(op1.val); if ( t == TYPE_TABLE ) { - if ( v->Type()->AsTableType()->IsSet() ) - CheckOldSet("delete", target.id, op1.val, op2 != 0, - v->AsTableVal()->Lookup(op1.val) != 0); - else - CheckOld("delete", target.id, op1.val, op2, - v->AsTableVal()->Lookup(op1.val)); - Unref(v->AsTableVal()->Delete(op1.val)); } break; @@ -477,14 +364,8 @@ void StateAccess::Replay() // are performed in the expire_func. StateAccess::ResumeReplay(); - if ( remote_serializer ) - remote_serializer->ResumeStateUpdates(); - tv->CallExpireFunc(op1.val->Ref()); - if ( remote_serializer ) - remote_serializer->SuspendStateUpdates(); - StateAccess::SuspendReplay(); Unref(tv->AsTableVal()->Delete(op1.val)); @@ -507,20 +388,7 @@ void StateAccess::Replay() // Update the timestamp if we have a read_expire. if ( tv->FindAttr(ATTR_EXPIRE_READ) ) { - if ( ! tv->UpdateTimestamp(op1.val) && - remote_check_sync_consistency ) - { - ODesc d; - d.SetShort(); - op1.val->Describe(&d); - - val_list* args = new val_list; - args->append(new StringVal("read")); - args->append(new StringVal(fmt("%s[%s]", target.id->Name(), d.Description()))); - args->append(new StringVal("existent")); - args->append(new StringVal("not existent")); - mgr.QueueEvent(remote_state_inconsistency, args); - } + tv->UpdateTimestamp(op1.val); } } else @@ -533,14 +401,6 @@ void StateAccess::Replay() } --replaying; - - if ( remote_state_access_performed ) - { - val_list* vl = new val_list; - vl->append(new StringVal(target.id->Name())); - vl->append(target.id->ID_Val()->Ref()); - mgr.QueueEvent(remote_state_access_performed, vl); - } } ID* StateAccess::Target() const @@ -597,50 +457,41 @@ bool StateAccess::DoSerialize(SerialInfo* info) const const Val* null = 0; - if ( remote_check_sync_consistency ) - { + switch ( opcode ) { + case OP_PRINT: + case OP_EXPIRE: + case OP_READ_IDX: + // No old. + SERIALIZE_OPTIONAL(null); + SERIALIZE_OPTIONAL(null); + break; + + case OP_INCR: + case OP_INCR_IDX: + // Always need old. SERIALIZE_OPTIONAL(op2); SERIALIZE_OPTIONAL(op3); - } + break; - else - { - switch ( opcode ) { - case OP_PRINT: - case OP_EXPIRE: - case OP_READ_IDX: - // No old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; + case OP_ASSIGN: + case OP_ADD: + case OP_DEL: + // Op2 is old. + SERIALIZE_OPTIONAL(null); + SERIALIZE_OPTIONAL(null); + break; - case OP_INCR: - case OP_INCR_IDX: - // Always need old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(op3); - break; + case OP_ASSIGN_IDX: + // Op3 is old. + SERIALIZE_OPTIONAL(op2); + SERIALIZE_OPTIONAL(null); + break; - case OP_ASSIGN: - case OP_ADD: - case OP_DEL: - // Op2 is old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; + default: + reporter->InternalError("StateAccess::DoSerialize: unknown opcode"); + } - case OP_ASSIGN_IDX: - // Op3 is old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(null); - break; - - default: - reporter->InternalError("StateAccess::DoSerialize: unknown opcode"); - } - } - - return true; + return true; } bool StateAccess::DoUnserialize(UnserialInfo* info) @@ -870,57 +721,27 @@ void StateAccess::Describe(ODesc* d) const void StateAccess::Log(StateAccess* access) { - bool synchronized = false; - bool persistent = false; bool tracked = false; if ( access->target_type == TYPE_ID ) { - if ( access->target.id->FindAttr(ATTR_SYNCHRONIZED) ) - synchronized = true; - - if ( access->target.id->FindAttr(ATTR_PERSISTENT) ) - persistent = true; - if ( access->target.id->FindAttr(ATTR_TRACKED) ) tracked = true; } else { - if ( access->target.val->GetProperties() & MutableVal::SYNCHRONIZED ) - synchronized = true; - - if ( access->target.val->GetProperties() & MutableVal::PERSISTENT ) - persistent = true; - if ( access->target.val->GetProperties() & MutableVal::TRACKED ) tracked = true; } - if ( synchronized ) - { - if ( state_serializer ) - { - SerialInfo info(state_serializer); - state_serializer->Serialize(&info, *access); - } - - SerialInfo info(remote_serializer); - remote_serializer->SendAccess(&info, *access); - } - - if ( persistent && persistence_serializer->IsSerializationRunning() ) - persistence_serializer->LogAccess(*access); - if ( tracked ) notifiers.AccessPerformed(*access); #ifdef DEBUG ODesc desc; access->Describe(&desc); - DBG_LOG(DBG_STATE, "operation: %s%s [%s%s]", - desc.Description(), replaying > 0 ? " (replay)" : "", - persistent ? "P" : "", synchronized ? "S" : ""); + DBG_LOG(DBG_STATE, "operation: %s%s", + desc.Description(), replaying > 0 ? " (replay)" : ""); #endif delete access; @@ -943,8 +764,7 @@ void NotifierRegistry::Register(ID* id, NotifierRegistry::Notifier* notifier) } else { - attr_list* a = new attr_list; - a->append(attr); + attr_list* a = new attr_list{attr}; id->SetAttrs(new Attributes(a, id->Type(), false)); } diff --git a/src/StateAccess.h b/src/StateAccess.h index 1e84430956..8530ec1d91 100644 --- a/src/StateAccess.h +++ b/src/StateAccess.h @@ -74,8 +74,6 @@ private: StateAccess() { target.id = 0; op1.val = op2 = op3 = 0; } void RefThem(); - bool CheckOld(const char* op, ID* id, Val* index, Val* should, Val* is); - bool CheckOldSet(const char* op, ID* id, Val* index, bool should, bool is); bool MergeTables(TableVal* dst, Val* src); DECLARE_SERIAL(StateAccess); diff --git a/src/Stats.cc b/src/Stats.cc index 780ffdc39b..1d2a2c8ad8 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -310,11 +310,11 @@ void ProfileLogger::Log() // (and for consistency we dispatch it *now*) if ( profiling_update ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - vl->append(val_mgr->GetBool(expensive)); - mgr.Dispatch(new Event(profiling_update, vl)); + mgr.Dispatch(new Event(profiling_update, { + new Val(file), + val_mgr->GetBool(expensive), + })); } } @@ -369,12 +369,12 @@ void SampleLogger::SegmentProfile(const char* /* name */, const Location* /* loc */, double dtime, int dmem) { - val_list* vl = new val_list(2); - vl->append(load_samples->Ref()); - vl->append(new IntervalVal(dtime, Seconds)); - vl->append(val_mgr->GetInt(dmem)); - - mgr.QueueEvent(load_sample, vl); + if ( load_sample ) + mgr.QueueEventFast(load_sample, { + load_samples->Ref(), + new IntervalVal(dtime, Seconds), + val_mgr->GetInt(dmem) + }); } void SegmentProfiler::Init() diff --git a/src/Stmt.cc b/src/Stmt.cc index 7e7ba23a18..5960747d05 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Expr.h" #include "Event.h" @@ -14,7 +14,6 @@ #include "Debug.h" #include "Traverse.h" #include "Trigger.h" -#include "RemoteSerializer.h" const char* stmt_name(BroStmtTag t) { @@ -292,17 +291,15 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const if ( print_hook ) { - val_list* vl = new val_list(2); ::Ref(f); - vl->append(new Val(f)); - vl->append(new StringVal(d.Len(), d.Description())); // Note, this doesn't do remote printing. - mgr.Dispatch(new Event(print_hook, vl), true); + mgr.Dispatch( + new Event( + print_hook, + {new Val(f), new StringVal(d.Len(), d.Description())}), + true); } - - if ( remote_serializer ) - remote_serializer->SendPrintHookEvent(f, d.Description(), d.Len()); } return 0; @@ -704,7 +701,7 @@ bool Case::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - type_cases = new id_list; + type_cases = new id_list(len); while ( len-- ) { @@ -1198,7 +1195,10 @@ Val* EventStmt::Exec(Frame* f, stmt_flow_type& flow) const val_list* args = eval_list(f, event_expr->Args()); if ( args ) - mgr.QueueEvent(event_expr->Handler(), args); + { + mgr.QueueEvent(event_expr->Handler(), std::move(*args)); + delete args; + } flow = FLOW_NEXT; @@ -1633,7 +1633,7 @@ bool ForStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - loop_vars = new id_list; + loop_vars = new id_list(len); while ( len-- ) { @@ -2149,7 +2149,7 @@ bool InitStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - inits = new id_list; + inits = new id_list(len); while ( len-- ) { diff --git a/src/Stmt.h b/src/Stmt.h index a9bf7cddf8..c3ee6611fe 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -213,6 +213,9 @@ protected: Stmt* s; }; +declare(PList,Case); +typedef PList(Case) case_list; + class SwitchStmt : public ExprStmt { public: SwitchStmt(Expr* index, case_list* cases); diff --git a/src/Tag.h b/src/Tag.h index efc3e359c2..78fe333e12 100644 --- a/src/Tag.h +++ b/src/Tag.h @@ -3,7 +3,7 @@ #ifndef TAG_H #define TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Type.h" diff --git a/src/Timer.cc b/src/Timer.cc index 101733028c..9041b822c8 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Timer.h" @@ -20,8 +20,6 @@ const char* TimerNames[] = { "FileAnalysisInactivityTimer", "FlowWeirdTimer", "FragTimer", - "IncrementalSendTimer", - "IncrementalWriteTimer", "InterconnTimer", "IPTunnelInactivityTimer", "NetbiosExpireTimer", diff --git a/src/Timer.h b/src/Timer.h index 8d6de857a0..2ce9f56e0b 100644 --- a/src/Timer.h +++ b/src/Timer.h @@ -25,8 +25,6 @@ enum TimerType { TIMER_FILE_ANALYSIS_INACTIVITY, TIMER_FLOW_WEIRD_EXPIRE, TIMER_FRAG, - TIMER_INCREMENTAL_SEND, - TIMER_INCREMENTAL_WRITE, TIMER_INTERCONN, TIMER_IP_TUNNEL_INACTIVITY, TIMER_NB_EXPIRE, diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h index 27729e56b7..5e83d91691 100644 --- a/src/TunnelEncapsulation.h +++ b/src/TunnelEncapsulation.h @@ -3,7 +3,7 @@ #ifndef TUNNELS_H #define TUNNELS_H -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "IPAddr.h" #include "Val.h" diff --git a/src/Type.cc b/src/Type.cc index 0bc7d0e3fe..f9cb915c71 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Type.h" #include "Attr.h" @@ -8,8 +8,8 @@ #include "Scope.h" #include "Serializer.h" #include "Reporter.h" -#include "zeexygen/Manager.h" -#include "zeexygen/utils.h" +#include "zeekygen/Manager.h" +#include "zeekygen/utils.h" #include #include @@ -1197,8 +1197,8 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const if ( func_args ) continue; - using zeexygen::IdentifierInfo; - IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(GetName()); + using zeekygen::IdentifierInfo; + IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(GetName()); if ( ! doc ) { @@ -1217,7 +1217,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const field_from_script != type_from_script ) { d->PushIndent(); - d->Add(zeexygen::redef_indication(field_from_script).c_str()); + d->Add(zeekygen::redef_indication(field_from_script).c_str()); d->PopIndent(); } @@ -1237,7 +1237,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const { string s = cmnts[i]; - if ( zeexygen::prettify_params(s) ) + if ( zeekygen::prettify_params(s) ) d->NL(); d->Add(s.c_str()); @@ -1505,7 +1505,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, if ( deprecated ) id->MakeDeprecated(); - zeexygen_mgr->Identifier(id); + zeekygen_mgr->Identifier(id); } else { @@ -1618,8 +1618,8 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const else d->Add(fmt(".. zeek:enum:: %s %s", it->second.c_str(), GetName().c_str())); - using zeexygen::IdentifierInfo; - IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(it->second); + using zeekygen::IdentifierInfo; + IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(it->second); if ( ! doc ) { @@ -1634,7 +1634,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const if ( doc->GetDeclaringScript() ) enum_from_script = doc->GetDeclaringScript()->Name(); - IdentifierInfo* type_doc = zeexygen_mgr->GetIdentifierInfo(GetName()); + IdentifierInfo* type_doc = zeekygen_mgr->GetIdentifierInfo(GetName()); if ( type_doc && type_doc->GetDeclaringScript() ) type_from_script = type_doc->GetDeclaringScript()->Name(); @@ -1644,7 +1644,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const { d->NL(); d->PushIndent(); - d->Add(zeexygen::redef_indication(enum_from_script).c_str()); + d->Add(zeekygen::redef_indication(enum_from_script).c_str()); d->PopIndent(); } @@ -2266,7 +2266,7 @@ BroType* merge_types(const BroType* t1, const BroType* t2) if ( rt1->NumFields() != rt2->NumFields() ) return 0; - type_decl_list* tdl3 = new type_decl_list; + type_decl_list* tdl3 = new type_decl_list(rt1->NumFields()); for ( int i = 0; i < rt1->NumFields(); ++i ) { diff --git a/src/Type.h b/src/Type.h index bc13997461..c537bb6203 100644 --- a/src/Type.h +++ b/src/Type.h @@ -460,6 +460,9 @@ public: const char* id; }; +declare(PList,TypeDecl); +typedef PList(TypeDecl) type_decl_list; + class RecordType : public BroType { public: explicit RecordType(type_decl_list* types); diff --git a/src/Val.cc b/src/Val.cc index fe83c8d583..2b577f58e3 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -21,7 +21,6 @@ #include "NetVar.h" #include "Expr.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "PrefixTable.h" #include "Conn.h" #include "Reporter.h" @@ -1630,18 +1629,9 @@ int TableVal::Assign(Val* index, HashKey* k, Val* new_val, Opcode op) else { // A set. - if ( old_entry_val && remote_check_sync_consistency ) - { - Val* has_old_val = val_mgr->GetInt(1); - StateAccess::Log( - new StateAccess(OP_ADD, this, index, - has_old_val)); - Unref(has_old_val); - } - else - StateAccess::Log( - new StateAccess(OP_ADD, this, - index, 0, 0)); + StateAccess::Log( + new StateAccess(OP_ADD, this, + index, 0, 0)); } if ( rec_index ) @@ -1929,29 +1919,30 @@ Val* TableVal::Default(Val* index) return def_attr->AttrExpr()->IsConst() ? def_val->Ref() : def_val->Clone(); const Func* f = def_val->AsFunc(); - val_list* vl = new val_list(); + val_list vl; if ( index->Type()->Tag() == TYPE_LIST ) { const val_list* vl0 = index->AsListVal()->Vals(); + vl = val_list(vl0->length()); loop_over_list(*vl0, i) - vl->append((*vl0)[i]->Ref()); + vl.append((*vl0)[i]->Ref()); } else - vl->append(index->Ref()); + { + vl = val_list{index->Ref()}; + } Val* result = 0; try { - result = f->Call(vl); + result = f->Call(&vl); } catch ( InterpreterException& e ) { /* Already reported. */ } - delete vl; - if ( ! result ) { Error("no value returned from &default function"); @@ -2124,20 +2115,12 @@ Val* TableVal::Delete(const Val* index) { if ( v ) { - if ( v->Value() && remote_check_sync_consistency ) - // A table. - StateAccess::Log( - new StateAccess(OP_DEL, this, - index, v->Value())); - else - { - // A set. - Val* has_old_val = val_mgr->GetInt(1); - StateAccess::Log( - new StateAccess(OP_DEL, this, index, - has_old_val)); - Unref(has_old_val); - } + // A set. + Val* has_old_val = val_mgr->GetInt(1); + StateAccess::Log( + new StateAccess(OP_DEL, this, index, + has_old_val)); + Unref(has_old_val); } else StateAccess::Log( @@ -2491,21 +2474,6 @@ double TableVal::CallExpireFunc(Val* idx) return 0; } - val_list* vl = new val_list; - vl->append(Ref()); - - // Flatten lists of a single element. - if ( idx->Type()->Tag() == TYPE_LIST && - idx->AsListVal()->Length() == 1 ) - { - Val* old = idx; - idx = idx->AsListVal()->Index(0); - idx->Ref(); - Unref(old); - } - - vl->append(idx); - double secs = 0; try @@ -2515,19 +2483,31 @@ double TableVal::CallExpireFunc(Val* idx) if ( ! vf ) { // Will have been reported already. - delete_vals(vl); + Unref(idx); return 0; } if ( vf->Type()->Tag() != TYPE_FUNC ) { - Unref(vf); - delete_vals(vl); vf->Error("not a function"); + Unref(vf); + Unref(idx); return 0; } - Val* vs = vf->AsFunc()->Call(vl); + + // Flatten lists of a single element. + if ( idx->Type()->Tag() == TYPE_LIST && + idx->AsListVal()->Length() == 1 ) + { + Val* old = idx; + idx = idx->AsListVal()->Index(0); + idx->Ref(); + Unref(old); + } + + val_list vl{Ref(), idx}; + Val* vs = vf->AsFunc()->Call(&vl); if ( vs ) { @@ -2536,7 +2516,6 @@ double TableVal::CallExpireFunc(Val* idx) } Unref(vf); - delete vl; } catch ( InterpreterException& e ) diff --git a/src/Val.h b/src/Val.h index 5104c1933e..c40bf7bd4a 100644 --- a/src/Val.h +++ b/src/Val.h @@ -535,9 +535,6 @@ public: // values. (In any case, don't forget to call the parent's method.) typedef char Properties; - static const int PERSISTENT = 0x01; - static const int SYNCHRONIZED = 0x02; - // Tracked by NotifierRegistry, not recursive. static const int TRACKED = 0x04; @@ -551,10 +548,10 @@ public: bool LoggingAccess() const { #ifndef DEBUG - return props & (SYNCHRONIZED|PERSISTENT|TRACKED); + return props & TRACKED; #else return debug_logger.IsVerbose() || - (props & (SYNCHRONIZED|PERSISTENT|TRACKED)); + (props & TRACKED); #endif } diff --git a/src/Var.cc b/src/Var.cc index 8534fdd910..16ced341c1 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -1,13 +1,12 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Var.h" #include "Func.h" #include "Stmt.h" #include "Scope.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "EventRegistry.h" #include "Traverse.h" @@ -142,26 +141,6 @@ static void make_var(ID* id, BroType* t, init_class c, Expr* init, } } - if ( id->FindAttr(ATTR_PERSISTENT) || id->FindAttr(ATTR_SYNCHRONIZED) ) - { - if ( dt == VAR_CONST ) - { - id->Error("&persistent/synchronized with constant"); - return; - } - else if ( dt == VAR_OPTION ) - { - id->Error("&persistent/synchronized with option"); - return; - } - - if ( ! id->IsGlobal() ) - { - id->Error("&persistant/synchronized with non-global"); - return; - } - } - if ( do_init ) { if ( c == INIT_NONE && dt == VAR_REDEF && t->IsTable() && @@ -325,8 +304,7 @@ static void transfer_arg_defaults(RecordType* args, RecordType* recv) if ( ! recv_i->attrs ) { - attr_list* a = new attr_list(); - a->append(def); + attr_list* a = new attr_list{def}; recv_i->attrs = new Attributes(a, recv_i->type, true); } diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 818dd917e8..874b405e9d 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -662,16 +662,19 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) if ( protocol_confirmed ) return; + protocol_confirmed = true; + + if ( ! protocol_confirmation ) + return; + EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - mgr.QueueEvent(protocol_confirmation, vl); - - protocol_confirmed = true; + mgr.QueueEventFast(protocol_confirmation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + }); } void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) @@ -689,15 +692,18 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) else r = new StringVal(reason); + if ( ! protocol_violation ) + return; + EnumVal* tval = tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - vl->append(r); - mgr.QueueEvent(protocol_violation, vl); + mgr.QueueEventFast(protocol_violation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + r, + }); } void Analyzer::AddTimer(analyzer_timer_func timer, double t, @@ -782,6 +788,16 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list* vl) conn->ConnectionEvent(f, this, vl); } +void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) + { + conn->ConnectionEvent(f, this, std::move(vl)); + } + +void Analyzer::ConnectionEventFast(EventHandlerPtr f, val_list vl) + { + conn->ConnectionEventFast(f, this, std::move(vl)); + } + void Analyzer::Weird(const char* name, const char* addl) { conn->Weird(name, addl); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index a13df7e21e..141d420a82 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -541,6 +541,18 @@ public: */ void ConnectionEvent(EventHandlerPtr f, val_list* vl); + /** + * Convenience function that forwards directly to + * Connection::ConnectionEvent(). + */ + void ConnectionEvent(EventHandlerPtr f, val_list vl); + + /** + * Convenience function that forwards directly to + * Connection::ConnectionEventFast(). + */ + void ConnectionEventFast(EventHandlerPtr f, val_list vl); + /** * Convenience function that forwards directly to the corresponding * Connection::Weird(). diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index c52bf05fc6..74224e4ba4 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -7,7 +7,7 @@ #include "plugin/Component.h" #include "plugin/TaggedComponent.h" -#include "../bro-config.h" +#include "../zeek-config.h" #include "../util.h" class Connection; diff --git a/src/analyzer/Tag.h b/src/analyzer/Tag.h index 926196c747..92aff38189 100644 --- a/src/analyzer/Tag.h +++ b/src/analyzer/Tag.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_TAG_H #define ANALYZER_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/analyzer/protocol/arp/ARP.cc b/src/analyzer/protocol/arp/ARP.cc index 83166bd149..d3a4ab688f 100644 --- a/src/analyzer/protocol/arp/ARP.cc +++ b/src/analyzer/protocol/arp/ARP.cc @@ -190,13 +190,13 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg) if ( ! bad_arp ) return; - val_list* vl = new val_list; - vl->append(ConstructAddrVal(ar_spa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_sha(hdr))); - vl->append(ConstructAddrVal(ar_tpa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_tha(hdr))); - vl->append(new StringVal(msg)); - mgr.QueueEvent(bad_arp, vl); + mgr.QueueEventFast(bad_arp, { + ConstructAddrVal(ar_spa(hdr)), + EthAddrToStr((const u_char*) ar_sha(hdr)), + ConstructAddrVal(ar_tpa(hdr)), + EthAddrToStr((const u_char*) ar_tha(hdr)), + new StringVal(msg), + }); } void ARP_Analyzer::Corrupted(const char* msg) @@ -212,18 +212,14 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e, if ( ! e ) return; - // init the val_list - val_list* vl = new val_list; - - // prepare the event arguments - vl->append(EthAddrToStr(src)); - vl->append(EthAddrToStr(dst)); - vl->append(ConstructAddrVal(spa)); - vl->append(EthAddrToStr((const u_char*) sha)); - vl->append(ConstructAddrVal(tpa)); - vl->append(EthAddrToStr((const u_char*) tha)); - - mgr.QueueEvent(e, vl); + mgr.QueueEventFast(e, { + EthAddrToStr(src), + EthAddrToStr(dst), + ConstructAddrVal(spa), + EthAddrToStr((const u_char*) sha), + ConstructAddrVal(tpa), + EthAddrToStr((const u_char*) tha), + }); } AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr) diff --git a/src/analyzer/protocol/arp/ARP.h b/src/analyzer/protocol/arp/ARP.h index 86ea14d694..34c944724a 100644 --- a/src/analyzer/protocol/arp/ARP.h +++ b/src/analyzer/protocol/arp/ARP.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_PROTOCOL_ARP_ARP_H #define ANALYZER_PROTOCOL_ARP_ARP_H -#include "bro-config.h" +#include "zeek-config.h" #include #include #include diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index ecfb660b94..2e8d47d1d0 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "BackDoor.h" #include "Event.h" @@ -246,13 +246,15 @@ void BackDoorEndpoint::RloginSignatureFound(int len) rlogin_checking_done = 1; - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(rlogin_num_null)); - vl->append(val_mgr->GetCount(len)); + if ( ! rlogin_signature_found ) + return; - endp->TCP()->ConnectionEvent(rlogin_signature_found, vl); + endp->TCP()->ConnectionEventFast(rlogin_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(rlogin_num_null), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* data) @@ -338,12 +340,14 @@ void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* d void BackDoorEndpoint::TelnetSignatureFound(int len) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(len)); + if ( ! telnet_signature_found ) + return; - endp->TCP()->ConnectionEvent(telnet_signature_found, vl); + endp->TCP()->ConnectionEventFast(telnet_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForSSH(uint64 seq, int len, const u_char* data) @@ -643,13 +647,15 @@ void BackDoorEndpoint::CheckForHTTPProxy(uint64 /* seq */, int len, void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); + if ( ! e ) + return; if ( do_orig ) - vl->append(val_mgr->GetBool(endp->IsOrig())); + endp->TCP()->ConnectionEventFast(e, + {endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig())}); - endp->TCP()->ConnectionEvent(e, vl); + else + endp->TCP()->ConnectionEventFast(e, {endp->TCP()->BuildConnVal()}); } @@ -776,20 +782,22 @@ void BackDoor_Analyzer::StatTimer(double t, int is_expire) void BackDoor_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); + if ( ! backdoor_stats ) + return; - TCP()->ConnectionEvent(backdoor_stats, vl); + TCP()->ConnectionEventFast(backdoor_stats, { + TCP()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void BackDoor_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); + if ( ! backdoor_remove_conn ) + return; - TCP()->ConnectionEvent(backdoor_remove_conn, vl); + TCP()->ConnectionEventFast(backdoor_remove_conn, {TCP()->BuildConnVal()}); } BackDoorTimer::BackDoorTimer(double t, BackDoor_Analyzer* a) diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index 652d3d120c..c57d694c6e 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -120,10 +120,10 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bittorrent_peer_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bittorrent_peer_weird, vl); + ConnectionEventFast(bittorrent_peer_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 54cac790fb..a1a40e8d56 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -247,11 +247,11 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bt_tracker_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bt_tracker_weird, vl); + ConnectionEventFast(bt_tracker_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } @@ -346,19 +346,17 @@ void BitTorrentTracker_Analyzer::RequestGet(char* uri) void BitTorrentTracker_Analyzer::EmitRequest(void) { - val_list* vl; - ProtocolConfirmation(); - vl = new val_list; - vl->append(BuildConnVal()); - vl->append(req_val_uri); - vl->append(req_val_headers); + if ( bt_tracker_request ) + ConnectionEventFast(bt_tracker_request, { + BuildConnVal(), + req_val_uri, + req_val_headers, + }); req_val_uri = 0; req_val_headers = 0; - - ConnectionEvent(bt_tracker_request, vl); } bool BitTorrentTracker_Analyzer::ParseResponse(char* line) @@ -404,11 +402,12 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { if ( res_status != 200 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - ConnectionEvent(bt_tracker_response_not_ok, vl); + if ( bt_tracker_response_not_ok ) + ConnectionEventFast(bt_tracker_response_not_ok, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + }); res_val_headers = 0; res_buf_pos = res_buf + res_buf_len; res_state = BTT_RES_DONE; @@ -790,16 +789,16 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) { ProtocolConfirmation(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - vl->append(res_val_peers); - vl->append(res_val_benc); + if ( bt_tracker_response ) + ConnectionEventFast(bt_tracker_response, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + res_val_peers, + res_val_benc, + }); res_val_headers = 0; res_val_peers = 0; res_val_benc = 0; - - ConnectionEvent(bt_tracker_response, vl); } diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 52d81e3111..1b18335e7f 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -47,11 +47,11 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool if ( ! f ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(threshold)); - vl->append(val_mgr->GetBool(is_orig)); - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + val_mgr->GetCount(threshold), + val_mgr->GetBool(is_orig), + }); } void ConnSize_Analyzer::CheckSizes(bool is_orig) diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc index f7a96fbb6e..0f401d75de 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 944ce92731..c9e2c61cd7 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -46,13 +46,12 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) if ( dns_message ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(msg.BuildHdrVal()); - vl->append(val_mgr->GetCount(len)); - - analyzer->ConnectionEvent(dns_message, vl); + analyzer->ConnectionEventFast(dns_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + msg.BuildHdrVal(), + val_mgr->GetCount(len), + }); } // There is a great deal of non-DNS traffic that runs on port 53. @@ -133,11 +132,11 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) int DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - analyzer->ConnectionEvent(dns_end, vl); + if ( dns_end ) + analyzer->ConnectionEventFast(dns_end, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + }); return 1; } @@ -336,11 +335,11 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, if ( dns_unknown_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - analyzer->ConnectionEvent(dns_unknown_reply, vl); + analyzer->ConnectionEventFast(dns_unknown_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + }); } analyzer->Weird("DNS_RR_unknown_type", fmt("%d", msg->atype)); @@ -551,14 +550,12 @@ int DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, if ( reply_event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - - analyzer->ConnectionEvent(reply_event, vl); + analyzer->ConnectionEventFast(reply_event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + }); } return 1; @@ -598,14 +595,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, if ( dns_SOA_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - RecordVal* r = new RecordVal(dns_soa); - r->Assign(0, new StringVal(new BroString(mname, mname_end - mname, 1))); r->Assign(1, new StringVal(new BroString(rname, rname_end - rname, 1))); r->Assign(2, val_mgr->GetCount(serial)); @@ -614,9 +604,12 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(5, new IntervalVal(double(expire), Seconds)); r->Assign(6, new IntervalVal(double(minimum), Seconds)); - vl->append(r); - - analyzer->ConnectionEvent(dns_SOA_reply, vl); + analyzer->ConnectionEventFast(dns_SOA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + r + }); } return 1; @@ -642,15 +635,13 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, if ( dns_MX_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(preference)); - - analyzer->ConnectionEvent(dns_MX_reply, vl); + analyzer->ConnectionEventFast(dns_MX_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(preference), + }); } return 1; @@ -687,16 +678,15 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, if ( dns_SRV_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(priority)); - vl->append(val_mgr->GetCount(weight)); - vl->append(val_mgr->GetCount(port)); - - analyzer->ConnectionEvent(dns_SRV_reply, vl); + analyzer->ConnectionEventFast(dns_SRV_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(priority), + val_mgr->GetCount(weight), + val_mgr->GetCount(port), + }); } return 1; @@ -711,12 +701,11 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, if ( dns_EDNS_addl && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildEDNS_Val()); - analyzer->ConnectionEvent(dns_EDNS_addl, vl); + analyzer->ConnectionEventFast(dns_EDNS_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildEDNS_Val(), + }); } // Currently EDNS supports the movement of type:data pairs @@ -778,24 +767,24 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, unsigned int rr_error = ExtractShort(data, len); ExtractOctets(data, len, 0); // Other Data - msg->tsig = new TSIG_DATA; + if ( dns_TSIG_addl ) + { + TSIG_DATA tsig; + tsig.alg_name = + new BroString(alg_name, alg_name_end - alg_name, 1); + tsig.sig = request_MAC; + tsig.time_s = sign_time_sec; + tsig.time_ms = sign_time_msec; + tsig.fudge = fudge; + tsig.orig_id = orig_id; + tsig.rr_error = rr_error; - msg->tsig->alg_name = - new BroString(alg_name, alg_name_end - alg_name, 1); - msg->tsig->sig = request_MAC; - msg->tsig->time_s = sign_time_sec; - msg->tsig->time_ms = sign_time_msec; - msg->tsig->fudge = fudge; - msg->tsig->orig_id = orig_id; - msg->tsig->rr_error = rr_error; - - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildTSIG_Val()); - - analyzer->ConnectionEvent(dns_TSIG_addl, vl); + analyzer->ConnectionEventFast(dns_TSIG_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildTSIG_Val(&tsig), + }); + } return 1; } @@ -878,25 +867,26 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, break; } - RRSIG_DATA rrsig; - rrsig.type_covered = type_covered; - rrsig.algorithm = algo; - rrsig.labels = lab; - rrsig.orig_ttl = orig_ttl; - rrsig.sig_exp = sign_exp; - rrsig.sig_incep = sign_incp; - rrsig.key_tag = key_tag; - rrsig.signer_name = new BroString(name, name_end - name, 1); - rrsig.signature = sign; + if ( dns_RRSIG ) + { + RRSIG_DATA rrsig; + rrsig.type_covered = type_covered; + rrsig.algorithm = algo; + rrsig.labels = lab; + rrsig.orig_ttl = orig_ttl; + rrsig.sig_exp = sign_exp; + rrsig.sig_incep = sign_incp; + rrsig.key_tag = key_tag; + rrsig.signer_name = new BroString(name, name_end - name, 1); + rrsig.signature = sign; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildRRSIG_Val(&rrsig)); - - analyzer->ConnectionEvent(dns_RRSIG, vl); + analyzer->ConnectionEventFast(dns_RRSIG, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildRRSIG_Val(&rrsig), + }); + } return 1; } @@ -977,20 +967,21 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, break; } - DNSKEY_DATA dnskey; - dnskey.dflags = dflags; - dnskey.dalgorithm = dalgorithm; - dnskey.dprotocol = dprotocol; - dnskey.public_key = key; + if ( dns_DNSKEY ) + { + DNSKEY_DATA dnskey; + dnskey.dflags = dflags; + dnskey.dalgorithm = dalgorithm; + dnskey.dprotocol = dprotocol; + dnskey.public_key = key; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDNSKEY_Val(&dnskey)); - - analyzer->ConnectionEvent(dns_DNSKEY, vl); + analyzer->ConnectionEventFast(dns_DNSKEY, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDNSKEY_Val(&dnskey), + }); + } return 1; } @@ -1035,15 +1026,16 @@ int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_NSEC, vl); + if ( dns_NSEC ) + analyzer->ConnectionEventFast(dns_NSEC, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + char_strings, + }); + else + Unref(char_strings); return 1; } @@ -1111,24 +1103,25 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - NSEC3_DATA nsec3; - nsec3.nsec_flags = nsec_flags; - nsec3.nsec_hash_algo = hash_algo; - nsec3.nsec_iter = iter; - nsec3.nsec_salt_len = salt_len; - nsec3.nsec_salt = salt_val; - nsec3.nsec_hlen = hash_len; - nsec3.nsec_hash = hash_val; - nsec3.bitmaps = char_strings; + if ( dns_NSEC3 ) + { + NSEC3_DATA nsec3; + nsec3.nsec_flags = nsec_flags; + nsec3.nsec_hash_algo = hash_algo; + nsec3.nsec_iter = iter; + nsec3.nsec_salt_len = salt_len; + nsec3.nsec_salt = salt_val; + nsec3.nsec_hlen = hash_len; + nsec3.nsec_hash = hash_val; + nsec3.bitmaps = char_strings; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildNSEC3_Val(&nsec3)); - - analyzer->ConnectionEvent(dns_NSEC3, vl); + analyzer->ConnectionEventFast(dns_NSEC3, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildNSEC3_Val(&nsec3), + }); + } return 1; } @@ -1172,20 +1165,21 @@ int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, break; } - DS_DATA ds; - ds.key_tag = ds_key_tag; - ds.algorithm = ds_algo; - ds.digest_type = ds_dtype; - ds.digest_val = ds_digest; + if ( dns_DS ) + { + DS_DATA ds; + ds.key_tag = ds_key_tag; + ds.algorithm = ds_algo; + ds.digest_type = ds_dtype; + ds.digest_val = ds_digest; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDS_Val(&ds)); - - analyzer->ConnectionEvent(dns_DS, vl); + analyzer->ConnectionEventFast(dns_DS, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDS_Val(&ds), + }); + } return 1; } @@ -1203,14 +1197,12 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, if ( dns_A_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(htonl(addr))); - - analyzer->ConnectionEvent(dns_A_reply, vl); + analyzer->ConnectionEventFast(dns_A_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(htonl(addr)), + }); } return 1; @@ -1242,13 +1234,12 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, event = dns_A6_reply; if ( event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(addr)); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEventFast(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(addr), + }); } return 1; @@ -1317,14 +1308,15 @@ int DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) char_strings->Assign(char_strings->Size(), char_string); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_TXT_reply, vl); + if ( dns_TXT_reply ) + analyzer->ConnectionEventFast(dns_TXT_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + char_strings, + }); + else + Unref(char_strings); return rdlength == 0; } @@ -1359,16 +1351,20 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, data += value->Len(); rdlength -= value->Len(); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(val_mgr->GetCount(flags)); - vl->append(new StringVal(tag)); - vl->append(new StringVal(value)); - - analyzer->ConnectionEvent(dns_CAA_reply, vl); + if ( dns_CAA_reply ) + analyzer->ConnectionEventFast(dns_CAA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + val_mgr->GetCount(flags), + new StringVal(tag), + new StringVal(value), + }); + else + { + delete tag; + delete value; + } return rdlength == 0; } @@ -1382,14 +1378,14 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, RR_Type qtype = RR_Type(ExtractShort(data, len)); int qclass = ExtractShort(data, len); - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(new StringVal(question_name)); - vl->append(val_mgr->GetCount(qtype)); - vl->append(val_mgr->GetCount(qclass)); - - analyzer->ConnectionEvent(event, vl); + if ( event ) + analyzer->ConnectionEventFast(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + new StringVal(question_name), + val_mgr->GetCount(qtype), + val_mgr->GetCount(qclass), + }); } @@ -1423,7 +1419,6 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query) answer_type = DNS_QUESTION; skip_event = 0; - tsig = 0; } DNS_MsgInfo::~DNS_MsgInfo() @@ -1502,7 +1497,7 @@ Val* DNS_MsgInfo::BuildEDNS_Val() return r; } -Val* DNS_MsgInfo::BuildTSIG_Val() +Val* DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig) { RecordVal* r = new RecordVal(dns_tsig_additional); double rtime = tsig->time_s + tsig->time_ms / 1000.0; @@ -1519,9 +1514,6 @@ Val* DNS_MsgInfo::BuildTSIG_Val() r->Assign(7, val_mgr->GetCount(tsig->rr_error)); r->Assign(8, val_mgr->GetCount(is_query)); - delete tsig; - tsig = 0; - return r; } @@ -1737,10 +1729,11 @@ void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, { if ( ! interp->ParseMessage(data, len, 1) && non_dns_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(non_dns_request, vl); + if ( non_dns_request ) + ConnectionEventFast(non_dns_request, { + BuildConnVal(), + new StringVal(len, (const char*) data), + }); } } diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index f095fe96fa..a4975cdaa1 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -182,7 +182,7 @@ public: Val* BuildHdrVal(); Val* BuildAnswerVal(); Val* BuildEDNS_Val(); - Val* BuildTSIG_Val(); + Val* BuildTSIG_Val(struct TSIG_DATA*); Val* BuildRRSIG_Val(struct RRSIG_DATA*); Val* BuildDNSKEY_Val(struct DNSKEY_DATA*); Val* BuildNSEC3_Val(struct NSEC3_DATA*); @@ -214,10 +214,6 @@ public: ///< identical answer, there may be problems // uint32* addr; ///< cache value to pass back results ///< for forward lookups - - // More values for spesific DNS types. - //struct EDNS_ADDITIONAL* edns; - struct TSIG_DATA* tsig; }; diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index b7e00c7fa4..62fd36c0da 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -77,10 +77,12 @@ void File_Analyzer::Identify() &matches); string match = matches.empty() ? "" : *(matches.begin()->second.begin()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(buffer_len, buffer)); - vl->append(new StringVal("")); - vl->append(new StringVal(match)); - ConnectionEvent(file_transferred, vl); + + if ( file_transferred ) + ConnectionEventFast(file_transferred, { + BuildConnVal(), + new StringVal(buffer_len, buffer), + new StringVal(""), + new StringVal(match), + }); } diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 6729c34448..127ab048e1 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -66,14 +66,15 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig else host = at + 1; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(long_cnt)); - vl->append(new StringVal(at - line, line)); - vl->append(new StringVal(end_of_line - host, host)); - if ( finger_request ) - ConnectionEvent(finger_request, vl); + { + ConnectionEventFast(finger_request, { + BuildConnVal(), + val_mgr->GetBool(long_cnt), + new StringVal(at - line, line), + new StringVal(end_of_line - host, host), + }); + } Conn()->Match(Rule::FINGER, (const u_char *) line, end_of_line - line, true, true, 1, true); @@ -86,10 +87,9 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( ! finger_reply ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(finger_reply, vl); + ConnectionEventFast(finger_reply, { + BuildConnVal(), + new StringVal(end_of_line - line, line), + }); } } diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index f28dadf670..a6f41a6b66 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -73,8 +73,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) // Could emit "ftp empty request/reply" weird, but maybe not worth it. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); + val_list vl; EventHandlerPtr f; if ( orig ) @@ -95,8 +94,11 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) else cmd_str = (new StringVal(cmd_len, cmd))->ToUpper(); - vl->append(cmd_str); - vl->append(new StringVal(end_of_line - line, line)); + vl = val_list{ + BuildConnVal(), + cmd_str, + new StringVal(end_of_line - line, line), + }; f = ftp_request; ProtocolConfirmation(); @@ -171,14 +173,17 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) } } - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool(cont_resp)); + vl = val_list{ + BuildConnVal(), + val_mgr->GetCount(reply_code), + new StringVal(end_of_line - line, line), + val_mgr->GetBool(cont_resp), + }; f = ftp_reply; } - ConnectionEvent(f, vl); + ConnectionEvent(f, std::move(vl)); ForwardStream(length, data, orig); } diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index e7c11b40bb..7cc6285c8c 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -58,16 +58,10 @@ void Gnutella_Analyzer::Done() if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - if ( Established() && gnutella_establish ) - ConnectionEvent(gnutella_establish, vl); + ConnectionEventFast(gnutella_establish, {BuildConnVal()}); else if ( ! Established () && gnutella_not_establish ) - ConnectionEvent(gnutella_not_establish, vl); - else - delete_vals(vl); + ConnectionEventFast(gnutella_not_establish, {BuildConnVal()}); } if ( gnutella_partial_binary_msg ) @@ -78,14 +72,12 @@ void Gnutella_Analyzer::Done() { if ( ! p->msg_sent && p->msg_pos ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(p->msg)); - vl->append(val_mgr->GetBool((i == 0))); - vl->append(val_mgr->GetCount(p->msg_pos)); - - ConnectionEvent(gnutella_partial_binary_msg, vl); + ConnectionEventFast(gnutella_partial_binary_msg, { + BuildConnVal(), + new StringVal(p->msg), + val_mgr->GetBool((i == 0)), + val_mgr->GetCount(p->msg_pos), + }); } else if ( ! p->msg_sent && p->payload_left ) @@ -129,10 +121,7 @@ int Gnutella_Analyzer::IsHTTP(string header) if ( gnutella_http_notify ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_http_notify, vl); + ConnectionEventFast(gnutella_http_notify, {BuildConnVal()}); } analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); @@ -192,13 +181,11 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { if ( gnutella_text_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(ms->headers.data())); - - ConnectionEvent(gnutella_text_msg, vl); + ConnectionEventFast(gnutella_text_msg, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(ms->headers.data()), + }); } ms->headers = ""; @@ -206,12 +193,9 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) if ( Established () && gnutella_establish ) { - val_list* vl = new val_list; - sent_establish = 1; - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_establish, vl); + ConnectionEventFast(gnutella_establish, {BuildConnVal()}); } } } @@ -237,21 +221,18 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) if ( gnutella_binary_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(p->msg_type)); - vl->append(val_mgr->GetCount(p->msg_ttl)); - vl->append(val_mgr->GetCount(p->msg_hops)); - vl->append(val_mgr->GetCount(p->msg_len)); - vl->append(new StringVal(p->payload)); - vl->append(val_mgr->GetCount(p->payload_len)); - vl->append(val_mgr->GetBool( - (p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD)))); - vl->append(val_mgr->GetBool((p->payload_left == 0))); - - ConnectionEvent(gnutella_binary_msg, vl); + ConnectionEventFast(gnutella_binary_msg, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(p->msg_type), + val_mgr->GetCount(p->msg_ttl), + val_mgr->GetCount(p->msg_hops), + val_mgr->GetCount(p->msg_len), + new StringVal(p->payload), + val_mgr->GetCount(p->payload_len), + val_mgr->GetBool((p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))), + val_mgr->GetBool((p->payload_left == 0)), + }); } } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 4706286914..291990119a 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -646,11 +646,11 @@ void HTTP_Message::Done(const int interrupted, const char* detail) if ( http_message_done ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildMessageStat(interrupted, detail)); - GetAnalyzer()->ConnectionEvent(http_message_done, vl); + GetAnalyzer()->ConnectionEventFast(http_message_done, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildMessageStat(interrupted, detail), + }); } MyHTTP_Analyzer()->HTTP_MessageDone(is_orig, this); @@ -679,10 +679,10 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) if ( http_begin_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_begin_entity, vl); + analyzer->ConnectionEventFast(http_begin_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -696,10 +696,10 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) if ( http_end_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_end_entity, vl); + analyzer->ConnectionEventFast(http_end_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } current_entity = (HTTP_Entity*) entity->Parent(); @@ -737,11 +737,11 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { if ( http_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(http_all_headers, vl); + analyzer->ConnectionEventFast(http_all_headers, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildHeaderTable(hlist), + }); } if ( http_content_type ) @@ -751,12 +751,12 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) ty->Ref(); subty->Ref(); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(ty); - vl->append(subty); - analyzer->ConnectionEvent(http_content_type, vl); + analyzer->ConnectionEventFast(http_content_type, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + ty, + subty, + }); } } @@ -1182,12 +1182,8 @@ void HTTP_Analyzer::GenStats() r->Assign(2, new Val(request_version, TYPE_DOUBLE)); r->Assign(3, new Val(reply_version, TYPE_DOUBLE)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(r); - // DEBUG_MSG("%.6f http_stats\n", network_time); - ConnectionEvent(http_stats, vl); + ConnectionEventFast(http_stats, {BuildConnVal(), r}); } } @@ -1384,13 +1380,12 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail) { if ( http_event ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(detail); - // DEBUG_MSG("%.6f http_event\n", network_time); - ConnectionEvent(http_event, vl); + ConnectionEventFast(http_event, { + BuildConnVal(), + new StringVal(category), + detail, + }); } else delete detail; @@ -1426,17 +1421,16 @@ void HTTP_Analyzer::HTTP_Request() if ( http_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - Ref(request_method); - vl->append(request_method); - vl->append(TruncateURI(request_URI->AsStringVal())); - vl->append(TruncateURI(unescaped_URI->AsStringVal())); - vl->append(new StringVal(fmt("%.1f", request_version))); // DEBUG_MSG("%.6f http_request\n", network_time); - ConnectionEvent(http_request, vl); + ConnectionEventFast(http_request, { + BuildConnVal(), + request_method, + TruncateURI(request_URI->AsStringVal()), + TruncateURI(unescaped_URI->AsStringVal()), + new StringVal(fmt("%.1f", request_version)), + }); } } @@ -1444,15 +1438,14 @@ void HTTP_Analyzer::HTTP_Reply() { if ( http_reply ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(fmt("%.1f", reply_version))); - vl->append(val_mgr->GetCount(reply_code)); - if ( reply_reason_phrase ) - vl->append(reply_reason_phrase->Ref()); - else - vl->append(new StringVal("")); - ConnectionEvent(http_reply, vl); + ConnectionEventFast(http_reply, { + BuildConnVal(), + new StringVal(fmt("%.1f", reply_version)), + val_mgr->GetCount(reply_code), + reply_reason_phrase ? + reply_reason_phrase->Ref() : + new StringVal(""), + }); } else { @@ -1524,10 +1517,10 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) if ( http_connection_upgrade ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(upgrade_protocol)); - ConnectionEvent(http_connection_upgrade, vl); + ConnectionEventFast(http_connection_upgrade, { + BuildConnVal(), + new StringVal(upgrade_protocol), + }); } } @@ -1697,14 +1690,15 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h) Conn()->Match(rule, (const u_char*) hd_value.data, hd_value.length, is_orig, false, true, false); - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(mime::new_string_val(h->get_name())->ToUpper()); - vl->append(mime::new_string_val(h->get_value())); if ( DEBUG_http ) DEBUG_MSG("%.6f http_header\n", network_time); - ConnectionEvent(http_header, vl); + + ConnectionEventFast(http_header, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + mime::new_string_val(h->get_name())->ToUpper(), + mime::new_string_val(h->get_value()), + }); } } @@ -1833,12 +1827,12 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data) { if ( http_entity_data ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(entity_data->Len())); - vl->append(new StringVal(entity_data)); - ConnectionEvent(http_entity_data, vl); + ConnectionEventFast(http_entity_data, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(entity_data->Len()), + new StringVal(entity_data), + }); } else delete entity_data; diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 1832b324b2..3c65a2a831 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "NetVar.h" @@ -199,20 +199,21 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { if ( icmp_sent ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); - ConnectionEvent(icmp_sent, vl); + ConnectionEventFast(icmp_sent, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + }); } if ( icmp_sent_payload ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); BroString* payload = new BroString(data, min(len, caplen), 0); - vl->append(new StringVal(payload)); - ConnectionEvent(icmp_sent_payload, vl); + + ConnectionEventFast(icmp_sent_payload, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + new StringVal(payload), + }); } } @@ -511,14 +512,13 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, BroString* payload = new BroString(data, caplen, 0); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)); - vl->append(val_mgr->GetCount(iid)); - vl->append(val_mgr->GetCount(iseq)); - vl->append(new StringVal(payload)); - - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), + val_mgr->GetCount(iid), + val_mgr->GetCount(iseq), + new StringVal(payload), + }); } @@ -526,6 +526,10 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_router_advertisement; + + if ( ! f ) + return; + uint32 reachable = 0, retrans = 0; if ( caplen >= (int)sizeof(reachable) ) @@ -534,24 +538,23 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(reachable) + (int)sizeof(retrans) ) memcpy(&retrans, data + sizeof(reachable), sizeof(retrans)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_num_addrs)); // Cur Hop Limit - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x80)); // Managed - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x40)); // Other - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x20)); // Home Agent - vl->append(val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3)); // Pref - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x04)); // Proxy - vl->append(val_mgr->GetCount(icmpp->icmp_wpa & 0x02)); // Reserved - vl->append(new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds)); - vl->append(new IntervalVal((double)ntohl(reachable), Milliseconds)); - vl->append(new IntervalVal((double)ntohl(retrans), Milliseconds)); - int opt_offset = sizeof(reachable) + sizeof(retrans); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_num_addrs), // Cur Hop Limit + val_mgr->GetBool(icmpp->icmp_wpa & 0x80), // Managed + val_mgr->GetBool(icmpp->icmp_wpa & 0x40), // Other + val_mgr->GetBool(icmpp->icmp_wpa & 0x20), // Home Agent + val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3), // Pref + val_mgr->GetBool(icmpp->icmp_wpa & 0x04), // Proxy + val_mgr->GetCount(icmpp->icmp_wpa & 0x02), // Reserved + new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds), + new IntervalVal((double)ntohl(reachable), Milliseconds), + new IntervalVal((double)ntohl(retrans), Milliseconds), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -559,23 +562,26 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_advertisement; + + if ( ! f ) + return; + IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80)); // Router - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40)); // Solicited - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20)); // Override - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80), // Router + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40), // Solicited + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20), // Override + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -583,20 +589,23 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_solicitation; + + if ( ! f ) + return; + IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -604,6 +613,10 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_redirect; + + if ( ! f ) + return; + IPAddr tgtaddr, dstaddr; if ( caplen >= (int)sizeof(in6_addr) ) @@ -612,16 +625,15 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, if ( caplen >= 2 * (int)sizeof(in6_addr) ) dstaddr = IPAddr(*((const in6_addr*)(data + sizeof(in6_addr)))); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - vl->append(new AddrVal(dstaddr)); - int opt_offset = 2 * sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + new AddrVal(dstaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -630,12 +642,14 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, { EventHandlerPtr f = icmp_router_solicitation; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(BuildNDOptionsVal(caplen, data)); + if ( ! f ) + return; - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildNDOptionsVal(caplen, data), + }); } @@ -657,12 +671,12 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 0, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP4Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 0, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP4Context(caplen, data), + }); } } @@ -697,12 +711,12 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP6Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP6Context(caplen, data), + }); } } diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index 125f2d7f64..b24675ee53 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -83,12 +83,11 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) Weird("ident_request_addendum", s.CheckString()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - - ConnectionEvent(ident_request, vl); + ConnectionEventFast(ident_request, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + }); did_deliver = 1; } @@ -144,13 +143,13 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) if ( is_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(ident_error, vl); + if ( ident_error ) + ConnectionEventFast(ident_error, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + }); } else @@ -178,14 +177,13 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = skip_whitespace(colon + 1, end_of_line); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(new StringVal(sys_type_s)); - - ConnectionEvent(ident_reply, vl); + ConnectionEventFast(ident_reply, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + new StringVal(sys_type_s), + }); } } } diff --git a/src/analyzer/protocol/imap/imap-analyzer.pac b/src/analyzer/protocol/imap/imap-analyzer.pac index 353aadb7ce..ac1652086e 100644 --- a/src/analyzer/protocol/imap/imap-analyzer.pac +++ b/src/analyzer/protocol/imap/imap-analyzer.pac @@ -43,7 +43,9 @@ refine connection IMAP_Conn += { if ( commands == "ok" ) { bro_analyzer()->StartTLS(); - BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn()); + + if ( imap_starttls ) + BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn()); } else reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS"); @@ -54,6 +56,9 @@ refine connection IMAP_Conn += { function proc_server_capability(capabilities: Capability[]): bool %{ + if ( ! imap_capabilities ) + return true; + VectorVal* capv = new VectorVal(internal_type("string_vec")->AsVectorType()); for ( unsigned int i = 0; i< capabilities->size(); i++ ) { diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 8d9dd72774..e9a9378c90 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "InterConn.h" #include "Event.h" @@ -241,20 +241,18 @@ void InterConn_Analyzer::StatTimer(double t, int is_expire) void InterConn_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); - - Conn()->ConnectionEvent(interconn_stats, this, vl); + if ( interconn_stats ) + Conn()->ConnectionEventFast(interconn_stats, this, { + Conn()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void InterConn_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - - Conn()->ConnectionEvent(interconn_remove_conn, this, vl); + if ( interconn_remove_conn ) + Conn()->ConnectionEventFast(interconn_remove_conn, this, {Conn()->BuildConnVal()}); } InterConnTimer::InterConnTimer(double t, InterConn_Analyzer* a) diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index 25d568d627..c5db109434 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -233,14 +233,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_network_info, vl); + ConnectionEventFast(irc_network_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -271,13 +270,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(type.c_str())); - vl->append(new StringVal(channel.c_str())); - TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { if ( parts[i][0] == '@' ) @@ -286,9 +280,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) set->Assign(idx, 0); Unref(idx); } - vl->append(set); - ConnectionEvent(irc_names_info, vl); + ConnectionEventFast(irc_names_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(type.c_str()), + new StringVal(channel.c_str()), + set, + }); } break; @@ -316,14 +315,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_server_info, vl); + ConnectionEventFast(irc_server_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -339,12 +337,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[i] == ":channels" ) channels = atoi(parts[i - 1].c_str()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(channels)); - - ConnectionEvent(irc_channel_info, vl); + ConnectionEventFast(irc_channel_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(channels), + }); } break; @@ -372,12 +369,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(eop - prefix, prefix)); - vl->append(new StringVal(++msg)); - ConnectionEvent(irc_global_users, vl); + ConnectionEventFast(irc_global_users, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(eop - prefix, prefix), + new StringVal(++msg), + }); break; } @@ -397,12 +394,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); + vl.append(new StringVal(parts[2].c_str())); parts.erase(parts.begin(), parts.begin() + 4); @@ -413,9 +410,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( real_name[0] == ':' ) real_name = real_name.substr(1); - vl->append(new StringVal(real_name.c_str())); + vl.append(new StringVal(real_name.c_str())); - ConnectionEvent(irc_whois_user_line, vl); + ConnectionEventFast(irc_whois_user_line, std::move(vl)); } break; @@ -436,12 +433,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - - ConnectionEvent(irc_whois_operator_line, vl); + ConnectionEventFast(irc_whois_operator_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + }); } break; @@ -467,11 +463,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { Val* idx = new StringVal(parts[i].c_str()); @@ -479,9 +472,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - vl->append(set); - - ConnectionEvent(irc_whois_channel_line, vl); + ConnectionEventFast(irc_whois_channel_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + }); } break; @@ -502,19 +498,17 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( pos < params.size() ) { string topic = params.substr(pos + 1); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[1].c_str())); - const char* t = topic.c_str(); + if ( *t == ':' ) ++t; - vl->append(new StringVal(t)); - - ConnectionEvent(irc_channel_topic, vl); + ConnectionEventFast(irc_channel_topic, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[1].c_str()), + new StringVal(t), + }); } else { @@ -537,24 +531,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); if ( parts[2][0] == '~' ) parts[2] = parts[2].substr(1); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new StringVal(parts[3].c_str())); - vl->append(new StringVal(parts[4].c_str())); - vl->append(new StringVal(parts[5].c_str())); - vl->append(new StringVal(parts[6].c_str())); + if ( parts[7][0] == ':' ) parts[7] = parts[7].substr(1); - vl->append(val_mgr->GetInt(atoi(parts[7].c_str()))); - vl->append(new StringVal(parts[8].c_str())); - ConnectionEvent(irc_who_line, vl); + ConnectionEventFast(irc_who_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new StringVal(parts[3].c_str()), + new StringVal(parts[4].c_str()), + new StringVal(parts[5].c_str()), + new StringVal(parts[6].c_str()), + val_mgr->GetInt(atoi(parts[7].c_str())), + new StringVal(parts[8].c_str()), + }); } break; @@ -565,10 +560,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 436: if ( irc_invalid_nick ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - ConnectionEvent(irc_invalid_nick, vl); + ConnectionEventFast(irc_invalid_nick, { + BuildConnVal(), + val_mgr->GetBool(orig), + }); } break; @@ -577,11 +572,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 491: // user is not operator if ( irc_oper_response ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetBool(code == 381)); - ConnectionEvent(irc_oper_response, vl); + ConnectionEventFast(irc_oper_response, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetBool(code == 381), + }); } break; @@ -592,14 +587,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // All other server replies. default: - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(val_mgr->GetCount(code)); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_reply, vl); + if ( irc_reply ) + ConnectionEventFast(irc_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + val_mgr->GetCount(code), + new StringVal(params.c_str()), + }); break; } return; @@ -662,33 +657,33 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) raw_ip = (10 * raw_ip) + atoi(s.c_str()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new AddrVal(htonl(raw_ip))); - vl->append(val_mgr->GetCount(atoi(parts[4].c_str()))); - if ( parts.size() >= 6 ) - vl->append(val_mgr->GetCount(atoi(parts[5].c_str()))); - else - vl->append(val_mgr->GetCount(0)); - ConnectionEvent(irc_dcc_message, vl); + if ( irc_dcc_message ) + ConnectionEventFast(irc_dcc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new AddrVal(htonl(raw_ip)), + val_mgr->GetCount(atoi(parts[4].c_str())), + parts.size() >= 6 ? + val_mgr->GetCount(atoi(parts[5].c_str())) : + val_mgr->GetCount(0), + }); } else { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_privmsg_message, vl); + if ( irc_privmsg_message ) + ConnectionEventFast(irc_privmsg_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } } @@ -707,14 +702,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_notice_message, vl); + ConnectionEventFast(irc_notice_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_squery_message && command == "SQUERY" ) @@ -732,35 +726,34 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squery_message, vl); + ConnectionEventFast(irc_squery_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_user_message && command == "USER" ) { // extract username and real name vector parts = SplitWords(params, ' '); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[0].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 1 ) - vl->append(new StringVal(parts[1].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[1].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 2 ) - vl->append(new StringVal(parts[2].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[2].c_str())); + else vl.append(val_mgr->GetEmptyString()); string realname; for ( unsigned int i = 3; i < parts.size(); i++ ) @@ -771,9 +764,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } const char* name = realname.c_str(); - vl->append(new StringVal(*name == ':' ? name + 1 : name)); + vl.append(new StringVal(*name == ':' ? name + 1 : name)); - ConnectionEvent(irc_user_message, vl); + ConnectionEventFast(irc_user_message, std::move(vl)); } else if ( irc_oper_message && command == "OPER" ) @@ -782,13 +775,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); if ( parts.size() == 2 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_oper_message, vl); + ConnectionEventFast(irc_oper_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else @@ -805,12 +797,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(prefix.c_str())); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); if ( parts.size() > 2 ) { string comment = parts[2]; @@ -820,12 +812,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( comment[0] == ':' ) comment = comment.substr(1); - vl->append(new StringVal(comment.c_str())); + vl.append(new StringVal(comment.c_str())); } else - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); - ConnectionEvent(irc_kick_message, vl); + ConnectionEventFast(irc_kick_message, std::move(vl)); } else if ( irc_join_message && command == "JOIN" ) @@ -849,11 +841,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + vector channels = SplitWords(parts[0], ','); vector passwords; @@ -876,9 +865,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEventFast(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_join_message && command == "NJOIN" ) @@ -895,12 +886,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) parts[1] = parts[1].substr(1); vector users = SplitWords(parts[1], ','); - - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + string empty_string = ""; for ( unsigned int i = 0; i < users.size(); ++i ) @@ -939,9 +926,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEventFast(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_part_message && command == "PART" ) @@ -977,14 +966,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); - vl->append(set); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_part_message, vl); + ConnectionEventFast(irc_part_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + new StringVal(message.c_str()), + }); } else if ( irc_quit_message && command == "QUIT" ) @@ -1001,13 +989,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nickname.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_quit_message, vl); + ConnectionEventFast(irc_quit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nickname.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_nick_message && command == "NICK" ) @@ -1016,13 +1003,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( nick[0] == ':' ) nick = nick.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(nick.c_str())); - - ConnectionEvent(irc_nick_message, vl); + ConnectionEventFast(irc_nick_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(nick.c_str()) + }); } else if ( irc_who_message && command == "WHO" ) @@ -1042,16 +1028,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0].size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else - vl->append(val_mgr->GetEmptyString()); - vl->append(val_mgr->GetBool(oper)); - - ConnectionEvent(irc_who_message, vl); + ConnectionEventFast(irc_who_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + parts.size() > 0 ? + new StringVal(parts[0].c_str()) : + val_mgr->GetEmptyString(), + val_mgr->GetBool(oper), + }); } else if ( irc_whois_message && command == "WHOIS" ) @@ -1074,26 +1058,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else users = parts[0]; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(users.c_str())); - - ConnectionEvent(irc_whois_message, vl); + ConnectionEventFast(irc_whois_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(server.c_str()), + new StringVal(users.c_str()), + }); } else if ( irc_error_message && command == "ERROR" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); if ( params[0] == ':' ) params = params.substr(1); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_error_message, vl); + ConnectionEventFast(irc_error_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else if ( irc_invite_message && command == "INVITE" ) @@ -1104,14 +1087,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[1].size() > 0 && parts[1][0] == ':' ) parts[1] = parts[1].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_invite_message, vl); + ConnectionEventFast(irc_invite_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else Weird("irc_invalid_invite_message_format"); @@ -1121,13 +1103,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( params.size() > 0 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_mode_message, vl); + ConnectionEventFast(irc_mode_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else @@ -1136,11 +1117,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else if ( irc_password_message && command == "PASS" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_password_message, vl); + ConnectionEventFast(irc_password_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(params.c_str()), + }); } else if ( irc_squit_message && command == "SQUIT" ) @@ -1158,14 +1139,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squit_message, vl); + ConnectionEventFast(irc_squit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(server.c_str()), + new StringVal(message.c_str()), + }); } @@ -1173,14 +1153,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_request, vl); + ConnectionEventFast(irc_request, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1188,14 +1167,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_message ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_message, vl); + ConnectionEventFast(irc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1224,10 +1202,8 @@ void IRC_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(irc_starttls, vl); + if ( irc_starttls ) + ConnectionEventFast(irc_starttls, {BuildConnVal()}); } vector IRC_Analyzer::SplitWords(const string input, const char split) diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h index 7eee46d838..6a6af93c45 100644 --- a/src/analyzer/protocol/krb/KRB.h +++ b/src/analyzer/protocol/krb/KRB.h @@ -9,6 +9,8 @@ #include #endif +#include + namespace analyzer { namespace krb { class KRB_Analyzer : public analyzer::Analyzer { diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index f8eb233a29..277bb752ff 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -289,9 +289,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) { if ( authentication_skipped ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - ConnectionEvent(authentication_skipped, vl); + ConnectionEventFast(authentication_skipped, {BuildConnVal()}); } state = LOGIN_STATE_SKIP; @@ -334,32 +332,26 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_terminal && streq(name, "TERM") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_terminal, vl); + ConnectionEventFast(login_terminal, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_display && streq(name, "DISPLAY") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_display, vl); + ConnectionEventFast(login_display, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_prompt && streq(name, "TTYPROMPT") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_prompt, vl); + ConnectionEventFast(login_prompt, { + BuildConnVal(), + new StringVal(val), + }); } } @@ -433,15 +425,13 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, Val* password = HaveTypeahead() ? PopUserTextVal() : new StringVal(""); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(username->Ref()); - vl->append(client_name ? client_name->Ref() : val_mgr->GetEmptyString()); - vl->append(password); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + username->Ref(), + client_name ? client_name->Ref() : val_mgr->GetEmptyString(), + password, + new StringVal(line), + }); } const char* Login_Analyzer::GetUsername(const char* line) const @@ -454,12 +444,13 @@ const char* Login_Analyzer::GetUsername(const char* line) const void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line) { - val_list* vl = new val_list; + if ( ! f ) + return; - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEventFast(f, { + BuildConnVal(), + new StringVal(line), + }); } @@ -469,12 +460,11 @@ void Login_Analyzer::Confused(const char* msg, const char* line) if ( login_confused ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(msg)); - vl->append(new StringVal(line)); - - ConnectionEvent(login_confused, vl); + ConnectionEventFast(login_confused, { + BuildConnVal(), + new StringVal(msg), + new StringVal(line), + }); } if ( login_confused_text ) @@ -496,10 +486,10 @@ void Login_Analyzer::ConfusionText(const char* line) { if ( login_confused_text ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - ConnectionEvent(login_confused_text, vl); + ConnectionEventFast(login_confused_text, { + BuildConnVal(), + new StringVal(line), + }); } } diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 11952103bf..9f2e6a2de4 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -461,11 +461,10 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len) { if ( login_terminal ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(new BroString(terminal, len, 0))); - - ConnectionEvent(login_terminal, vl); + ConnectionEventFast(login_terminal, { + BuildConnVal(), + new StringVal(new BroString(terminal, len, 0)), + }); } } diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 0afacb2f2b..9485e6269e 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "Event.h" @@ -156,31 +156,38 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { Login_Analyzer::DeliverStream(len, data, orig); + if ( orig ) + { + if ( ! rsh_request ) + return; + } + else + { + if ( ! rsh_reply ) + return; + } + + val_list vl(4 + orig); const char* line = (const char*) data; - val_list* vl = new val_list; - line = skip_whitespace(line); - vl->append(BuildConnVal()); - vl->append(client_name ? client_name->Ref() : new StringVal("")); - vl->append(username ? username->Ref() : new StringVal("")); - vl->append(new StringVal(line)); + vl.append(BuildConnVal()); + vl.append(client_name ? client_name->Ref() : new StringVal("")); + vl.append(username ? username->Ref() : new StringVal("")); + vl.append(new StringVal(line)); - if ( orig && rsh_request ) + if ( orig ) { if ( contents_orig->RshSaveState() == RSH_SERVER_USER_NAME ) // First input - vl->append(val_mgr->GetTrue()); + vl.append(val_mgr->GetTrue()); else - vl->append(val_mgr->GetFalse()); + vl.append(val_mgr->GetFalse()); - ConnectionEvent(rsh_request, vl); + ConnectionEventFast(rsh_request, std::move(vl)); } - else if ( rsh_reply ) - ConnectionEvent(rsh_reply, vl); - else - delete_vals(vl); + ConnectionEventFast(rsh_reply, std::move(vl)); } void Rsh_Analyzer::ClientUserName(const char* s) diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 6979148676..62b391849b 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "Event.h" @@ -244,11 +244,9 @@ void Rlogin_Analyzer::TerminalType(const char* s) { if ( login_terminal ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(s)); - - ConnectionEvent(login_terminal, vl); + ConnectionEventFast(login_terminal, { + BuildConnVal(), + new StringVal(s), + }); } } diff --git a/src/analyzer/protocol/login/Telnet.cc b/src/analyzer/protocol/login/Telnet.cc index 78a3289931..5a187a8221 100644 --- a/src/analyzer/protocol/login/Telnet.cc +++ b/src/analyzer/protocol/login/Telnet.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Telnet.h" #include "NVT.h" diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 931e155fdf..8fb027f8e8 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "MIME.h" @@ -1358,11 +1358,11 @@ void MIME_Mail::Done() hash_final(md5_hash, digest); md5_hash = nullptr; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(content_hash_length)); - vl->append(new StringVal(new BroString(1, digest, 16))); - analyzer->ConnectionEvent(mime_content_hash, vl); + analyzer->ConnectionEventFast(mime_content_hash, { + analyzer->BuildConnVal(), + val_mgr->GetCount(content_hash_length), + new StringVal(new BroString(1, digest, 16)), + }); } MIME_Message::Done(); @@ -1386,11 +1386,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */) cur_entity_id.clear(); if ( mime_begin_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_begin_entity, vl); - } + analyzer->ConnectionEventFast(mime_begin_entity, {analyzer->BuildConnVal()}); buffer_start = data_start = 0; ASSERT(entity_content.size() == 0); @@ -1402,12 +1398,11 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) { BroString* s = concatenate(entity_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - - analyzer->ConnectionEvent(mime_entity_data, vl); + analyzer->ConnectionEventFast(mime_entity_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); if ( ! mime_all_data ) delete_strings(entity_content); @@ -1416,11 +1411,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) } if ( mime_end_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_end_entity, vl); - } + analyzer->ConnectionEventFast(mime_end_entity, {analyzer->BuildConnVal()}); file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); @@ -1430,10 +1421,10 @@ void MIME_Mail::SubmitHeader(MIME_Header* h) { if ( mime_one_header ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderVal(h)); - analyzer->ConnectionEvent(mime_one_header, vl); + analyzer->ConnectionEventFast(mime_one_header, { + analyzer->BuildConnVal(), + BuildHeaderVal(h), + }); } } @@ -1441,10 +1432,10 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist) { if ( mime_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(mime_all_headers, vl); + analyzer->ConnectionEventFast(mime_all_headers, { + analyzer->BuildConnVal(), + BuildHeaderTable(hlist), + }); } } @@ -1478,11 +1469,11 @@ void MIME_Mail::SubmitData(int len, const char* buf) const char* data = (char*) data_buffer->Bytes() + data_start; int data_len = (buf + len) - data; - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(data_len)); - vl->append(new StringVal(data_len, data)); - analyzer->ConnectionEvent(mime_segment_data, vl); + analyzer->ConnectionEventFast(mime_segment_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(data_len), + new StringVal(data_len, data), + }); } cur_entity_id = file_mgr->DataIn(reinterpret_cast(buf), len, @@ -1525,12 +1516,11 @@ void MIME_Mail::SubmitAllData() BroString* s = concatenate(all_content); delete_strings(all_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - - analyzer->ConnectionEvent(mime_all_data, vl); + analyzer->ConnectionEventFast(mime_all_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); } } @@ -1555,10 +1545,10 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) if ( mime_event ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(new StringVal(detail)); - analyzer->ConnectionEvent(mime_event, vl); + analyzer->ConnectionEventFast(mime_event, { + analyzer->BuildConnVal(), + new StringVal(category), + new StringVal(detail), + }); } } diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index b59358b703..e8407b9fc4 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -61,21 +61,27 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) EventHandlerPtr f = frame->is_orig() ? ncp_request : ncp_reply; if ( f ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(frame->frame_type())); - vl->append(val_mgr->GetCount(frame->body_length())); - if ( frame->is_orig() ) - vl->append(val_mgr->GetCount(req_func)); + { + analyzer->ConnectionEventFast(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_func), + }); + } else { - vl->append(val_mgr->GetCount(req_frame_type)); - vl->append(val_mgr->GetCount(req_func)); - vl->append(val_mgr->GetCount(frame->reply()->completion_code())); + analyzer->ConnectionEventFast(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_frame_type), + val_mgr->GetCount(req_func), + val_mgr->GetCount(frame->reply()->completion_code()), + }); } - analyzer->ConnectionEvent(f, vl); } } diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 492375b7aa..94812d816c 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -58,12 +58,12 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { if ( netbios_session_message ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(val_mgr->GetCount(type)); - vl->append(val_mgr->GetCount(len)); - analyzer->ConnectionEvent(netbios_session_message, vl); + analyzer->ConnectionEventFast(netbios_session_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + val_mgr->GetCount(type), + val_mgr->GetCount(len), + }); } switch ( type ) { @@ -328,13 +328,19 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, if ( ! event ) return; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); if ( is_orig >= 0 ) - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(new BroString(data, len, 0))); - - analyzer->ConnectionEvent(event, vl); + { + analyzer->ConnectionEventFast(event, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(new BroString(data, len, 0)), + }); + } + else + analyzer->ConnectionEventFast(event, { + analyzer->BuildConnVal(), + new StringVal(new BroString(data, len, 0)), + }); } diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index c72a9d249a..0f0d842570 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -94,6 +94,9 @@ refine connection NTLM_Conn += { function proc_ntlm_negotiate(val: NTLM_Negotiate): bool %{ + if ( ! ntlm_negotiate ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Negotiate); result->Assign(0, build_negotiate_flag_record(${val.flags})); @@ -115,6 +118,9 @@ refine connection NTLM_Conn += { function proc_ntlm_challenge(val: NTLM_Challenge): bool %{ + if ( ! ntlm_challenge ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Challenge); result->Assign(0, build_negotiate_flag_record(${val.flags})); @@ -136,6 +142,9 @@ refine connection NTLM_Conn += { function proc_ntlm_authenticate(val: NTLM_Authenticate): bool %{ + if ( ! ntlm_authenticate ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Authenticate); result->Assign(0, build_negotiate_flag_record(${val.flags})); diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index 631d5bc3e9..61fd92ee84 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "NTP.h" @@ -62,6 +62,9 @@ void NTP_Analyzer::Message(const u_char* data, int len) len -= sizeof *ntp_data; data += sizeof *ntp_data; + if ( ! ntp_message ) + return; + RecordVal* msg = new RecordVal(ntp_msg); unsigned int code = ntp_data->status & 0x7; @@ -78,12 +81,11 @@ void NTP_Analyzer::Message(const u_char* data, int len) msg->Assign(9, new Val(LongFloat(ntp_data->rec), TYPE_TIME)); msg->Assign(10, new Val(LongFloat(ntp_data->xmt), TYPE_TIME)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(msg); - vl->append(new StringVal(new BroString(data, len, 0))); - - ConnectionEvent(ntp_message, vl); + ConnectionEventFast(ntp_message, { + BuildConnVal(), + msg, + new StringVal(new BroString(data, len, 0)), + }); } double NTP_Analyzer::ShortFloat(struct s_fixedpt fp) diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 2cd5041a70..62b57674e1 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -1,7 +1,7 @@ // This code contributed to Bro by Florian Schimandl, Hugh Dollman and // Robin Sommer. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -833,10 +833,8 @@ void POP3_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(pop3_starttls, vl); + if ( pop3_starttls ) + ConnectionEventFast(pop3_starttls, {BuildConnVal()}); } void POP3_Analyzer::AuthSuccessfull() @@ -926,14 +924,14 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, if ( ! event ) return; - val_list* vl = new val_list; + val_list vl(2 + (bool)arg1 + (bool)arg2); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(is_orig)); if ( arg1 ) - vl->append(new StringVal(arg1)); + vl.append(new StringVal(arg1)); if ( arg2 ) - vl->append(new StringVal(arg2)); + vl.append(new StringVal(arg2)); - ConnectionEvent(event, vl); + ConnectionEventFast(event, std::move(vl)); } diff --git a/src/analyzer/protocol/rfb/rfb-analyzer.pac b/src/analyzer/protocol/rfb/rfb-analyzer.pac index 39a792ba89..67adba8681 100644 --- a/src/analyzer/protocol/rfb/rfb-analyzer.pac +++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac @@ -1,7 +1,8 @@ refine flow RFB_Flow += { function proc_rfb_message(msg: RFB_PDU): bool %{ - BifEvent::generate_rfb_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn()); + if ( rfb_event ) + BifEvent::generate_rfb_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn()); return true; %} @@ -9,44 +10,51 @@ refine flow RFB_Flow += { %{ if (client) { - BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); + if ( rfb_client_version ) + BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); connection()->bro_analyzer()->ProtocolConfirmation(); } else { - BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); + if ( rfb_server_version ) + BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); } return true; %} function proc_rfb_share_flag(shared: bool) : bool %{ - BifEvent::generate_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared); + if ( rfb_share_flag ) + BifEvent::generate_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared); return true; %} function proc_security_types(msg: RFBSecurityTypes) : bool %{ - BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype}); + if ( rfb_authentication_type ) + BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype}); return true; %} function proc_security_types37(msg: RFBAuthTypeSelected) : bool %{ - BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type}); + if ( rfb_authentication_type ) + BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type}); return true; %} function proc_handle_server_params(msg:RFBServerInit) : bool %{ - BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height}); + if ( rfb_server_parameters ) + BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height}); return true; %} function proc_handle_security_result(result : uint32) : bool %{ - BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result); + if ( rfb_auth_result ) + BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result); return true; %} }; diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 604d2e3ed1..643aa21891 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" @@ -93,9 +93,9 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status if ( mount_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(mount_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEventFast(mount_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -162,34 +162,34 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEventFast(event, std::move(vl)); } else Unref(reply); return 1; } -val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, +val_list MOUNT_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and mount3_info. // These are the first parameters for each mount_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for (size_t i = 0; i < c->AuxGIDs().size(); ++i) @@ -212,7 +212,7 @@ val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/MOUNT.h b/src/analyzer/protocol/rpc/MOUNT.h index 42da4f61ed..7c243f96a0 100644 --- a/src/analyzer/protocol/rpc/MOUNT.h +++ b/src/analyzer/protocol/rpc/MOUNT.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // mount_status. These are the first parameters for each mount_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate MOUNTv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index ff16812d65..9eb9e88d95 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" @@ -147,9 +147,9 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, if ( nfs_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(nfs_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEventFast(nfs_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -274,18 +274,18 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEventFast(event, std::move(vl)); } else Unref(reply); @@ -317,15 +317,15 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse return 0; } -val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, +val_list NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and nfs3_info. // These are the first parameters for each nfs_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for ( size_t i = 0; i < c->AuxGIDs().size(); ++i ) @@ -346,7 +346,7 @@ val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_s info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index 2ec4047946..56a368bfdc 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // nfs_status. These are the first parameters for each nfs_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate NFSv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 95beab6b62..eb26991921 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" @@ -261,10 +261,10 @@ uint32 PortmapperInterp::CheckPort(uint32 port) { if ( pm_bad_port ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(port)); - analyzer->ConnectionEvent(pm_bad_port, vl); + analyzer->ConnectionEventFast(pm_bad_port, { + analyzer->BuildConnVal(), + val_mgr->GetCount(port), + }); } port = 0; @@ -282,25 +282,25 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu return; } - val_list* vl = new val_list; + val_list vl; - vl->append(analyzer->BuildConnVal()); + vl.append(analyzer->BuildConnVal()); if ( status == BifEnum::RPC_SUCCESS ) { if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); } else { - vl->append(BifType::Enum::rpc_status->GetVal(status)); + vl.append(BifType::Enum::rpc_status->GetVal(status)); if ( request ) - vl->append(request); + vl.append(request); } - analyzer->ConnectionEvent(f, vl); + analyzer->ConnectionEventFast(f, std::move(vl)); } Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn) diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 5bd748d1ea..587050f897 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -4,7 +4,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" @@ -330,16 +330,16 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { if ( rpc_dialogue ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(new Val(c->StartTime(), TYPE_TIME)); - vl->append(val_mgr->GetCount(c->CallLen())); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_dialogue, vl); + analyzer->ConnectionEventFast(rpc_dialogue, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + BifType::Enum::rpc_status->GetVal(status), + new Val(c->StartTime(), TYPE_TIME), + val_mgr->GetCount(c->CallLen()), + val_mgr->GetCount(reply_len), + }); } } @@ -347,14 +347,14 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { if ( rpc_call ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->XID())); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(val_mgr->GetCount(c->CallLen())); - analyzer->ConnectionEvent(rpc_call, vl); + analyzer->ConnectionEventFast(rpc_call, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->XID()), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + val_mgr->GetCount(c->CallLen()), + }); } } @@ -362,12 +362,12 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { if ( rpc_reply ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(xid)); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_reply, vl); + analyzer->ConnectionEventFast(rpc_reply, { + analyzer->BuildConnVal(), + val_mgr->GetCount(xid), + BifType::Enum::rpc_status->GetVal(status), + val_mgr->GetCount(reply_len), + }); } } diff --git a/src/analyzer/protocol/rpc/XDR.cc b/src/analyzer/protocol/rpc/XDR.cc index 9ae1ba1236..33973327ee 100644 --- a/src/analyzer/protocol/rpc/XDR.cc +++ b/src/analyzer/protocol/rpc/XDR.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "XDR.h" diff --git a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac index 0cdae1cefb..01eae48d0b 100644 --- a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac @@ -6,8 +6,10 @@ refine connection SMB_Conn += { BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) ) { set_tree_is_pipe(${header.tid}); - BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), - bro_analyzer()->Conn()); + + if ( smb_pipe_connect_heuristic ) + BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), + bro_analyzer()->Conn()); } if ( smb1_nt_create_andx_request ) diff --git a/src/analyzer/protocol/smb/smb1-protocol.pac b/src/analyzer/protocol/smb/smb1-protocol.pac index 4ba86d1b75..d5df7a3fca 100644 --- a/src/analyzer/protocol/smb/smb1-protocol.pac +++ b/src/analyzer/protocol/smb/smb1-protocol.pac @@ -66,9 +66,10 @@ refine connection SMB_Conn += { } else { - BifEvent::generate_smb1_error(bro_analyzer(), - bro_analyzer()->Conn(), - BuildHeaderVal(h), is_orig); + if ( smb1_error ) + BifEvent::generate_smb1_error(bro_analyzer(), + bro_analyzer()->Conn(), + BuildHeaderVal(h), is_orig); } return true; %} diff --git a/src/analyzer/protocol/smb/smb2-com-create.pac b/src/analyzer/protocol/smb/smb2-com-create.pac index 2f7dfc4d26..d3df094f51 100644 --- a/src/analyzer/protocol/smb/smb2-com-create.pac +++ b/src/analyzer/protocol/smb/smb2-com-create.pac @@ -7,8 +7,10 @@ refine connection SMB_Conn += { BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) ) { set_tree_is_pipe(${h.tree_id}); - BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), - bro_analyzer()->Conn()); + + if ( smb_pipe_connect_heuristic ) + BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), + bro_analyzer()->Conn()); } if ( smb2_create_request ) diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 6b92484431..2ba011b8ef 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -220,11 +220,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( smtp_data && ! skip_data ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(data_len, line)); - ConnectionEvent(smtp_data, vl); + ConnectionEventFast(smtp_data, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(data_len, line), + }); } } @@ -350,15 +350,14 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(cmd)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool((pending_reply > 0))); - - ConnectionEvent(smtp_reply, vl); + ConnectionEventFast(smtp_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetCount(reply_code), + new StringVal(cmd), + new StringVal(end_of_line - line, line), + val_mgr->GetBool((pending_reply > 0)), + }); } } @@ -411,10 +410,8 @@ void SMTP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(smtp_starttls, vl); + if ( smtp_starttls ) + ConnectionEventFast(smtp_starttls, {BuildConnVal()}); } @@ -856,14 +853,14 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, int arg_len, const char* arg) { ProtocolConfirmation(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig_is_sender)); - vl->append((new StringVal(cmd_len, cmd))->ToUpper()); - vl->append(new StringVal(arg_len, arg)); - - ConnectionEvent(smtp_request, vl); + if ( smtp_request ) + ConnectionEventFast(smtp_request, { + BuildConnVal(), + val_mgr->GetBool(orig_is_sender), + (new StringVal(cmd_len, cmd))->ToUpper(), + new StringVal(arg_len, arg), + }); } void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, @@ -874,17 +871,16 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, if ( smtp_unexpected ) { - val_list* vl = new val_list; int is_orig = is_sender; if ( ! orig_is_sender ) is_orig = ! is_orig; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(msg)); - vl->append(new StringVal(detail_len, detail)); - - ConnectionEvent(smtp_unexpected, vl); + ConnectionEventFast(smtp_unexpected, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(msg), + new StringVal(detail_len, detail), + }); } } diff --git a/src/analyzer/protocol/socks/socks-analyzer.pac b/src/analyzer/protocol/socks/socks-analyzer.pac index f625851d0a..b0ec62e2b9 100644 --- a/src/analyzer/protocol/socks/socks-analyzer.pac +++ b/src/analyzer/protocol/socks/socks-analyzer.pac @@ -22,18 +22,22 @@ refine connection SOCKS_Conn += { function socks4_request(request: SOCKS4_Request): bool %{ - RecordVal* sa = new RecordVal(socks_address); - sa->Assign(0, new AddrVal(htonl(${request.addr}))); - if ( ${request.v4a} ) - sa->Assign(1, array_to_string(${request.name})); + if ( socks_request ) + { + RecordVal* sa = new RecordVal(socks_address); + sa->Assign(0, new AddrVal(htonl(${request.addr}))); - BifEvent::generate_socks_request(bro_analyzer(), - bro_analyzer()->Conn(), - 4, - ${request.command}, - sa, - val_mgr->GetPort(${request.port}, TRANSPORT_TCP), - array_to_string(${request.user})); + if ( ${request.v4a} ) + sa->Assign(1, array_to_string(${request.name})); + + BifEvent::generate_socks_request(bro_analyzer(), + bro_analyzer()->Conn(), + 4, + ${request.command}, + sa, + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), + array_to_string(${request.user})); + } static_cast(bro_analyzer())->EndpointDone(true); @@ -42,15 +46,18 @@ refine connection SOCKS_Conn += { function socks4_reply(reply: SOCKS4_Reply): bool %{ - RecordVal* sa = new RecordVal(socks_address); - sa->Assign(0, new AddrVal(htonl(${reply.addr}))); + if ( socks_reply ) + { + RecordVal* sa = new RecordVal(socks_address); + sa->Assign(0, new AddrVal(htonl(${reply.addr}))); - BifEvent::generate_socks_reply(bro_analyzer(), - bro_analyzer()->Conn(), - 4, - ${reply.status}, - sa, - val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + BifEvent::generate_socks_reply(bro_analyzer(), + bro_analyzer()->Conn(), + 4, + ${reply.status}, + sa, + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + } bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); @@ -97,13 +104,16 @@ refine connection SOCKS_Conn += { return false; } - BifEvent::generate_socks_request(bro_analyzer(), - bro_analyzer()->Conn(), - 5, - ${request.command}, - sa, - val_mgr->GetPort(${request.port}, TRANSPORT_TCP), - val_mgr->GetEmptyString()); + if ( socks_request ) + BifEvent::generate_socks_request(bro_analyzer(), + bro_analyzer()->Conn(), + 5, + ${request.command}, + sa, + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), + val_mgr->GetEmptyString()); + else + Unref(sa); static_cast(bro_analyzer())->EndpointDone(true); @@ -136,12 +146,15 @@ refine connection SOCKS_Conn += { return false; } - BifEvent::generate_socks_reply(bro_analyzer(), - bro_analyzer()->Conn(), - 5, - ${reply.reply}, - sa, - val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + if ( socks_reply ) + BifEvent::generate_socks_reply(bro_analyzer(), + bro_analyzer()->Conn(), + 5, + ${reply.reply}, + sa, + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + else + Unref(sa); bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); @@ -150,6 +163,9 @@ refine connection SOCKS_Conn += { function socks5_auth_request_userpass(request: SOCKS5_Auth_Request_UserPass_v1): bool %{ + if ( ! socks_login_userpass_request ) + return true; + StringVal* user = new StringVal(${request.username}.length(), (const char*) ${request.username}.begin()); StringVal* pass = new StringVal(${request.password}.length(), (const char*) ${request.password}.begin()); @@ -173,9 +189,10 @@ refine connection SOCKS_Conn += { function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool %{ - BifEvent::generate_socks_login_userpass_reply(bro_analyzer(), - bro_analyzer()->Conn(), - ${reply.code}); + if ( socks_login_userpass_reply ) + BifEvent::generate_socks_login_userpass_reply(bro_analyzer(), + bro_analyzer()->Conn(), + ${reply.code}); return true; %} diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 03a2a93868..e00dd83cc6 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -73,7 +73,7 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## sent in TLSv1.3 or SSLv2. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_extension -## ssl_session_ticket_handshake x509_certificate ssl_server_curve +## ssl_session_ticket_handshake x509_certificate ## ssl_dh_server_params ssl_handshake_message ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms @@ -116,7 +116,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%); ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ssl_rsa_client_pms ssl_server_signature ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -136,7 +136,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -157,7 +157,7 @@ event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_format ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_key_share +## ssl_extension_server_name ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature @@ -176,32 +176,12 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve +## ssl_extension_server_name ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%); -## Generated if a named curve is chosen by the server for an SSL/TLS connection. -## The curve is sent by the server in the ServerKeyExchange message as defined -## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen. -## -## c: The connection. -## -## curve: The curve. -## -## .. note:: This event is deprecated and superseded by the ssl_ecdh_server_params -## event. This event will be removed in a future version of Bro. -## -## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_extension -## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_extension_key_share -## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions -## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params -## ssl_rsa_client_pms ssl_server_signature -event ssl_server_curve%(c: connection, curve: count%) &deprecated; - ## Generated if a server uses an ECDH-anon or ECDHE cipher suite using a named curve ## This event contains the named curve name and the server ECDH parameters contained ## in the ServerKeyExchange message as defined in :rfc:`4492`. @@ -213,7 +193,7 @@ event ssl_server_curve%(c: connection, curve: count%) &deprecated; ## point: The server's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); @@ -230,7 +210,7 @@ event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); ## Ys: The server's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); @@ -253,7 +233,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); ## message is used for signing. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_rsa_client_pms +## ssl_session_ticket_handshake ssl_rsa_client_pms ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%); @@ -266,7 +246,7 @@ event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::Sig ## point: The client's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_rsa_client_pms event ssl_ecdh_client_params%(c: connection, point: string%); @@ -279,7 +259,7 @@ event ssl_ecdh_client_params%(c: connection, point: string%); ## Yc: The client's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_ecdh_server_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_dh_client_params%(c: connection, Yc: string%); @@ -292,7 +272,7 @@ event ssl_dh_client_params%(c: connection, Yc: string%); ## pms: The encrypted pre-master secret. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_rsa_client_pms%(c: connection, pms: string%); diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index bf35218873..7d23ecc75e 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -17,8 +17,8 @@ refine connection SSL_Conn += { function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool %{ - BifEvent::generate_ssl_established(bro_analyzer(), - bro_analyzer()->Conn()); + if ( ssl_established ) + BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); return true; %} diff --git a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac index d92f850d28..56573fd48e 100644 --- a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac @@ -31,8 +31,9 @@ refine connection SSL_Conn += { function proc_alert(rec: SSLRecord, level : int, desc : int) : bool %{ - BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, level, desc); + if ( ssl_alert ) + BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, level, desc); return true; %} function proc_unknown_record(rec: SSLRecord) : bool @@ -50,8 +51,8 @@ refine connection SSL_Conn += { established_ == false ) { established_ = true; - BifEvent::generate_ssl_established(bro_analyzer(), - bro_analyzer()->Conn()); + if ( ssl_established ) + BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); } if ( ssl_encrypted_data ) @@ -72,9 +73,10 @@ refine connection SSL_Conn += { function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool %{ - BifEvent::generate_ssl_heartbeat(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, - new StringVal(data.length(), (const char*) data.data())); + if ( ssl_heartbeat ) + BifEvent::generate_ssl_heartbeat(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, + new StringVal(data.length(), (const char*) data.data())); return true; %} @@ -93,8 +95,9 @@ refine connection SSL_Conn += { function proc_ccs(rec: SSLRecord) : bool %{ - BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}); + if ( ssl_change_cipher_spec ) + BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}); return true; %} diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 5cf250c366..e19f43241c 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -72,6 +72,9 @@ refine connection Handshake_Conn += { function proc_ec_point_formats(rec: HandshakeRecord, point_format_list: uint8[]) : bool %{ + if ( ! ssl_extension_ec_point_formats ) + return true; + VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( point_format_list ) @@ -88,6 +91,9 @@ refine connection Handshake_Conn += { function proc_elliptic_curves(rec: HandshakeRecord, list: uint16[]) : bool %{ + if ( ! ssl_extension_elliptic_curves ) + return true; + VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( list ) @@ -104,6 +110,9 @@ refine connection Handshake_Conn += { function proc_client_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry[]) : bool %{ + if ( ! ssl_extension_key_share ) + return true; + VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( keyshare ) @@ -113,11 +122,15 @@ refine connection Handshake_Conn += { } BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist); + return true; %} function proc_server_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry) : bool %{ + if ( ! ssl_extension_key_share ) + return true; + VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType()); nglist->Assign(0u, val_mgr->GetCount(keyshare->namedgroup())); @@ -127,6 +140,9 @@ refine connection Handshake_Conn += { function proc_signature_algorithm(rec: HandshakeRecord, supported_signature_algorithms: SignatureAndHashAlgorithm[]) : bool %{ + if ( ! ssl_extension_signature_algorithm ) + return true; + VectorVal* slist = new VectorVal(internal_type("signature_and_hashalgorithm_vec")->AsVectorType()); if ( supported_signature_algorithms ) @@ -147,6 +163,9 @@ refine connection Handshake_Conn += { function proc_apnl(rec: HandshakeRecord, protocols: ProtocolName[]) : bool %{ + if ( ! ssl_extension_application_layer_protocol_negotiation ) + return true; + VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType()); if ( protocols ) @@ -183,14 +202,20 @@ refine connection Handshake_Conn += { } } - BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, servers); + if ( ssl_extension_server_name ) + BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, servers); + else + Unref(servers); return true; %} function proc_supported_versions(rec: HandshakeRecord, versions_list: uint16[]) : bool %{ + if ( ! ssl_extension_supported_versions ) + return true; + VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( versions_list ) @@ -207,6 +232,9 @@ refine connection Handshake_Conn += { function proc_one_supported_version(rec: HandshakeRecord, version: uint16) : bool %{ + if ( ! ssl_extension_supported_versions ) + return true; + VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType()); versions->Assign(0u, val_mgr->GetCount(version)); @@ -218,6 +246,9 @@ refine connection Handshake_Conn += { function proc_psk_key_exchange_modes(rec: HandshakeRecord, mode_list: uint8[]) : bool %{ + if ( ! ssl_extension_psk_key_exchange_modes ) + return true; + VectorVal* modes = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( mode_list ) @@ -272,10 +303,11 @@ refine connection Handshake_Conn += { response.length(), bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), false, file_id, "application/ocsp-response"); - BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, - new StringVal(response.length(), - (const char*) response.data())); + if ( ssl_stapled_ocsp ) + BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), + bro_analyzer()->Conn(), + ${rec.is_orig}, + new StringVal(response.length(), (const char*) response.data())); file_mgr->EndOfFile(file_id); } @@ -288,26 +320,28 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); - RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) + if ( ssl_server_signature ) { - ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm})); - } + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) + { + ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm})); + } else - { - // set to impossible value - ha->Assign(0, val_mgr->GetCount(256)); - ha->Assign(1, val_mgr->GetCount(256)); - } + { + // set to impossible value + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); + } - BifEvent::generate_ssl_server_signature(bro_analyzer(), - bro_analyzer()->Conn(), ha, new StringVal(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data())); + BifEvent::generate_ssl_server_signature(bro_analyzer(), + bro_analyzer()->Conn(), ha, new StringVal(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data())); + } return true; %} @@ -317,34 +351,42 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); return true; %} function proc_rsa_client_key_exchange(rec: HandshakeRecord, rsa_pms: bytestring) : bool %{ - BifEvent::generate_ssl_rsa_client_pms(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(rsa_pms.length(), (const char*)rsa_pms.data())); + if ( ssl_rsa_client_pms ) + BifEvent::generate_ssl_rsa_client_pms(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(rsa_pms.length(), (const char*)rsa_pms.data())); + return true; %} function proc_dh_client_key_exchange(rec: HandshakeRecord, Yc: bytestring) : bool %{ - BifEvent::generate_ssl_dh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(Yc.length(), (const char*)Yc.data())); + if ( ssl_dh_client_params ) + BifEvent::generate_ssl_dh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(Yc.length(), (const char*)Yc.data())); + return true; %} function proc_ecdh_client_key_exchange(rec: HandshakeRecord, point: bytestring) : bool %{ - BifEvent::generate_ssl_ecdh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(point.length(), (const char*)point.data())); + if ( ssl_ecdh_client_params ) + BifEvent::generate_ssl_ecdh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(point.length(), (const char*)point.data())); + return true; %} function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool %{ + if ( ! ssl_extension_signed_certificate_timestamp ) + return true; + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); ha->Assign(0, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm())); ha->Assign(1, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm())); @@ -363,50 +405,56 @@ refine connection Handshake_Conn += { function proc_dhe_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring, signed_params: ServerKeyExchangeSignature) : bool %{ - BifEvent::generate_ssl_dh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), - new StringVal(p.length(), (const char*) p.data()), - new StringVal(g.length(), (const char*) g.data()), - new StringVal(Ys.length(), (const char*) Ys.data()) - ); + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); - RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - if ( ${signed_params.uses_signature_and_hashalgorithm} ) + if ( ssl_server_signature ) { - ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm})); - } - else - { - // set to impossible value - ha->Assign(0, val_mgr->GetCount(256)); - ha->Assign(1, val_mgr->GetCount(256)); - } + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + if ( ${signed_params.uses_signature_and_hashalgorithm} ) + { + ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm})); + } + else + { + // set to impossible value + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); + } - BifEvent::generate_ssl_server_signature(bro_analyzer(), - bro_analyzer()->Conn(), ha, - new StringVal(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data()) - ); + BifEvent::generate_ssl_server_signature(bro_analyzer(), + bro_analyzer()->Conn(), ha, + new StringVal(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data()) + ); + } return true; %} function proc_dh_anon_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool %{ - BifEvent::generate_ssl_dh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), - new StringVal(p.length(), (const char*) p.data()), - new StringVal(g.length(), (const char*) g.data()), - new StringVal(Ys.length(), (const char*) Ys.data()) - ); + if ( ssl_dh_server_params ) + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); return true; %} function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool %{ - BifEvent::generate_ssl_handshake_message(bro_analyzer(), - bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); + if ( ssl_handshake_message ) + BifEvent::generate_ssl_handshake_message(bro_analyzer(), + bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); return true; %} diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 3035a0b1a5..d3844846b9 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include @@ -139,25 +139,23 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2) if ( ! f ) return; - val_list* vl = new val_list; - - vl->append(val_mgr->GetInt(id1)); - if ( id2 >= 0 ) - vl->append(val_mgr->GetInt(id2)); + endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); + else + endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1)}); - endp->TCP()->ConnectionEvent(f, vl); } void SteppingStoneEndpoint::CreateEndpEvent(int is_orig) { - val_list* vl = new val_list; + if ( ! stp_create_endp ) + return; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetInt(stp_id)); - vl->append(val_mgr->GetBool(is_orig)); - - endp->TCP()->ConnectionEvent(stp_create_endp, vl); + endp->TCP()->ConnectionEventFast(stp_create_endp, { + endp->TCP()->BuildConnVal(), + val_mgr->GetInt(stp_id), + val_mgr->GetBool(is_orig), + }); } SteppingStone_Analyzer::SteppingStone_Analyzer(Connection* c) diff --git a/src/analyzer/protocol/syslog/syslog-analyzer.pac b/src/analyzer/protocol/syslog/syslog-analyzer.pac index 46e2cc171d..2bbdfd3754 100644 --- a/src/analyzer/protocol/syslog/syslog-analyzer.pac +++ b/src/analyzer/protocol/syslog/syslog-analyzer.pac @@ -11,6 +11,9 @@ flow Syslog_Flow function process_syslog_message(m: Syslog_Message): bool %{ + if ( ! syslog_message ) + return true; + if ( ${m.has_pri} ) BifEvent::generate_syslog_message( connection()->bro_analyzer(), diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 188df11092..51e9960d9f 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -299,11 +299,11 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig, if ( OS_val ) { // found new OS version - val_list* vl = new val_list; - vl->append(tcp->BuildConnVal()); - vl->append(src_addr_val->Ref()); - vl->append(OS_val); - tcp->ConnectionEvent(OS_version_found, vl); + tcp->ConnectionEventFast(OS_version_found, { + tcp->BuildConnVal(), + src_addr_val->Ref(), + OS_val, + }); } } @@ -965,20 +965,17 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - val_list* vl = new val_list(); - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(flags.AsString())); - vl->append(val_mgr->GetCount(rel_seq)); - vl->append(val_mgr->GetCount(flags.ACK() ? rel_ack : 0)); - vl->append(val_mgr->GetCount(len)); - - // We need the min() here because Ethernet padding can lead to - // caplen > len. - vl->append(new StringVal(min(caplen, len), (const char*) data)); - - ConnectionEvent(tcp_packet, vl); + ConnectionEventFast(tcp_packet, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(flags.AsString()), + val_mgr->GetCount(rel_seq), + val_mgr->GetCount(flags.ACK() ? rel_ack : 0), + val_mgr->GetCount(len), + // We need the min() here because Ethernet padding can lead to + // caplen > len. + new StringVal(min(caplen, len), (const char*) data), + }); } int TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen, @@ -1283,10 +1280,10 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( connection_SYN_packet ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(SYN_vals->Ref()); - ConnectionEvent(connection_SYN_packet, vl); + ConnectionEventFast(connection_SYN_packet, { + BuildConnVal(), + SYN_vals->Ref(), + }); } passive_fingerprint(this, is_orig, ip, tp, tcp_hdr_len); @@ -1510,14 +1507,12 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt, { if ( tcp_option ) { - val_list* vl = new val_list(); - - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(opt)); - vl->append(val_mgr->GetCount(optlen)); - - analyzer->ConnectionEvent(tcp_option, vl); + analyzer->ConnectionEventFast(tcp_option, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(opt), + val_mgr->GetCount(optlen), + }); } return 0; @@ -1833,10 +1828,10 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { if ( connection_EOF ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - ConnectionEvent(connection_EOF, vl); + ConnectionEventFast(connection_EOF, { + BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + }); } const analyzer_list& children(GetChildren()); @@ -2115,15 +2110,14 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, if ( tcp_rexmit ) { - val_list* vl = new val_list(); - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - vl->append(val_mgr->GetCount(data_in_flight)); - vl->append(val_mgr->GetCount(endp->peer->window)); - - endp->TCP()->ConnectionEvent(tcp_rexmit, vl); + endp->TCP()->ConnectionEventFast(tcp_rexmit, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + val_mgr->GetCount(data_in_flight), + val_mgr->GetCount(endp->peer->window), + }); } } else @@ -2171,11 +2165,12 @@ void TCPStats_Analyzer::Done() { TCP_ApplicationAnalyzer::Done(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(orig_stats->BuildStats()); - vl->append(resp_stats->BuildStats()); - ConnectionEvent(conn_stats, vl); + if ( conn_stats ) + ConnectionEventFast(conn_stats, { + BuildConnVal(), + orig_stats->BuildStats(), + resp_stats->BuildStats(), + }); } void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen) diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 99551cd211..5cfc61ca8a 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -237,11 +237,11 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal(buf)); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { + Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal(buf), + }); } } } diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index e91f400d76..fcd8237c55 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -1,5 +1,6 @@ #include +#include "File.h" #include "analyzer/Analyzer.h" #include "TCP_Reassembler.h" #include "analyzer/protocol/tcp/TCP.h" @@ -145,12 +146,12 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) if ( report_gap(endp, endp->peer) ) { - val_list* vl = new val_list; - vl->append(dst_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - dst_analyzer->ConnectionEvent(content_gap, vl); + dst_analyzer->ConnectionEventFast(content_gap, { + dst_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + }); } if ( type == Direct ) @@ -344,11 +345,11 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler content write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler content write failure"), + }); } } @@ -361,11 +362,11 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler gap write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler gap write failure"), + }); } } @@ -434,12 +435,12 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - val_list* vl = new val_list(3); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(new StringVal(b1_s)); - vl->append(new StringVal(b2_s)); - vl->append(new StringVal(flags.AsString())); - tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl); + tcp_analyzer->ConnectionEventFast(rexmit_inconsistency, { + tcp_analyzer->BuildConnVal(), + new StringVal(b1_s), + new StringVal(b2_s), + new StringVal(flags.AsString()), + }); } } @@ -605,13 +606,12 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data) if ( deliver_tcp_contents ) { - val_list* vl = new val_list(); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(new StringVal(len, (const char*) data)); - - tcp_analyzer->ConnectionEvent(tcp_contents, vl); + tcp_analyzer->ConnectionEventFast(tcp_contents, { + tcp_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + new StringVal(len, (const char*) data), + }); } // Q. Can we say this because it is already checked in DataSent()? diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 4aa218991e..c74c7ef9b5 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -1,5 +1,6 @@ %%{ +#include "File.h" #include "analyzer/protocol/tcp/TCP.h" %%} diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index ca144941b6..8cbb400b9f 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "NetVar.h" @@ -157,11 +157,11 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( do_udp_contents ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(udp_contents, vl); + ConnectionEventFast(udp_contents, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(len, (const char*) data), + }); } Unref(port_val); diff --git a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac index 5253ce050b..26a9c69b5b 100644 --- a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac +++ b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac @@ -32,7 +32,8 @@ refine connection XMPP_Conn += { if ( !is_orig && ( token == "proceed" || token_no_ns == "proceed" ) && client_starttls ) { bro_analyzer()->StartTLS(); - BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); + if ( xmpp_starttls ) + BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); } else if ( !is_orig && token == "proceed" ) reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls"); diff --git a/src/analyzer/protocol/zip/ZIP.h b/src/analyzer/protocol/zip/ZIP.h index de22803b26..89838729cd 100644 --- a/src/analyzer/protocol/zip/ZIP.h +++ b/src/analyzer/protocol/zip/ZIP.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_PROTOCOL_ZIP_ZIP_H #define ANALYZER_PROTOCOL_ZIP_ZIP_H -#include "bro-config.h" +#include "zeek-config.h" #include "zlib.h" #include "analyzer/protocol/tcp/TCP.h" diff --git a/src/bro.bif b/src/bro.bif index 7493d5618b..b356c91fe8 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1512,7 +1512,7 @@ function cat%(...%): string ## Returns: A concatenation of all arguments with *sep* between each one and ## empty strings replaced with *def*. ## -## .. zeek:see:: cat string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat string_cat function cat_sep%(sep: string, def: string, ...%): string %{ ODesc d; @@ -1579,7 +1579,7 @@ function cat_sep%(sep: string, def: string, ...%): string ## number of additional arguments for the given format specifier, ## :zeek:id:`fmt` generates a run-time error. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat function fmt%(...%): string %{ if ( @ARGC@ == 0 ) @@ -2409,6 +2409,19 @@ function to_addr%(ip: string%): addr return ret; %} +## Checks if a string is a valid IPv4 or IPv6 address. +## +## ip: the string to check for valid IP formatting. +## +## Returns: T if the string is a valid IPv4 or IPv6 address format. +function is_valid_ip%(ip: string%): bool + %{ + char* s = ip->AsString()->Render(); + auto rval = IPAddr::IsValid(s); + delete [] s; + return val_mgr->GetBool(rval); + %} + ## Converts a :zeek:type:`string` to a :zeek:type:`subnet`. ## ## sn: The subnet to convert. @@ -2839,29 +2852,6 @@ function encode_base64%(s: string, a: string &default=""%): string } %} - -## Encodes a Base64-encoded string with a custom alphabet. -## -## s: The string to encode. -## -## a: The custom alphabet. The string must consist of 64 unique -## characters. The empty string indicates the default alphabet. -## -## Returns: The encoded version of *s*. -## -## .. zeek:see:: encode_base64 -function encode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = encode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in encoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - ## Decodes a Base64-encoded string. ## ## s: The Base64-encoded string. @@ -2917,28 +2907,6 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s } %} -## Decodes a Base64-encoded string with a custom alphabet. -## -## s: The Base64-encoded string. -## -## a: The custom alphabet. The string must consist of 64 unique characters. -## The empty string indicates the default alphabet. -## -## Returns: The decoded version of *s*. -## -## .. zeek:see:: decode_base64 decode_base64_conn -function decode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = decode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in decoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - %%{ typedef struct { uint32 time_low; @@ -2982,29 +2950,6 @@ function uuid_to_string%(uuid: string%): string return new StringVal(s); %} -## Merges and compiles two regular expressions at initialization time. -## -## p1: The first pattern. -## -## p2: The second pattern. -## -## Returns: The compiled pattern of the concatenation of *p1* and *p2*. -## -## .. zeek:see:: convert_for_pattern string_to_pattern -## -## .. note:: -## -## This function must be called at Zeek startup time, e.g., in the event -## :zeek:id:`zeek_init`. -function merge_pattern%(p1: pattern, p2: pattern%): pattern &deprecated - %{ - RE_Matcher* re = new RE_Matcher(); - re->AddPat(p1->PatternText()); - re->AddPat(p2->PatternText()); - re->Compile(); - return new PatternVal(re); - %} - %%{ char* to_pat_str(int sn, const char* ss) { @@ -3037,7 +2982,7 @@ char* to_pat_str(int sn, const char* ss) ## Returns: An escaped version of *s* that has the structure of a valid ## :zeek:type:`pattern`. ## -## .. zeek:see:: merge_pattern string_to_pattern +## .. zeek:see:: string_to_pattern ## function convert_for_pattern%(s: string%): string %{ @@ -3057,7 +3002,7 @@ function convert_for_pattern%(s: string%): string ## ## Returns: *s* as :zeek:type:`pattern`. ## -## .. zeek:see:: convert_for_pattern merge_pattern +## .. zeek:see:: convert_for_pattern ## ## .. note:: ## @@ -3361,7 +3306,7 @@ const char* conn_id_string(Val* c) ## ## Returns: True on success. ## -## .. zeek:see:: dump_packet get_current_packet send_current_packet +## .. zeek:see:: dump_packet get_current_packet function dump_current_packet%(file_name: string%) : bool %{ const Packet* pkt; @@ -3392,7 +3337,7 @@ function dump_current_packet%(file_name: string%) : bool ## Returns: The currently processed packet, which is a record ## containing the timestamp, ``snaplen``, and packet data. ## -## .. zeek:see:: dump_current_packet dump_packet send_current_packet +## .. zeek:see:: dump_current_packet dump_packet function get_current_packet%(%) : pcap_packet %{ const Packet* p; @@ -3448,7 +3393,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr ## ## Returns: True on success ## -## .. zeek:see:: get_current_packet dump_current_packet send_current_packet +## .. zeek:see:: get_current_packet dump_current_packet function dump_packet%(pkt: pcap_packet, file_name: string%) : bool %{ if ( addl_pkt_dumper && addl_pkt_dumper->Path() != file_name->CheckString()) @@ -4045,7 +3990,7 @@ function lookup_location%(a: addr%) : geo_location if ( ! missing_geoip_reported ) { - builtin_error("Bro was not configured for GeoIP support"); + builtin_error("Zeek was not configured for GeoIP support"); missing_geoip_reported = 1; } #endif @@ -4102,7 +4047,7 @@ function lookup_asn%(a: addr%) : count if ( ! missing_geoip_reported ) { - builtin_error("Bro was not configured for GeoIP ASN support"); + builtin_error("Zeek was not configured for GeoIP ASN support"); missing_geoip_reported = 1; } #endif @@ -4595,7 +4540,7 @@ function get_file_name%(f: file%): string ## after the rotation, and the time when *f* was opened/closed. ## ## .. zeek:see:: rotate_file_by_name calc_next_rotate -function rotate_file%(f: file%): rotate_info +function rotate_file%(f: file%): rotate_info &deprecated %{ RecordVal* info = f->Rotate(); if ( info ) @@ -4619,7 +4564,7 @@ function rotate_file%(f: file%): rotate_info ## after the rotation, and the time when *f* was opened/closed. ## ## .. zeek:see:: rotate_file calc_next_rotate -function rotate_file_by_name%(f: string%): rotate_info +function rotate_file_by_name%(f: string%): rotate_info &deprecated %{ RecordVal* info = new RecordVal(rotate_info); @@ -4673,7 +4618,7 @@ function rotate_file_by_name%(f: string%): rotate_info ## Returns: The duration until the next file rotation time. ## ## .. zeek:see:: rotate_file rotate_file_by_name -function calc_next_rotate%(i: interval%) : interval +function calc_next_rotate%(i: interval%) : interval &deprecated %{ const char* base_time = log_rotate_base_time ? log_rotate_base_time->AsString()->CheckString() : 0; @@ -4940,56 +4885,6 @@ function uninstall_dst_net_filter%(snet: subnet%) : bool return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveDst(snet)); %} -# =========================================================================== -# -# Communication -# -# =========================================================================== - -## Enables the communication system. By default, the communication is off until -## explicitly enabled, and all other calls to communication-related functions -## will be ignored until done so. -function enable_communication%(%): any &deprecated - %{ - if ( bro_start_network_time != 0.0 ) - { - builtin_error("communication must be enabled in zeek_init"); - return 0; - } - - if ( using_communication ) - // Ignore duplicate calls. - return 0; - - using_communication = 1; - remote_serializer->Enable(); - return 0; - %} - -## Flushes in-memory state tagged with the :zeek:attr:`&persistent` attribute -## to disk. The function writes the state to the file ``.state/state.bst`` in -## the directory where Bro was started. -## -## Returns: True on success. -## -## .. zeek:see:: rescan_state -function checkpoint_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->WriteState(true)); - %} - -## Reads persistent state and populates the in-memory data structures -## accordingly. Persistent state is read from the ``.state`` directory. -## This function is the dual to :zeek:id:`checkpoint_state`. -## -## Returns: True on success. -## -## .. zeek:see:: checkpoint_state -function rescan_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->ReadAll(false, true)); - %} - ## Writes the binary event stream generated by the core to a given file. ## Use the ``-x `` command line switch to replay saved events. ## @@ -5028,165 +4923,6 @@ function capture_state_updates%(filename: string%) : bool (const char*) filename->CheckString())); %} -## Establishes a connection to a remote Bro or Broccoli instance. -## -## ip: The IP address of the remote peer. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## p: The port of the remote peer. -## -## our_class: If a non-empty string, then the remote (listening) peer checks it -## against its class name in its peer table and terminates the -## connection if they don't match. -## -## retry: If the connection fails, try to reconnect with the peer after this -## time interval. -## -## ssl: If true, use SSL to encrypt the session. -## -## Returns: A locally unique ID of the new peer. -## -## .. zeek:see:: disconnect -## listen -## request_remote_events -## request_remote_sync -## request_remote_logs -## request_remote_events -## set_accept_state -## set_compression_level -## send_state -## send_id -function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: interval, ssl: bool%) : count &deprecated - %{ - return val_mgr->GetCount(uint32(remote_serializer->Connect(ip->AsAddr(), - zone_id->CheckString(), p->Port(), our_class->CheckString(), - retry, ssl))); - %} - -## Terminate the connection with a peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: connect listen -function disconnect%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CloseConnection(id)); - %} - -## Subscribes to all events from a remote peer whose names match a given -## pattern. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## handlers: The pattern describing the events to request from peer *p*. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_sync -## request_remote_logs -## set_accept_state -function request_remote_events%(p: event_peer, handlers: pattern%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestEvents(id, handlers)); - %} - -## Requests synchronization of IDs with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## auth: If true, the local instance considers its current state authoritative -## and sends it to *p* right after the handshake. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_logs -## set_accept_state -function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestSync(id, auth)); - %} - -## Requests logs from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -function request_remote_logs%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestLogs(id)); - %} - -## Sets a boolean flag indicating whether Bro accepts state from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## accept: True if Bro accepts state from peer *p*, or false otherwise. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -## set_compression_level -function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetAcceptState(id, accept)); - %} - -## Sets the compression level of the session with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## level: Allowed values are in the range *[0, 9]*, where 0 is the default and -## means no compression. -## -## Returns: True on success. -## -## .. zeek:see:: set_accept_state -function set_compression_level%(p: event_peer, level: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetCompressionLevel(id, level)); - %} - -## Listens on a given IP address and port for remote connections. -## -## ip: The IP address to bind to. -## -## p: The TCP port to listen on. -## -## ssl: If true, Bro uses SSL to encrypt the session. -## -## ipv6: If true, enable listening on IPv6 addresses. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## retry_interval: If address *ip* is found to be already in use, this is -## the interval at which to automatically retry binding. -## -## Returns: True on success. -## -## .. zeek:see:: connect disconnect -function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retry_interval: interval%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval)); - %} - ## Checks whether the last raised event came from a remote peer. ## ## Returns: True if the last raised event came from a remote peer. @@ -5195,179 +4931,11 @@ function is_remote_event%(%) : bool return val_mgr->GetBool(mgr.CurrentSource() != SOURCE_LOCAL); %} -## Sends all persistent state to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: send_id send_ping send_current_packet send_capture_filter -function send_state%(p: event_peer%) : bool - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(persistence_serializer->SendState(id, true)); - %} - -## Sends a global identifier to a remote peer, which then might install it -## locally. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## id: The identifier to send. -## -## Returns: True on success. -## -## .. zeek:see:: send_state send_ping send_current_packet send_capture_filter -function send_id%(p: event_peer, id: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID pid = p->AsRecordVal()->Lookup(0)->AsCount(); - - ID* i = global_scope()->Lookup(id->CheckString()); - if ( ! i ) - { - reporter->Error("send_id: no global id %s", id->CheckString()); - return val_mgr->GetBool(0); - } - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendID(&info, pid, *i)); - %} - -## Gracefully finishes communication by first making sure that all remaining -## data from parent and child has been sent out. -## -## Returns: True if the termination process has been started successfully. -function terminate_communication%(%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Terminate()); - %} - -## Signals a remote peer that the local Bro instance finished the initial -## handshake. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -function complete_handshake%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CompleteHandshake(id)); - %} - -## Sends a ping event to a remote peer. In combination with an event handler -## for :zeek:id:`remote_pong`, this function can be used to measure latency -## between two peers. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## seq: A sequence number (also included by :zeek:id:`remote_pong`). -## -## Returns: True if sending the ping succeeds. -## -## .. zeek:see:: send_state send_id send_current_packet send_capture_filter -function send_ping%(p: event_peer, seq: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendPing(id, seq)); - %} - -## Sends the currently processed packet to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_capture_filter -## dump_packet dump_current_packet get_current_packet -function send_current_packet%(p: event_peer%) : bool &deprecated - %{ - const Packet* pkt; - - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&pkt) ) - return val_mgr->GetBool(0); - - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendPacket(&info, id, *pkt)); - %} - -## Returns the peer who generated the last event. -## -## Note, this function is deprecated. It works correctly only for local events and -## events received through the legacy communication system. It does *not* work for -## events received through Broker and will report an error in that case. -## -## Returns: The ID of the peer who generated the last event. -## -## .. zeek:see:: get_local_event_peer -function get_event_peer%(%) : event_peer &deprecated - %{ - SourceID src = mgr.CurrentSource(); - - if ( src == SOURCE_LOCAL ) - { - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( src == SOURCE_BROKER ) - { - reporter->Error("get_event_peer() does not support Broker events"); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( ! remote_serializer ) - reporter->InternalError("remote_serializer not initialized"); - - Val* v = remote_serializer->GetPeerVal(src); - if ( ! v ) - { - reporter->Error("peer %d does not exist anymore", int(src)); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - return v; - %} - -## Returns the local peer ID. -## -## Returns: The peer ID of the local Bro instance. -## -## .. zeek:see:: get_event_peer -function get_local_event_peer%(%) : event_peer &deprecated - %{ - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - %} - -## Sends a capture filter to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## s: The capture filter. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_current_packet -function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendCaptureFilter(id, s->CheckString())); - %} - ## Stops Bro's packet processing. This function is used to synchronize ## distributed trace processing with communication enabled ## (*pseudo-realtime* mode). ## -## .. zeek:see:: continue_processing suspend_state_updates resume_state_updates +## .. zeek:see:: continue_processing function suspend_processing%(%) : any %{ net_suspend_processing(); @@ -5376,33 +4944,13 @@ function suspend_processing%(%) : any ## Resumes Bro's packet processing. ## -## .. zeek:see:: suspend_processing suspend_state_updates resume_state_updates +## .. zeek:see:: suspend_processing function continue_processing%(%) : any %{ net_continue_processing(); return 0; %} -## Stops propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing resume_state_updates -function suspend_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->SuspendStateUpdates(); - return 0; - %} - -## Resumes propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing suspend_state_updates -function resume_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->ResumeStateUpdates(); - return 0; - %} - # =========================================================================== # # Internal Functions diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 754a51390b..849bad5d9b 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -1,4 +1,5 @@ #include "Data.h" +#include "File.h" #include "broker/data.bif.h" #include #include diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index ec69308790..070de84074 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -1,6 +1,6 @@ #include -#include +#include #include #include #include @@ -23,14 +23,6 @@ using namespace std; namespace bro_broker { -// Max number of log messages buffered per stream before we send them out as -// a batch. -static const int LOG_BATCH_SIZE = 400; - -// Max secs to buffer log messages before sending the current set out as a -// batch. -static const double LOG_BUFFER_INTERVAL = 1.0; - static inline Val* get_option(const char* option) { auto id = global_scope()->Lookup(option); @@ -140,6 +132,9 @@ Manager::Manager(bool arg_reading_pcaps) reading_pcaps = arg_reading_pcaps; after_zeek_init = false; peer_count = 0; + times_processed_without_idle = 0; + log_batch_size = 0; + log_batch_interval = 0; log_topic_func = nullptr; vector_of_data_type = nullptr; log_id_type = nullptr; @@ -156,6 +151,8 @@ void Manager::InitPostScript() { DBG_LOG(DBG_BROKER, "Initializing"); + log_batch_size = get_option("Broker::log_batch_size")->AsCount(); + log_batch_interval = get_option("Broker::log_batch_interval")->AsInterval(); default_log_topic_prefix = get_option("Broker::default_log_topic_prefix")->AsString()->CheckString(); log_topic_func = get_option("Broker::log_topic")->AsFunc(); @@ -360,7 +357,7 @@ bool Manager::PublishEvent(string topic, std::string name, broker::vector args) DBG_LOG(DBG_BROKER, "Publishing event: %s", RenderEvent(topic, name, args).c_str()); - broker::bro::Event ev(std::move(name), std::move(args)); + broker::zeek::Event ev(std::move(name), std::move(args)); bstate->endpoint.publish(move(topic), std::move(ev)); ++statistics.num_events_outgoing; return true; @@ -421,7 +418,7 @@ bool Manager::PublishIdentifier(std::string topic, std::string id) return false; } - broker::bro::IdentifierUpdate msg(move(id), move(*data)); + broker::zeek::IdentifierUpdate msg(move(id), move(*data)); DBG_LOG(DBG_BROKER, "Publishing id-update: %s", RenderMessage(topic, msg).c_str()); bstate->endpoint.publish(move(topic), move(msg)); @@ -472,7 +469,7 @@ bool Manager::PublishLogCreate(EnumVal* stream, EnumVal* writer, std::string topic = default_log_topic_prefix + stream_id; auto bstream_id = broker::enum_value(move(stream_id)); auto bwriter_id = broker::enum_value(move(writer_id)); - broker::bro::LogCreate msg(move(bstream_id), move(bwriter_id), move(writer_info), move(fields_data)); + broker::zeek::LogCreate msg(move(bstream_id), move(bwriter_id), move(writer_info), move(fields_data)); DBG_LOG(DBG_BROKER, "Publishing log creation: %s", RenderMessage(topic, msg).c_str()); @@ -540,9 +537,11 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int std::string serial_data(data, len); free(data); - val_list vl(2); - vl.append(stream->Ref()); - vl.append(new StringVal(path)); + val_list vl{ + stream->Ref(), + new StringVal(path), + }; + Val* v = log_topic_func->Call(&vl); if ( ! v ) @@ -558,7 +557,7 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int auto bstream_id = broker::enum_value(move(stream_id)); auto bwriter_id = broker::enum_value(move(writer_id)); - broker::bro::LogWrite msg(move(bstream_id), move(bwriter_id), move(path), + broker::zeek::LogWrite msg(move(bstream_id), move(bwriter_id), move(path), move(serial_data)); DBG_LOG(DBG_BROKER, "Buffering log record: %s", RenderMessage(topic, msg).c_str()); @@ -571,14 +570,14 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int auto& pending_batch = lb.msgs[topic]; pending_batch.emplace_back(std::move(msg)); - if ( lb.message_count >= LOG_BATCH_SIZE || - (network_time - lb.last_flush >= LOG_BUFFER_INTERVAL) ) - statistics.num_logs_outgoing += lb.Flush(bstate->endpoint); + if ( lb.message_count >= log_batch_size || + (network_time - lb.last_flush >= log_batch_interval ) ) + statistics.num_logs_outgoing += lb.Flush(bstate->endpoint, log_batch_size); return true; } -size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint) +size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint, size_t log_batch_size) { if ( endpoint.is_shutdown() ) return 0; @@ -592,9 +591,9 @@ size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint) auto& topic = kv.first; auto& pending_batch = kv.second; broker::vector batch; - batch.reserve(LOG_BATCH_SIZE + 1); + batch.reserve(log_batch_size + 1); pending_batch.swap(batch); - broker::bro::Batch msg(std::move(batch)); + broker::zeek::Batch msg(std::move(batch)); endpoint.publish(topic, move(msg)); } @@ -610,7 +609,7 @@ size_t Manager::FlushLogBuffers() auto rval = 0u; for ( auto& lb : log_buffers ) - rval += lb.Flush(bstate->endpoint); + rval += lb.Flush(bstate->endpoint, log_batch_interval); return rval; } @@ -839,31 +838,31 @@ double Manager::NextTimestamp(double* local_network_time) void Manager::DispatchMessage(const broker::topic& topic, broker::data msg) { - switch ( broker::bro::Message::type(msg) ) { - case broker::bro::Message::Type::Invalid: + switch ( broker::zeek::Message::type(msg) ) { + case broker::zeek::Message::Type::Invalid: reporter->Warning("received invalid broker message: %s", broker::to_string(msg).data()); break; - case broker::bro::Message::Type::Event: + case broker::zeek::Message::Type::Event: ProcessEvent(topic, std::move(msg)); break; - case broker::bro::Message::Type::LogCreate: + case broker::zeek::Message::Type::LogCreate: ProcessLogCreate(std::move(msg)); break; - case broker::bro::Message::Type::LogWrite: + case broker::zeek::Message::Type::LogWrite: ProcessLogWrite(std::move(msg)); break; - case broker::bro::Message::Type::IdentifierUpdate: + case broker::zeek::Message::Type::IdentifierUpdate: ProcessIdentifierUpdate(std::move(msg)); break; - case broker::bro::Message::Type::Batch: + case broker::zeek::Message::Type::Batch: { - broker::bro::Batch batch(std::move(msg)); + broker::zeek::Batch batch(std::move(msg)); if ( ! batch.valid() ) { @@ -942,11 +941,36 @@ void Manager::Process() } } - SetIdle(! had_input); + if ( had_input ) + { + ++times_processed_without_idle; + + // The max number of Process calls allowed to happen in a row without + // idling is chosen a bit arbitrarily, except 12 is around half of the + // SELECT_FREQUENCY (25). + // + // But probably the general idea should be for it to have some relation + // to the SELECT_FREQUENCY: less than it so other busy IOSources can + // fit several Process loops in before the next poll event (e.g. the + // select() call ), but still large enough such that we don't have to + // wait long before the next poll ourselves after being forced to idle. + if ( times_processed_without_idle > 12 ) + { + times_processed_without_idle = 0; + SetIdle(true); + } + else + SetIdle(false); + } + else + { + times_processed_without_idle = 0; + SetIdle(true); + } } -void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) +void Manager::ProcessEvent(const broker::topic& topic, broker::zeek::Event ev) { if ( ! ev.valid() ) { @@ -993,7 +1017,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) return; } - auto vl = new val_list; + val_list vl(args.size()); for ( auto i = 0u; i < args.size(); ++i ) { @@ -1002,7 +1026,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) auto val = data_to_val(std::move(args[i]), expected_type); if ( val ) - vl->append(val); + vl.append(val); else { reporter->Warning("failed to convert remote event '%s' arg #%d," @@ -1013,13 +1037,16 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } } - if ( static_cast(vl->length()) == args.size() ) - mgr.QueueEvent(handler, vl, SOURCE_BROKER); + if ( static_cast(vl.length()) == args.size() ) + mgr.QueueEventFast(handler, std::move(vl), SOURCE_BROKER); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } } -bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) +bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) { DBG_LOG(DBG_BROKER, "Received log-create: %s", RenderMessage(lc).c_str()); if ( ! lc.valid() ) @@ -1089,7 +1116,7 @@ bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) return true; } -bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) +bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) { DBG_LOG(DBG_BROKER, "Received log-write: %s", RenderMessage(lw).c_str()); @@ -1176,7 +1203,7 @@ bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) return true; } -bool Manager::ProcessIdentifierUpdate(broker::bro::IdentifierUpdate iu) +bool Manager::ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu) { DBG_LOG(DBG_BROKER, "Received id-update: %s", RenderMessage(iu).c_str()); @@ -1242,6 +1269,9 @@ void Manager::ProcessStatus(broker::status stat) break; } + if ( ! event ) + return; + auto ei = internal_type("Broker::EndpointInfo")->AsRecordType(); auto endpoint_info = new RecordVal(ei); @@ -1270,11 +1300,7 @@ void Manager::ProcessStatus(broker::status stat) auto str = stat.message(); auto msg = new StringVal(str ? *str : ""); - auto vl = new val_list; - vl->append(endpoint_info); - vl->append(msg); - - mgr.QueueEvent(event, vl); + mgr.QueueEventFast(event, {endpoint_info, msg}); } void Manager::ProcessError(broker::error err) @@ -1351,10 +1377,10 @@ void Manager::ProcessError(broker::error err) msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); } - auto vl = new val_list; - vl->append(BifType::Enum::Broker::ErrorCode->GetVal(ec)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(Broker::error, vl); + mgr.QueueEventFast(Broker::error, { + BifType::Enum::Broker::ErrorCode->GetVal(ec), + new StringVal(msg), + }); } void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response response) diff --git a/src/broker/Manager.h b/src/broker/Manager.h index a0520698da..bced3a4846 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -2,7 +2,7 @@ #define BRO_COMM_MANAGER_H #include -#include +#include #include #include #include @@ -13,6 +13,7 @@ #include "Reporter.h" #include "iosource/IOSource.h" #include "Val.h" +#include "logging/WriterBackend.h" namespace bro_broker { @@ -323,10 +324,10 @@ public: private: void DispatchMessage(const broker::topic& topic, broker::data msg); - void ProcessEvent(const broker::topic& topic, broker::bro::Event ev); - bool ProcessLogCreate(broker::bro::LogCreate lc); - bool ProcessLogWrite(broker::bro::LogWrite lw); - bool ProcessIdentifierUpdate(broker::bro::IdentifierUpdate iu); + void ProcessEvent(const broker::topic& topic, broker::zeek::Event ev); + bool ProcessLogCreate(broker::zeek::LogCreate lc); + bool ProcessLogWrite(broker::zeek::LogWrite lw); + bool ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu); void ProcessStatus(broker::status stat); void ProcessError(broker::error err); void ProcessStoreResponse(StoreHandleVal*, broker::store::response response); @@ -352,7 +353,7 @@ private: double last_flush; size_t message_count; - size_t Flush(broker::endpoint& endpoint); + size_t Flush(broker::endpoint& endpoint, size_t batch_size); }; // Data stores @@ -382,7 +383,10 @@ private: bool reading_pcaps; bool after_zeek_init; int peer_count; + int times_processed_without_idle; + size_t log_batch_size; + double log_batch_interval; Func* log_topic_func; VectorType* vector_of_data_type; EnumType* log_id_type; diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index 807cefa3fc..6c873c863a 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -183,9 +183,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::rr_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) @@ -226,9 +224,7 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::hrw_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) diff --git a/src/bsd-getopt-long.c b/src/bsd-getopt-long.c index 65a3d94093..dc880f87dd 100644 --- a/src/bsd-getopt-long.c +++ b/src/bsd-getopt-long.c @@ -54,7 +54,7 @@ #define IN_GETOPT_LONG_C 1 -#include +#include #include #include #include diff --git a/src/event.bif b/src/event.bif index 3505c686a5..fd432feb84 100644 --- a/src/event.bif +++ b/src/event.bif @@ -600,201 +600,6 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%); ## generate_OS_version_event event OS_version_found%(c: connection, host: addr, OS: OS_version%); -## Generated when a connection to a remote Bro has been established. This event -## is intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_connection_established%(p: event_peer%); - -## Generated when a connection to a remote Bro has been closed. This event is -## intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_connection_closed%(p: event_peer%); - -## Generated when a remote connection's initial handshake has been completed. -## This event is intended primarily for use by Bro's communication framework, -## but it can also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_connection_handshake_done%(p: event_peer%); - -## Generated for each event registered by a remote peer. This event is intended -## primarily for use by Bro's communication framework, but it can also trigger -## additional code if helpful. -## -## p: A record describing the peer. -## -## name: TODO. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_event_registered%(p: event_peer, name: string%); - -## Generated when a connection to a remote Bro encountered an error. This event -## is intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## reason: A textual description of the error. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_connection_error%(p: event_peer, reason: string%); - -## Generated when a remote peer sent us a capture filter. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## p: A record describing the peer. -## -## filter: The filter string sent by the peer. -## -## .. zeek:see:: remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_capture_filter%(p: event_peer, filter: string%); - -## Generated after a call to :zeek:id:`send_state` when all data has been -## successfully sent to the remote side. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## p: A record describing the remote peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event finished_send_state%(p: event_peer%); - -## Generated if state synchronization detects an inconsistency. While this -## event is intended primarily for use by Bro's communication framework, it can -## also trigger additional code if helpful. This event is only raised if -## :zeek:id:`remote_check_sync_consistency` is false. -## -## operation: The textual description of the state operation performed. -## -## id: The name of the Bro script identifier that was operated on. -## -## expected_old: A textual representation of the value of *id* that was -## expected to be found before the operation was carried out. -## -## real_old: A textual representation of the value of *id* that was actually -## found before the operation was carried out. The difference between -## *real_old* and *expected_old* is the inconsistency being reported. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed print_hook remote_check_sync_consistency -event remote_state_inconsistency%(operation: string, id: string, - expected_old: string, real_old: string%); - -## Generated for communication log messages. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or -## :zeek:id:`REMOTE_LOG_ERROR`. -## -## src: The component of the communication system that logged the message. -## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). -## -## msg: The message logged. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook remote_log_peer -event remote_log%(level: count, src: count, msg: string%); - -## Generated for communication log messages. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. This event is equivalent to -## :zeek:see:`remote_log` except the message is with respect to a certain peer. -## -## p: A record describing the remote peer. -## -## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or -## :zeek:id:`REMOTE_LOG_ERROR`. -## -## src: The component of the communication system that logged the message. -## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). -## -## msg: The message logged. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook remote_log -event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%); - -## Generated when a remote peer has answered to our ping. This event is part of -## Bro's infrastructure for measuring communication latency. One can send a ping -## by calling :zeek:id:`send_ping` and when a corresponding reply is received, -## this event will be raised. -## -## p: The peer sending us the pong. -## -## seq: The sequence number passed to the original :zeek:id:`send_ping` call. -## The number is sent back by the peer in its response. -## -## d1: The time interval between sending the ping and receiving the pong. This -## is the latency of the complete path. -## -## d2: The time interval between sending out the ping to the network and its -## reception at the peer. This is the network latency. -## -## d3: The time interval between when the peer's child process received the -## ping and when its parent process sent the pong. This is the -## processing latency at the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_pong%(p: event_peer, seq: count, - d1: interval, d2: interval, d3: interval%); - -## Generated each time a remote state access has been replayed locally. This -## event is primarily intended for debugging. -## -## id: The name of the Bro script variable that's being operated on. -## -## v: The new value of the variable. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_inconsistency -## print_hook -event remote_state_access_performed%(id: string, v: any%); - ## Generated each time Bro's internal profiling log is updated. The file is ## defined by :zeek:id:`profiling_file`, and its update frequency by ## :zeek:id:`profiling_interval` and :zeek:id:`expensive_profiling_multiple`. diff --git a/src/file_analysis/Component.h b/src/file_analysis/Component.h index b4bcbb9552..85e53a5cde 100644 --- a/src/file_analysis/Component.h +++ b/src/file_analysis/Component.h @@ -9,7 +9,7 @@ #include "Val.h" -#include "../bro-config.h" +#include "../zeek-config.h" #include "../util.h" namespace file_analysis { diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 641943909e..b3680c2a2c 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -154,11 +154,11 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) { if ( conn && FileEventAvailable(file_over_new_connection) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(conn->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - FileEvent(file_over_new_connection, vl); + FileEvent(file_over_new_connection, { + val->Ref(), + conn->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -303,13 +303,11 @@ bool File::SetMime(const string& mime_type) if ( ! FileEventAvailable(file_sniff) ) return false; - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); meta->Assign(meta_mime_type_idx, new StringVal(mime_type)); meta->Assign(meta_inferred_idx, val_mgr->GetBool(0)); - FileEvent(file_sniff, vl); + + FileEvent(file_sniff, {val->Ref(), meta}); return true; } @@ -338,10 +336,7 @@ void File::InferMetadata() len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx)); file_mgr->DetectMIME(data, len, &matches); - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); if ( ! matches.empty() ) { @@ -351,7 +346,7 @@ void File::InferMetadata() file_analysis::GenMIMEMatchesVal(matches)); } - FileEvent(file_sniff, vl); + FileEvent(file_sniff, {val->Ref(), meta}); return; } @@ -463,11 +458,11 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset) if ( FileEventAvailable(file_reassembly_overflow) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(current_offset)); - vl->append(val_mgr->GetCount(gap_bytes)); - FileEvent(file_reassembly_overflow, vl); + FileEvent(file_reassembly_overflow, { + val->Ref(), + val_mgr->GetCount(current_offset), + val_mgr->GetCount(gap_bytes), + }); } } @@ -608,11 +603,11 @@ void File::Gap(uint64 offset, uint64 len) if ( FileEventAvailable(file_gap) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(offset)); - vl->append(val_mgr->GetCount(len)); - FileEvent(file_gap, vl); + FileEvent(file_gap, { + val->Ref(), + val_mgr->GetCount(offset), + val_mgr->GetCount(len), + }); } analyzers.DrainModifications(); @@ -631,14 +626,18 @@ void File::FileEvent(EventHandlerPtr h) if ( ! FileEventAvailable(h) ) return; - val_list* vl = new val_list(); - vl->append(val->Ref()); - FileEvent(h, vl); + FileEvent(h, {val->Ref()}); } void File::FileEvent(EventHandlerPtr h, val_list* vl) { - mgr.QueueEvent(h, vl); + FileEvent(h, std::move(*vl)); + delete vl; + } + +void File::FileEvent(EventHandlerPtr h, val_list vl) + { + mgr.QueueEventFast(h, std::move(vl)); if ( h == file_new || h == file_over_new_connection || h == file_sniff || diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 0c4c313f06..54517b53ba 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -172,6 +172,12 @@ public: */ void FileEvent(EventHandlerPtr h, val_list* vl); + /** + * Raises an event related to the file's life-cycle. + * @param h pointer to an event handler. + * @param vl list of argument values to pass to event call. + */ + void FileEvent(EventHandlerPtr h, val_list vl); /** * Sets the MIME type for a file to a specific value. diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index ab4b1ed261..da6099b1fe 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -443,12 +443,11 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig) EnumVal* tagval = tag.AsEnumVal(); Ref(tagval); - val_list* vl = new val_list(); - vl->append(tagval); - vl->append(c->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - - mgr.QueueEvent(get_file_handle, vl); + mgr.QueueEventFast(get_file_handle, { + tagval, + c->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); mgr.Drain(); // need file handle immediately so we don't have to buffer data return current_file_id; } diff --git a/src/file_analysis/Tag.h b/src/file_analysis/Tag.h index 9d131fa808..a0f6634f64 100644 --- a/src/file_analysis/Tag.h +++ b/src/file_analysis/Tag.h @@ -3,7 +3,7 @@ #ifndef FILE_ANALYZER_TAG_H #define FILE_ANALYZER_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 15462e8e92..5d692383e1 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -41,12 +41,11 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) { if ( ! chunk_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - args->append(val_mgr->GetCount(offset)); - - mgr.QueueEvent(chunk_event, args); + mgr.QueueEventFast(chunk_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + val_mgr->GetCount(offset), + }); return true; } @@ -55,11 +54,10 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len) { if ( ! stream_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - - mgr.QueueEvent(stream_event, args); + mgr.QueueEventFast(stream_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + }); return true; } diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 4802224950..a0a561a1cc 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -53,8 +53,8 @@ void Entropy::Finalize() if ( ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); + if ( ! file_entropy ) + return; double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; @@ -67,6 +67,8 @@ void Entropy::Finalize() ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); - vl->append(ent_result); - mgr.QueueEvent(file_entropy, vl); + mgr.QueueEventFast(file_entropy, { + GetFile()->GetVal()->Ref(), + ent_result, + }); } diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index dc05fba367..8761c8493c 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -1,6 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. #include +#include #include "Extract.h" #include "util.h" @@ -90,12 +91,12 @@ bool Extract::DeliverStream(const u_char* data, uint64 len) if ( limit_exceeded && file_extraction_limit ) { File* f = GetFile(); - val_list* vl = new val_list(); - vl->append(f->GetVal()->Ref()); - vl->append(Args()->Ref()); - vl->append(val_mgr->GetCount(limit)); - vl->append(val_mgr->GetCount(len)); - f->FileEvent(file_extraction_limit, vl); + f->FileEvent(file_extraction_limit, { + f->GetVal()->Ref(), + Args()->Ref(), + val_mgr->GetCount(limit), + val_mgr->GetCount(len), + }); // Limit may have been modified by a BIF, re-check it. limit_exceeded = check_limit_exceeded(limit, depth, len, &towrite); diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index 9829934301..7b2ecb5799 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -48,10 +48,12 @@ void Hash::Finalize() if ( ! hash->IsValid() || ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(new StringVal(kind)); - vl->append(hash->Get()); + if ( ! file_hash ) + return; - mgr.QueueEvent(file_hash, vl); + mgr.QueueEventFast(file_hash, { + GetFile()->GetVal()->Ref(), + new StringVal(kind), + hash->Get(), + }); } diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index 00229184a2..a4a7da5081 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -81,10 +81,11 @@ refine flow Flow += { ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEventFast(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; %} @@ -112,10 +113,11 @@ refine flow Flow += { ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label})); ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEventFast(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; @@ -133,10 +135,11 @@ refine flow Flow += { packet->Assign(4, val_mgr->GetCount(${pkt.link_type})); packet->Assign(5, bytestring_to_val(${pkt.packet_data})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(packet); - mgr.QueueEvent(::unified2_packet, vl, SOURCE_LOCAL); + mgr.QueueEventFast(::unified2_packet, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + packet, + }, + SOURCE_LOCAL); } return true; diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index c49481c23a..d55931c946 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -417,10 +417,6 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) char buf[OCSP_STRING_BUF_SIZE]; // we need a buffer for some of the openssl functions memset(buf, 0, sizeof(buf)); - // build up our response as we go along... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - uint64 version = 0; #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) @@ -431,23 +427,25 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) // TODO: try to parse out general name ? #endif - vl->append(val_mgr->GetCount(version)); + if ( ocsp_request ) + mgr.QueueEventFast(ocsp_request, { + GetFile()->GetVal()->Ref(), + val_mgr->GetCount(version), + }); BIO *bio = BIO_new(BIO_s_mem()); - mgr.QueueEvent(ocsp_request, vl); - int req_count = OCSP_request_onereq_count(req); for ( int i=0; iappend(GetFile()->GetVal()->Ref()); + val_list rvl(5); + rvl.append(GetFile()->GetVal()->Ref()); OCSP_ONEREQ *one_req = OCSP_request_onereq_get0(req, i); OCSP_CERTID *cert_id = OCSP_onereq_get0_id(one_req); - ocsp_add_cert_id(cert_id, rvl, bio); - mgr.QueueEvent(ocsp_request_certificate, rvl); + ocsp_add_cert_id(cert_id, &rvl, bio); + mgr.QueueEvent(ocsp_request_certificate, std::move(rvl)); } BIO_free(bio); @@ -470,14 +468,14 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) char buf[OCSP_STRING_BUF_SIZE]; memset(buf, 0, sizeof(buf)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - const char *status_str = OCSP_response_status_str(OCSP_response_status(resp)); StringVal* status_val = new StringVal(strlen(status_str), status_str); - vl->append(status_val->Ref()); - mgr.QueueEvent(ocsp_response_status, vl); - vl = nullptr; + + if ( ocsp_response_status ) + mgr.QueueEventFast(ocsp_response_status, { + GetFile()->GetVal()->Ref(), + status_val->Ref(), + }); //if (!resp_bytes) // { @@ -490,39 +488,46 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //int len = BIO_read(bio, buf, sizeof(buf)); //BIO_reset(bio); + val_list vl(8); + // get the basic response basic_resp = OCSP_response_get1_basic(resp); if ( !basic_resp ) + { + Unref(status_val); goto clean_up; + } #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) resp_data = basic_resp->tbsResponseData; if ( !resp_data ) + { + Unref(status_val); goto clean_up; + } #endif - vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(resp_val->Ref()); - vl->append(status_val); + vl.append(GetFile()->GetVal()->Ref()); + vl.append(resp_val->Ref()); + vl.append(status_val); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - vl->append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); + vl.append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); #else - vl->append(parse_basic_resp_data_version(basic_resp)); + vl.append(parse_basic_resp_data_version(basic_resp)); #endif // responderID if ( OCSP_RESPID_bio(basic_resp, bio) ) { len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); } else { reporter->Weird("OpenSSL failed to get OCSP responder id"); - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); } // producedAt @@ -532,7 +537,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) produced_at = OCSP_resp_get0_produced_at(basic_resp); #endif - vl->append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); + vl.append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); // responses @@ -545,8 +550,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) if ( !single_resp ) continue; - val_list* rvl = new val_list(); - rvl->append(GetFile()->GetVal()->Ref()); + val_list rvl(10); + rvl.append(GetFile()->GetVal()->Ref()); // cert id const OCSP_CERTID* cert_id = nullptr; @@ -557,7 +562,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) cert_id = OCSP_SINGLERESP_get0_id(single_resp); #endif - ocsp_add_cert_id(cert_id, rvl, bio); + ocsp_add_cert_id(cert_id, &rvl, bio); BIO_reset(bio); // certStatus @@ -574,38 +579,38 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL failed to find status of OCSP response"); const char* cert_status_str = OCSP_cert_status_str(status); - rvl->append(new StringVal(strlen(cert_status_str), cert_status_str)); + rvl.append(new StringVal(strlen(cert_status_str), cert_status_str)); // revocation time and reason if revoked if ( status == V_OCSP_CERTSTATUS_REVOKED ) { - rvl->append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); if ( reason != OCSP_REVOKED_STATUS_NOSTATUS ) { const char* revoke_reason = OCSP_crl_reason_str(reason); - rvl->append(new StringVal(strlen(revoke_reason), revoke_reason)); + rvl.append(new StringVal(strlen(revoke_reason), revoke_reason)); } else - rvl->append(new StringVal(0, "")); + rvl.append(new StringVal(0, "")); } else { - rvl->append(new Val(0.0, TYPE_TIME)); - rvl->append(new StringVal(0, "")); + rvl.append(new Val(0.0, TYPE_TIME)); + rvl.append(new StringVal(0, "")); } if ( this_update ) - rvl->append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); if ( next_update ) - rvl->append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); - mgr.QueueEvent(ocsp_response_certificate, rvl); + mgr.QueueEvent(ocsp_response_certificate, std::move(rvl)); num_ext = OCSP_SINGLERESP_get_ext_count(single_resp); for ( int k = 0; k < num_ext; ++k ) @@ -621,10 +626,10 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm); len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); #else - vl->append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); + vl.append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); #endif //i2a_ASN1_OBJECT(bio, basic_resp->signature); @@ -633,7 +638,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //BIO_reset(bio); certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType()); - vl->append(certs_vector); + vl.append(certs_vector); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) certs = basic_resp->certs; @@ -654,7 +659,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL returned null certificate"); } } - mgr.QueueEvent(ocsp_response_bytes, vl); + + mgr.QueueEvent(ocsp_response_bytes, std::move(vl)); // ok, now that we are done with the actual certificate - let's parse extensions :) num_ext = OCSP_BASICRESP_get_ext_count(basic_resp); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 38422897db..524aae1f27 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -57,11 +57,11 @@ bool file_analysis::X509::EndOfFile() RecordVal* cert_record = ParseCertificate(cert_val, GetFile()); // and send the record on to scriptland - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(cert_val->Ref()); - vl->append(cert_record->Ref()); // we Ref it here, because we want to keep a copy around for now... - mgr.QueueEvent(x509_certificate, vl); + mgr.QueueEvent(x509_certificate, { + GetFile()->GetVal()->Ref(), + cert_val->Ref(), + cert_record->Ref(), // we Ref it here, because we want to keep a copy around for now... + }); // after parsing the certificate - parse the extensions... @@ -221,17 +221,20 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( constr ) { - RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints); - pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0)); + if ( x509_ext_basic_constraints ) + { + RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints); + pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0)); - if ( constr->pathlen ) - pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); + if ( constr->pathlen ) + pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pBasicConstraint); + mgr.QueueEventFast(x509_ext_basic_constraints, { + GetFile()->GetVal()->Ref(), + pBasicConstraint, + }); + } - mgr.QueueEvent(x509_ext_basic_constraints, vl); BASIC_CONSTRAINTS_free(constr); } @@ -367,10 +370,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) sanExt->Assign(4, val_mgr->GetBool(otherfields)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(sanExt); - mgr.QueueEvent(x509_ext_subject_alternative_name, vl); + mgr.QueueEvent(x509_ext_subject_alternative_name, { + GetFile()->GetVal()->Ref(), + sanExt, + }); GENERAL_NAMES_free(altname); } diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index b6c16fc1dc..7fb3100e97 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -277,13 +277,18 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, EventHandlerP // parsed. And if we have it, we send the specialized event on top of the // generic event that we just had. I know, that is... kind of not nice, // but I am not sure if there is a better way to do it... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pX509Ext); - if ( h == ocsp_extension ) - vl->append(val_mgr->GetBool(global ? 1 : 0)); - mgr.QueueEvent(h, vl); + if ( h == ocsp_extension ) + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + val_mgr->GetBool(global ? 1 : 0), + }); + else + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + }); // let individual analyzers parse more. ParseExtensionsSpecific(ex, global, ext_asn, oid); diff --git a/src/file_analysis/analyzer/x509/x509-extension.pac b/src/file_analysis/analyzer/x509/x509-extension.pac index 396debbbbe..b6a6611d3c 100644 --- a/src/file_analysis/analyzer/x509/x509-extension.pac +++ b/src/file_analysis/analyzer/x509/x509-extension.pac @@ -35,6 +35,9 @@ refine connection MockConnection += { function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool %{ + if ( ! x509_ocsp_ext_signed_certificate_timestamp ) + return true; + BifEvent::generate_x509_ocsp_ext_signed_certificate_timestamp((analyzer::Analyzer *) bro_analyzer(), bro_analyzer()->GetFile()->GetVal()->Ref(), version, diff --git a/src/input/Manager.cc b/src/input/Manager.cc index aaf84a99b2..002e8cded9 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1865,11 +1865,12 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu bool convert_error = false; - val_list* vl = new val_list; + val_list vl(num_vals); + for ( int j = 0; j < num_vals; j++) { Val* v = ValueToVal(i, vals[j], convert_error); - vl->append(v); + vl.append(v); if ( v && ! convert_error && ! same_type(type->FieldType(j), v->Type()) ) { convert_error = true; @@ -1881,18 +1882,20 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu if ( convert_error ) { - delete_vals(vl); + loop_over_list(vl, i) + Unref(vl[i]); + return false; } else - mgr.QueueEvent(handler, vl, SOURCE_LOCAL); + mgr.QueueEvent(handler, std::move(vl), SOURCE_LOCAL); return true; } void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const { - val_list* vl = new val_list; + val_list vl(numvals); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %d vals", @@ -1902,16 +1905,16 @@ void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const va_list lP; va_start(lP, numvals); for ( int i = 0; i < numvals; i++ ) - vl->append( va_arg(lP, Val*) ); + vl.append( va_arg(lP, Val*) ); va_end(lP); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } void Manager::SendEvent(EventHandlerPtr ev, list events) const { - val_list* vl = new val_list; + val_list vl(events.size()); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %" PRIuPTR " vals (list)", @@ -1919,11 +1922,9 @@ void Manager::SendEvent(EventHandlerPtr ev, list events) const #endif for ( list::iterator i = events.begin(); i != events.end(); i++ ) - { - vl->append( *i ); - } + vl.append( *i ); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } // Convert a bro list value to a bro record value. diff --git a/src/input/Manager.h b/src/input/Manager.h index abbf8793b5..6b48f69ee4 100644 --- a/src/input/Manager.h +++ b/src/input/Manager.h @@ -7,7 +7,6 @@ #include "BroString.h" #include "EventHandler.h" -#include "RemoteSerializer.h" #include "Val.h" #include "Component.h" diff --git a/src/input/Tag.h b/src/input/Tag.h index 91d7539a39..1d4bcc2f9f 100644 --- a/src/input/Tag.h +++ b/src/input/Tag.h @@ -3,7 +3,7 @@ #ifndef INPUT_TAG_H #define INPUT_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/input/readers/sqlite/SQLite.cc b/src/input/readers/sqlite/SQLite.cc index 40c0f8a063..1d016867b2 100644 --- a/src/input/readers/sqlite/SQLite.cc +++ b/src/input/readers/sqlite/SQLite.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/input/readers/sqlite/SQLite.h b/src/input/readers/sqlite/SQLite.h index 2aa01017e1..4255a2841f 100644 --- a/src/input/readers/sqlite/SQLite.h +++ b/src/input/readers/sqlite/SQLite.h @@ -3,7 +3,7 @@ #ifndef INPUT_READERS_SQLITE_H #define INPUT_READERS_SQLITE_H -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/iosource/BPF_Program.cc b/src/iosource/BPF_Program.cc index ca5a6eef54..901010e9bc 100644 --- a/src/iosource/BPF_Program.cc +++ b/src/iosource/BPF_Program.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "BPF_Program.h" diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index 3bb6e34e50..54d1cc6f27 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -2,6 +2,8 @@ #include "Packet.h" #include "Sessions.h" #include "iosource/Manager.h" +#include "SerialInfo.h" +#include "Serializer.h" extern "C" { #ifdef HAVE_NET_ETHERNET_H diff --git a/src/iosource/PktDumper.cc b/src/iosource/PktDumper.cc index 10c95e8021..863c46ec81 100644 --- a/src/iosource/PktDumper.cc +++ b/src/iosource/PktDumper.cc @@ -4,7 +4,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "PktDumper.h" diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index 343801ab7d..8b1ab90ebb 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "PktSrc.h" @@ -160,21 +160,6 @@ double PktSrc::CheckPseudoTime() if ( ! ExtractNextPacketInternal() ) return 0; - if ( remote_trace_sync_interval ) - { - if ( next_sync_point == 0 || current_packet.time >= next_sync_point ) - { - int n = remote_serializer->SendSyncPoint(); - next_sync_point = first_timestamp + - n * remote_trace_sync_interval; - remote_serializer->Log(RemoteSerializer::LogInfo, - fmt("stopping at packet %.6f, next sync-point at %.6f", - current_packet.time, next_sync_point)); - - return 0; - } - } - double pseudo_time = current_packet.time - first_timestamp; double ct = (current_time(true) - first_wallclock) * pseudo_realtime; @@ -308,15 +293,6 @@ bool PktSrc::ExtractNextPacketInternal() if ( pseudo_realtime && ! IsOpen() ) { - if ( using_communication ) - { - // Source has gone dry, we're done. - if ( remote_trace_sync_interval ) - remote_serializer->SendFinalSyncPoint(); - else - remote_serializer->Terminate(); - } - if ( broker_mgr->Active() ) iosource_mgr->Terminate(); } diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index fb9954981c..119280f1e5 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Source.h" #include "iosource/Packet.h" diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index f1b459811f..0fe75b91db 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -2,11 +2,12 @@ #include -#include "../Event.h" -#include "../EventHandler.h" -#include "../NetVar.h" -#include "../Net.h" -#include "../Type.h" +#include "Event.h" +#include "EventHandler.h" +#include "NetVar.h" +#include "Net.h" +#include "Type.h" +#include "File.h" #include "broker/Manager.h" #include "threading/Manager.h" @@ -16,8 +17,8 @@ #include "WriterFrontend.h" #include "WriterBackend.h" #include "logging.bif.h" -#include "../plugin/Plugin.h" -#include "../plugin/Manager.h" +#include "plugin/Plugin.h" +#include "plugin/Manager.h" using namespace logging; @@ -715,11 +716,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Raise the log event. if ( stream->event ) - { - val_list* vl = new val_list(1); - vl->append(columns->Ref()); - mgr.QueueEvent(stream->event, vl, SOURCE_LOCAL); - } + mgr.QueueEventFast(stream->event, {columns->Ref()}, SOURCE_LOCAL); // Send to each of our filters. for ( list::iterator i = stream->filters.begin(); @@ -732,8 +729,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) { // See whether the predicates indicates that we want // to log this record. - val_list vl(1); - vl.append(columns->Ref()); + val_list vl{columns->Ref()}; int result = 1; @@ -750,17 +746,12 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) if ( filter->path_func ) { - val_list vl(3); - vl.append(id->Ref()); - Val* path_arg; if ( filter->path_val ) path_arg = filter->path_val->Ref(); else path_arg = val_mgr->GetEmptyString(); - vl.append(path_arg); - Val* rec_arg; BroType* rt = filter->path_func->FType()->Args()->FieldType("rec"); @@ -770,7 +761,11 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Can be TYPE_ANY here. rec_arg = columns->Ref(); - vl.append(rec_arg); + val_list vl{ + id->Ref(), + path_arg, + rec_arg, + }; Val* v = 0; @@ -1087,8 +1082,7 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, RecordVal* ext_rec = nullptr; if ( filter->num_ext_fields > 0 ) { - val_list vl(1); - vl.append(filter->path_val->Ref()); + val_list vl{filter->path_val->Ref()}; Val* res = filter->ext_func->Call(&vl); if ( res ) ext_rec = res->AsRecordVal(); @@ -1307,32 +1301,6 @@ bool Manager::WriteFromRemote(EnumVal* id, EnumVal* writer, string path, int num return true; } -void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer) - { - auto et = internal_type("Log::Writer")->AsEnumType(); - - for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) - { - Stream* stream = (*s); - - if ( ! (stream && stream->enable_remote) ) - continue; - - for ( Stream::WriterMap::iterator i = stream->writers.begin(); - i != stream->writers.end(); i++ ) - { - WriterFrontend* writer = i->second->writer; - auto writer_val = et->GetVal(i->first.first); - remote_serializer->SendLogCreateWriter(peer, (*s)->id, - writer_val, - *i->second->info, - writer->NumFields(), - writer->Fields()); - Unref(writer_val); - } - } - } - void Manager::SendAllWritersTo(const broker::endpoint_info& ei) { auto et = internal_type("Log::Writer")->AsEnumType(); @@ -1593,8 +1561,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con assert(func); // Call the postprocessor function. - val_list vl(1); - vl.append(info); + val_list vl{info}; int result = 0; diff --git a/src/logging/Manager.h b/src/logging/Manager.h index d04def7938..96ff2ea0c9 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -10,14 +10,12 @@ #include "../Val.h" #include "../Tag.h" #include "../EventHandler.h" -#include "../RemoteSerializer.h" #include "../plugin/ComponentManager.h" #include "Component.h" #include "WriterBackend.h" class SerializationFormat; -class RemoteSerializer; class RotationTimer; namespace logging { @@ -234,7 +232,6 @@ protected: friend class WriterFrontend; friend class RotationFinishedMessage; friend class RotationFailedMessage; - friend class ::RemoteSerializer; friend class ::RotationTimer; // Instantiates a new WriterBackend of the given type (note that @@ -248,9 +245,6 @@ protected: int num_fields, const threading::Field* const* fields, bool local, bool remote, bool from_remote, const string& instantiating_filter=""); - // Announces all instantiated writers to peer. - void SendAllWritersTo(RemoteSerializer::PeerID peer); - // Signals that a file has been rotated. bool FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name, double open, double close, bool success, bool terminating); diff --git a/src/logging/Tag.h b/src/logging/Tag.h index ab0a702d47..07c45826b8 100644 --- a/src/logging/Tag.h +++ b/src/logging/Tag.h @@ -3,7 +3,7 @@ #ifndef LOGGING_TAG_H #define LOGGING_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 4416e41d17..7bede8f6e6 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -4,6 +4,7 @@ #include "util.h" #include "threading/SerialTypes.h" +#include "SerializationFormat.h" #include "Manager.h" #include "WriterBackend.h" diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 74541d8586..187a1957d7 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -9,8 +9,6 @@ #include "Component.h" -class RemoteSerializer; - namespace broker { class data; } namespace logging { diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 56bbf68161..fdc4a7a97b 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -169,12 +169,6 @@ void WriterFrontend::Init(int arg_num_fields, const Field* const * arg_fields) if ( remote ) { - remote_serializer->SendLogCreateWriter(stream, - writer, - *info, - arg_num_fields, - arg_fields); - broker_mgr->PublishLogCreate(stream, writer, *info, @@ -201,12 +195,6 @@ void WriterFrontend::Write(int arg_num_fields, Value** vals) if ( remote ) { - remote_serializer->SendLogWrite(stream, - writer, - info->path, - num_fields, - vals); - broker_mgr->PublishLogWrite(stream, writer, info->path, diff --git a/src/logging/writers/sqlite/SQLite.cc b/src/logging/writers/sqlite/SQLite.cc index 977a0c6089..3374c05c9c 100644 --- a/src/logging/writers/sqlite/SQLite.cc +++ b/src/logging/writers/sqlite/SQLite.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/logging/writers/sqlite/SQLite.h b/src/logging/writers/sqlite/SQLite.h index 3ad535e543..7e8ff739b3 100644 --- a/src/logging/writers/sqlite/SQLite.h +++ b/src/logging/writers/sqlite/SQLite.h @@ -5,7 +5,7 @@ #ifndef LOGGING_WRITER_SQLITE_H #define LOGGING_WRITER_SQLITE_H -#include "bro-config.h" +#include "zeek-config.h" #include "logging/WriterBackend.h" #include "threading/formatters/Ascii.h" diff --git a/src/main.cc b/src/main.cc index af29b1e7d7..414de5c7e4 100644 --- a/src/main.cc +++ b/src/main.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include @@ -39,8 +39,6 @@ extern "C" { #include "RuleMatcher.h" #include "Anon.h" #include "Serializer.h" -#include "RemoteSerializer.h" -#include "PersistenceSerializer.h" #include "EventRegistry.h" #include "Stats.h" #include "Brofiler.h" @@ -55,7 +53,7 @@ extern "C" { #include "analyzer/Tag.h" #include "plugin/Manager.h" #include "file_analysis/Manager.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "iosource/Manager.h" #include "broker/Manager.h" @@ -91,7 +89,7 @@ input::Manager* input_mgr = 0; plugin::Manager* plugin_mgr = 0; analyzer::Manager* analyzer_mgr = 0; file_analysis::Manager* file_mgr = 0; -zeexygen::Manager* zeexygen_mgr = 0; +zeekygen::Manager* zeekygen_mgr = 0; iosource::Manager* iosource_mgr = 0; bro_broker::Manager* broker_mgr = 0; @@ -101,10 +99,8 @@ name_list prefixes; Stmt* stmts; EventHandlerPtr net_done = 0; RuleMatcher* rule_matcher = 0; -PersistenceSerializer* persistence_serializer = 0; FileSerializer* event_serializer = 0; FileSerializer* state_serializer = 0; -RemoteSerializer* remote_serializer = 0; EventPlayer* event_player = 0; EventRegistry* event_registry = 0; ProfileLogger* profiling_logger = 0; @@ -116,7 +112,6 @@ char* command_line_policy = 0; vector params; set requested_plugins; char* proc_status_file = 0; -int old_comm_usage_count = 0; OpaqueType* md5_type = 0; OpaqueType* sha1_type = 0; @@ -168,7 +163,6 @@ void usage(int code = 1) fprintf(stderr, " -d|--debug-policy | activate policy file debugging\n"); fprintf(stderr, " -e|--exec | augment loaded policies by given code\n"); fprintf(stderr, " -f|--filter | tcpdump filter\n"); - fprintf(stderr, " -g|--dump-config | dump current config into .state dir\n"); fprintf(stderr, " -h|--help | command line help\n"); fprintf(stderr, " -i|--iface | read from given interface\n"); fprintf(stderr, " -p|--prefix | add given prefix to policy file resolution\n"); @@ -194,7 +188,7 @@ void usage(int code = 1) fprintf(stderr, " -T|--re-level | set 'RE_level' for rules\n"); fprintf(stderr, " -U|--status-file | Record process status in file\n"); fprintf(stderr, " -W|--watchdog | activate watchdog timer\n"); - fprintf(stderr, " -X|--zeexygen | generate documentation based on config file\n"); + fprintf(stderr, " -X|--zeekygen | generate documentation based on config file\n"); #ifdef USE_PERFTOOLS_DEBUG fprintf(stderr, " -m|--mem-leaks | show leaks [perftools]\n"); @@ -214,7 +208,8 @@ void usage(int code = 1) fprintf(stderr, " $BRO_SEED_FILE | file to load seeds from (not set)\n"); fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); - fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeekygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $ZEEK_DNS_RESOLVER | IPv4/IPv6 address of DNS resolver to use (%s)\n", getenv("ZEEK_DNS_RESOLVER") ? getenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf"); fprintf(stderr, "\n"); @@ -275,26 +270,18 @@ void done_with_network() { set_processing_status("TERMINATING", "done_with_network"); - // Release the port, which is important for checkpointing Bro. - if ( remote_serializer ) - remote_serializer->StopListening(); - // Cancel any pending alarms (watchdog, in particular). (void) alarm(0); if ( net_done ) { - val_list* args = new val_list; - args->append(new Val(timer_mgr->Time(), TYPE_TIME)); mgr.Drain(); - // Don't propagate this event to remote clients. - mgr.Dispatch(new Event(net_done, args), true); + mgr.Dispatch(new Event(net_done, + {new Val(timer_mgr->Time(), TYPE_TIME)}), + true); } - // Save state before expiring the remaining events/timers. - persistence_serializer->WriteState(false); - if ( profiling_logger ) profiling_logger->Log(); @@ -306,9 +293,6 @@ void done_with_network() mgr.Drain(); mgr.Drain(); - if ( remote_serializer ) - remote_serializer->Finish(); - net_finish(1); #ifdef USE_PERFTOOLS_DEBUG @@ -341,7 +325,7 @@ void terminate_bro() EventHandlerPtr zeek_done = internal_handler("zeek_done"); if ( zeek_done ) - mgr.QueueEvent(zeek_done, new val_list); + mgr.QueueEventFast(zeek_done, val_list{}); timer_mgr->Expire(); mgr.Drain(); @@ -356,9 +340,6 @@ void terminate_bro() delete profiling_logger; } - if ( remote_serializer ) - remote_serializer->LogStats(); - mgr.Drain(); log_mgr->Terminate(); @@ -370,9 +351,8 @@ void terminate_bro() plugin_mgr->FinishPlugins(); - delete zeexygen_mgr; + delete zeekygen_mgr; delete timer_mgr; - delete persistence_serializer; delete event_serializer; delete state_serializer; delete event_registry; @@ -427,70 +407,6 @@ static void bro_new_handler() out_of_memory("new"); } -static auto old_comm_ids = std::set{ - "connect", - "disconnect", - "request_remote_events", - "request_remote_sync", - "request_remote_logs", - "set_accept_state", - "set_compression_level", - "listen", - "send_id", - "terminate_communication", - "complete_handshake", - "send_ping", - "send_current_packet", - "get_event_peer", - "send_capture_filter", - "suspend_state_updates", - "resume_state_updates", -}; - -static bool is_old_comm_usage(const ID* id) - { - auto name = id->Name(); - - if ( old_comm_ids.find(name) == old_comm_ids.end() ) - return false; - - return true; - } - -class OldCommUsageTraversalCallback : public TraversalCallback { -public: - virtual TraversalCode PreExpr(const Expr* expr) override - { - switch ( expr->Tag() ) { - case EXPR_CALL: - { - const CallExpr* call = static_cast(expr); - auto func = call->Func(); - - if ( func->Tag() == EXPR_NAME ) - { - const NameExpr* ne = static_cast(func); - auto id = ne->Id(); - - if ( is_old_comm_usage(id) ) - ++old_comm_usage_count; - } - } - break; - default: - break; - } - - return TC_CONTINUE; - } -}; - -static void find_old_comm_usages() - { - OldCommUsageTraversalCallback cb; - traverse_all(&cb); - } - int main(int argc, char** argv) { std::set_new_handler(bro_new_handler); @@ -517,7 +433,6 @@ int main(int argc, char** argv) char* debug_streams = 0; int parse_only = false; int bare_mode = false; - int dump_cfg = false; int do_watchdog = 0; int override_ignore_checksums = 0; int rule_debug = 0; @@ -529,12 +444,11 @@ int main(int argc, char** argv) {"parse-only", no_argument, 0, 'a'}, {"bare-mode", no_argument, 0, 'b'}, {"debug-policy", no_argument, 0, 'd'}, - {"dump-config", no_argument, 0, 'g'}, {"exec", required_argument, 0, 'e'}, {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, {"iface", required_argument, 0, 'i'}, - {"zeexygen", required_argument, 0, 'X'}, + {"zeekygen", required_argument, 0, 'X'}, {"prefix", required_argument, 0, 'p'}, {"readfile", required_argument, 0, 'r'}, {"rulefile", required_argument, 0, 's'}, @@ -586,7 +500,7 @@ int main(int argc, char** argv) if ( p ) add_to_name_list(p, ':', prefixes); - string zeexygen_config; + string zeekygen_config; #ifdef USE_IDMEF string libidmef_dtd_path = "idmef-message.dtd"; @@ -630,10 +544,6 @@ int main(int argc, char** argv) user_pcap_filter = optarg; break; - case 'g': - dump_cfg = true; - break; - case 'h': usage(0); break; @@ -739,7 +649,7 @@ int main(int argc, char** argv) break; case 'X': - zeexygen_config = optarg; + zeekygen_config = optarg; break; #ifdef USE_PERFTOOLS_DEBUG @@ -821,7 +731,7 @@ int main(int argc, char** argv) timer_mgr = new PQ_TimerMgr(""); // timer_mgr = new CQ_TimerMgr(); - zeexygen_mgr = new zeexygen::Manager(zeexygen_config, bro_argv[0]); + zeekygen_mgr = new zeekygen::Manager(zeekygen_config, bro_argv[0]); add_essential_input_file("base/init-bare.zeek"); add_essential_input_file("base/init-frameworks-and-bifs.zeek"); @@ -860,8 +770,6 @@ int main(int argc, char** argv) dns_mgr->SetDir(".state"); iosource_mgr = new iosource::Manager(); - persistence_serializer = new PersistenceSerializer(); - remote_serializer = new RemoteSerializer(); event_registry = new EventRegistry(); analyzer_mgr = new analyzer::Manager(); log_mgr = new logging::Manager(); @@ -872,7 +780,7 @@ int main(int argc, char** argv) plugin_mgr->InitPreScript(); analyzer_mgr->InitPreScript(); file_mgr->InitPreScript(); - zeexygen_mgr->InitPreScript(); + zeekygen_mgr->InitPreScript(); bool missing_plugin = false; @@ -918,23 +826,6 @@ int main(int argc, char** argv) yyparse(); is_parsing = false; - find_old_comm_usages(); - - if ( old_comm_usage_count ) - { - auto old_comm_ack_id = global_scope()->Lookup("old_comm_usage_is_ok"); - - if ( ! old_comm_ack_id->ID_Val()->AsBool() ) - reporter->FatalError("Detected old, deprecated communication " - "system usages that will not work unless " - "you explicitly take action to initizialize " - "and set up the old comm. system. " - "Set the 'old_comm_usage_is_ok' flag " - "to bypass this error if you've taken such " - "actions, but the suggested solution is to " - "port scripts to use the new Broker API."); - } - RecordVal::ResizeParseTimeRecords(); init_general_global_var(); @@ -958,7 +849,7 @@ int main(int argc, char** argv) exit(1); plugin_mgr->InitPostScript(); - zeexygen_mgr->InitPostScript(); + zeekygen_mgr->InitPostScript(); broker_mgr->InitPostScript(); if ( print_plugins ) @@ -988,7 +879,7 @@ int main(int argc, char** argv) } reporter->InitOptions(); - zeexygen_mgr->GenerateDocs(); + zeekygen_mgr->GenerateDocs(); if ( user_pcap_filter ) { @@ -1094,13 +985,9 @@ int main(int argc, char** argv) exit(0); } - persistence_serializer->SetDir((const char *)state_dir->AsString()->CheckString()); - // Print the ID. if ( id_name ) { - persistence_serializer->ReadAll(true, false); - ID* id = global_scope()->Lookup(id_name); if ( ! id ) reporter->FatalError("No such ID: %s\n", id_name); @@ -1114,14 +1001,6 @@ int main(int argc, char** argv) exit(0); } - persistence_serializer->ReadAll(true, true); - - if ( dump_cfg ) - { - persistence_serializer->WriteConfig(false); - exit(0); - } - if ( profiling_interval > 0 ) { profiling_logger = new ProfileLogger(profiling_file->AsFile(), @@ -1138,7 +1017,7 @@ int main(int argc, char** argv) EventHandlerPtr zeek_init = internal_handler("zeek_init"); if ( zeek_init ) //### this should be a function - mgr.QueueEvent(zeek_init, new val_list); + mgr.QueueEventFast(zeek_init, val_list{}); EventRegistry::string_list* dead_handlers = event_registry->UnusedHandlers(); @@ -1184,16 +1063,19 @@ int main(int argc, char** argv) if ( override_ignore_checksums ) ignore_checksums = 1; - // Queue events reporting loaded scripts. - for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + if ( zeek_script_loaded ) { - if ( i->skipped ) - continue; + // Queue events reporting loaded scripts. + for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + { + if ( i->skipped ) + continue; - val_list* vl = new val_list; - vl->append(new StringVal(i->name.c_str())); - vl->append(val_mgr->GetCount(i->include_level)); - mgr.QueueEvent(zeek_script_loaded, vl); + mgr.QueueEventFast(zeek_script_loaded, { + new StringVal(i->name.c_str()), + val_mgr->GetCount(i->include_level), + }); + } } reporter->ReportViaEvents(true); @@ -1205,6 +1087,7 @@ int main(int argc, char** argv) reporter->FatalError("errors occurred while initializing"); broker_mgr->ZeekInitDone(); + reporter->ZeekInitDone(); analyzer_mgr->DumpDebug(); have_pending_timers = ! reading_traces && timer_mgr->Size() > 0; @@ -1284,7 +1167,6 @@ int main(int argc, char** argv) } else { - persistence_serializer->WriteState(false); terminate_bro(); } diff --git a/src/nb_dns.c b/src/nb_dns.c index f8abc167b5..f8d939b4ab 100644 --- a/src/nb_dns.c +++ b/src/nb_dns.c @@ -11,7 +11,7 @@ * crack reply buffers is private. */ -#include "bro-config.h" /* must appear before first ifdef */ +#include "zeek-config.h" /* must appear before first ifdef */ #include #include diff --git a/src/net_util.cc b/src/net_util.cc index 9f93296d39..6f195a495f 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/net_util.h b/src/net_util.h index 52ee53f1dd..a5e11da74b 100644 --- a/src/net_util.h +++ b/src/net_util.h @@ -3,7 +3,7 @@ #ifndef netutil_h #define netutil_h -#include "bro-config.h" +#include "zeek-config.h" // Define first. typedef enum { diff --git a/src/option.bif b/src/option.bif index 849e6ccfb0..db9ad882d9 100644 --- a/src/option.bif +++ b/src/option.bif @@ -15,10 +15,12 @@ static bool call_option_handlers_and_set_value(StringVal* name, ID* i, Val* val, { for ( auto handler_function : i->GetOptionHandlers() ) { - val_list vl(2); + bool add_loc = handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3; + val_list vl(2 + add_loc); vl.append(name->Ref()); vl.append(val); - if ( handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3 ) + + if ( add_loc ) vl.append(location->Ref()); val = handler_function->Call(&vl); // consumed by next call. diff --git a/src/parse.y b/src/parse.y index 0e363eb321..13c15cad8f 100644 --- a/src/parse.y +++ b/src/parse.y @@ -5,7 +5,7 @@ // Switching parser table type fixes ambiguity problems. %define lr.type ielr -%expect 141 +%expect 129 %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF @@ -25,7 +25,6 @@ %token TOK_ATTR_OPTIONAL TOK_ATTR_REDEF TOK_ATTR_ROTATE_INTERVAL %token TOK_ATTR_ROTATE_SIZE TOK_ATTR_DEL_FUNC TOK_ATTR_EXPIRE_FUNC %token TOK_ATTR_EXPIRE_CREATE TOK_ATTR_EXPIRE_READ TOK_ATTR_EXPIRE_WRITE -%token TOK_ATTR_PERSISTENT TOK_ATTR_SYNCHRONIZED %token TOK_ATTR_RAW_OUTPUT TOK_ATTR_MERGEABLE %token TOK_ATTR_PRIORITY TOK_ATTR_LOG TOK_ATTR_ERROR_HANDLER %token TOK_ATTR_TYPE_COLUMN TOK_ATTR_DEPRECATED @@ -88,7 +87,7 @@ #include "Scope.h" #include "Reporter.h" #include "Brofiler.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include #include @@ -1039,7 +1038,7 @@ type_decl: $$ = new TypeDecl($3, $1, $4, (in_record > 0)); if ( in_record > 0 && cur_decl_type_id ) - zeexygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); + zeekygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); } ; @@ -1073,7 +1072,7 @@ decl: TOK_MODULE TOK_ID ';' { current_module = $2; - zeexygen_mgr->ModuleUsage(::filename, current_module); + zeekygen_mgr->ModuleUsage(::filename, current_module); } | TOK_EXPORT '{' { is_export = true; } decl_list '}' @@ -1082,36 +1081,36 @@ decl: | TOK_GLOBAL def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REGULAR); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_OPTION); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_CONST); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REDEF); - zeexygen_mgr->Redef($2, ::filename); + zeekygen_mgr->Redef($2, ::filename); } | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO '{' - { parser_redef_enum($3); zeexygen_mgr->Redef($3, ::filename); } + { parser_redef_enum($3); zeekygen_mgr->Redef($3, ::filename); } enum_body '}' ';' { - // Zeexygen already grabbed new enum IDs as the type created them. + // Zeekygen already grabbed new enum IDs as the type created them. } | TOK_REDEF TOK_RECORD global_id - { cur_decl_type_id = $3; zeexygen_mgr->Redef($3, ::filename); } + { cur_decl_type_id = $3; zeekygen_mgr->Redef($3, ::filename); } TOK_ADD_TO '{' { ++in_record; } type_decl_list @@ -1127,12 +1126,12 @@ decl: } | TOK_TYPE global_id ':' - { cur_decl_type_id = $2; zeexygen_mgr->StartType($2); } + { cur_decl_type_id = $2; zeekygen_mgr->StartType($2); } type opt_attr ';' { cur_decl_type_id = 0; add_type($2, $5, $6); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | func_hdr func_body @@ -1167,7 +1166,7 @@ func_hdr: begin_func($2, current_module.c_str(), FUNC_FLAVOR_FUNCTION, 0, $3, $4); $$ = $3; - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_EVENT event_id func_params opt_attr { @@ -1308,10 +1307,6 @@ attr: { $$ = new Attr(ATTR_EXPIRE_READ, $3); } | TOK_ATTR_EXPIRE_WRITE '=' expr { $$ = new Attr(ATTR_EXPIRE_WRITE, $3); } - | TOK_ATTR_PERSISTENT - { $$ = new Attr(ATTR_PERSISTENT); } - | TOK_ATTR_SYNCHRONIZED - { $$ = new Attr(ATTR_SYNCHRONIZED); } | TOK_ATTR_ENCRYPT { $$ = new Attr(ATTR_ENCRYPT); } | TOK_ATTR_ENCRYPT '=' expr diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index 22bd2dd302..399c704551 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -10,7 +10,7 @@ #include "Var.h" #include "Val.h" #include "Reporter.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" namespace plugin { @@ -134,7 +134,7 @@ ComponentManager::ComponentManager(const string& arg_module, const string& tag_enum_type = new EnumType(module + "::" + local_id); ::ID* id = install_ID(local_id.c_str(), module.c_str(), true, true); add_type(id, tag_enum_type, 0); - zeexygen_mgr->Identifier(id); + zeekygen_mgr->Identifier(id); } template diff --git a/src/plugin/Plugin.h b/src/plugin/Plugin.h index 369da09037..4ce2a87dc0 100644 --- a/src/plugin/Plugin.h +++ b/src/plugin/Plugin.h @@ -7,7 +7,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "analyzer/Component.h" #include "file_analysis/Component.h" #include "iosource/Component.h" diff --git a/src/rule-parse.y b/src/rule-parse.y index 3e9c8d7ddf..769fb503e6 100644 --- a/src/rule-parse.y +++ b/src/rule-parse.y @@ -2,7 +2,7 @@ #include #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "RuleMatcher.h" #include "Reporter.h" #include "IPAddr.h" diff --git a/src/rule-scan.l b/src/rule-scan.l index f280d6132b..c7cdb75bd4 100644 --- a/src/rule-scan.l +++ b/src/rule-scan.l @@ -24,7 +24,7 @@ STRING \"([^\n\"]|\\\")*\" IDCOMPONENT [0-9a-zA-Z_][0-9a-zA-Z_-]* ID {IDCOMPONENT}(::{IDCOMPONENT})* IP6 ("["({HEX}:){7}{HEX}"]")|("["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]") -RE \/(\\\/)?([^/]|[^\\]\\\/)*\/ +RE \/(\\\/)?([^/]|[^\\]\\\/)*\/i? META \.[^ \t]+{WS}[^\n]+ PIDCOMPONENT [A-Za-z_][A-Za-z_0-9]* PID {PIDCOMPONENT}(::{PIDCOMPONENT})* @@ -189,8 +189,23 @@ finger { rules_lval.val = Rule::FINGER; return TOK_PATTERN_TYPE; } } {RE} { - *(yytext + strlen(yytext) - 1) = '\0'; - rules_lval.str = yytext + 1; + auto len = strlen(yytext); + + if ( yytext[len - 1] == 'i' ) + { + *(yytext + len - 2) = '\0'; + const char fmt[] = "(?i:%s)"; + int n = len + strlen(fmt); + char* s = new char[n + 5 /* slop */]; + safe_snprintf(s, n + 5, fmt, yytext + 1); + rules_lval.str = s; + } + else + { + *(yytext + len - 1) = '\0'; + rules_lval.str = yytext + 1; + } + return TOK_PATTERN; } diff --git a/src/scan.l b/src/scan.l index 4da90394e7..21b3e0dcf4 100644 --- a/src/scan.l +++ b/src/scan.l @@ -29,7 +29,7 @@ #include "Traverse.h" #include "analyzer/Analyzer.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "plugin/Manager.h" @@ -162,19 +162,19 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) %% ##!.* { - zeexygen_mgr->SummaryComment(::filename, yytext + 3); + zeekygen_mgr->SummaryComment(::filename, yytext + 3); } ##<.* { string hint(cur_enum_type && last_id_tok ? make_full_var_name(current_module.c_str(), last_id_tok) : ""); - zeexygen_mgr->PostComment(yytext + 3, hint); + zeekygen_mgr->PostComment(yytext + 3, hint); } ##.* { if ( yytext[2] != '#' ) - zeexygen_mgr->PreComment(yytext + 2); + zeekygen_mgr->PreComment(yytext + 2); } #{OWS}@no-test.* return TOK_NO_TEST; @@ -310,11 +310,6 @@ when return TOK_WHEN; return TOK_ATTR_MERGEABLE; } -&persistent { - deprecated_attr(yytext); - return TOK_ATTR_PERSISTENT; - } - &rotate_interval { deprecated_attr(yytext); return TOK_ATTR_ROTATE_INTERVAL; @@ -325,12 +320,6 @@ when return TOK_WHEN; return TOK_ATTR_ROTATE_SIZE; } -&synchronized { - ++old_comm_usage_count; - deprecated_attr(yytext); - return TOK_ATTR_SYNCHRONIZED; - } - @deprecated.* { auto num_files = file_stack.length(); auto comment = skip_whitespace(yytext + 11); @@ -376,7 +365,7 @@ when return TOK_WHEN; string loader = ::filename; // load_files may change ::filename, save copy string loading = find_relative_script_file(new_file); (void) load_files(new_file); - zeexygen_mgr->ScriptDependency(loader, loading); + zeekygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { @@ -720,7 +709,7 @@ static int load_files(const char* orig_file) else file_stack.append(new FileInfo); - zeexygen_mgr->Script(file_path); + zeekygen_mgr->Script(file_path); DBG_LOG(DBG_SCRIPTS, "Loading %s", file_path.c_str()); diff --git a/src/setsignal.c b/src/setsignal.c index 6344820398..d740cc8215 100644 --- a/src/setsignal.c +++ b/src/setsignal.c @@ -2,7 +2,7 @@ * See the file "COPYING" in the main distribution directory for copyright. */ -#include "bro-config.h" /* must appear before first ifdef */ +#include "zeek-config.h" /* must appear before first ifdef */ #include diff --git a/src/strings.bif b/src/strings.bif index ef584ee7af..110dbaea9e 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -55,9 +55,9 @@ function levenshtein_distance%(s1: string, s2: string%): count ## ## Returns: The concatenation of all (string) arguments. ## -## .. zeek:see:: cat cat_sep cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep ## fmt -## join_string_vec join_string_array +## join_string_vec function string_cat%(...%): string %{ int n = 0; @@ -112,85 +112,8 @@ int vs_to_string_array(vector& vs, TableVal* tbl, } return 1; } - -BroString* cat_string_array_n(TableVal* tbl, int start, int end) - { - vector vs; - string_array_to_vs(tbl, start, end, vs); - return concatenate(vs); - } %%} -## Concatenates all elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array_n -## fmt -## join_string_vec join_string_array -function cat_string_array%(a: string_array%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, 1, a->AsTable()->Length())); - %} - -## Concatenates a specific range of elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## start: The array index of the first element of the range. -## -## end: The array index of the last element of the range. -## -## Returns: The concatenation of the range *[start, end]* in *a*. -## -## .. zeek:see:: cat string_cat cat_string_array -## fmt -## join_string_vec join_string_array -function cat_string_array_n%(a: string_array, start: count, end: count%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, start, end)); - %} - -## Joins all values in the given array of strings with a separator placed -## between each element. -## -## sep: The separator to place between each element. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*, with *sep* placed -## between each element. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n -## fmt -## join_string_vec -function join_string_array%(sep: string, a: string_array%): string &deprecated - %{ - vector vs; - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - for ( int i = 1; i <= n; ++i ) - { - Val* ind = val_mgr->GetCount(i); - Val* v = tbl->Lookup(ind); - if ( ! v ) - return 0; - - vs.push_back(v->AsString()); - Unref(ind); - - if ( i < n ) - vs.push_back(sep->AsString()); - } - - return new StringVal(concatenate(vs)); - %} - ## Joins all values in the given vector of strings with a separator placed ## between each element. ## @@ -201,9 +124,8 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated ## Returns: The concatenation of all elements in *vec*, with *sep* placed ## between each element. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat ## fmt -## join_string_array function join_string_vec%(vec: string_vec, sep: string%): string %{ ODesc d; @@ -231,39 +153,6 @@ function join_string_vec%(vec: string_vec, sep: string%): string return new StringVal(s); %} -## Sorts an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: A sorted copy of *a*. -## -## .. zeek:see:: sort -function sort_string_array%(a: string_array%): string_array &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - vector vs; - string_array_to_vs(tbl, 1, n, vs); - - unsigned int i, j; - for ( i = 0; i < vs.size(); ++i ) - { - const BroString* x = vs[i]; - for ( j = i; j > 0; --j ) - if ( Bstr_cmp(vs[j-1], x) <= 0 ) - break; - else - vs[j] = vs[j-1]; - vs[j] = x; - } - // sort(vs.begin(), vs.end(), Bstr_cmp); - - TableVal* b = new TableVal(string_array); - vs_to_string_array(vs, b, 1, n); - return b; - %} - ## Returns an edited version of a string that applies a special ## "backspace character" (usually ``\x08`` for backspace or ``\x7f`` for DEL). ## For example, ``edit("hello there", "e")`` returns ``"llo t"``. @@ -549,26 +438,6 @@ Val* do_sub(StringVal* str_val, RE_Matcher* re, StringVal* repl, int do_all) } %%} -## Splits a string into an array of strings according to a pattern. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each element corresponds to a substring -## in *str* separated by *re*. -## -## .. zeek:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split -## -## .. note:: The returned table starts at index 1. Note that conceptually the -## return value is meant to be a vector and this might change in the -## future. -## -function split%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 0); - %} - ## Splits a string into an array of strings according to a pattern. ## ## str: The string to split. @@ -585,26 +454,6 @@ function split_string%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 0); %} -## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :zeek:id:`split`, but *str* is only -## split once (if possible) at the earliest position and an array of two strings -## is returned. -## -## str: The string to split. -## -## re: The pattern describing the separator to split *str* in two pieces. -## -## Returns: An array of strings with two elements in which the first represents -## the substring in *str* up to the first occurence of *re*, and the -## second everything after *re*. An array of one string is returned -## when *s* cannot be split. -## -## .. zeek:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split -function split1%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 1); - %} - ## Splits a string *once* into a two-element array of strings according to a ## pattern. This function is the same as :zeek:id:`split_string`, but *str* is ## only split once (if possible) at the earliest position and an array of two @@ -625,26 +474,6 @@ function split_string1%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 1); %} -## Splits a string into an array of strings according to a pattern. This -## function is the same as :zeek:id:`split`, except that the separators are -## returned as well. For example, ``split_all("a-b--cd", /(\-)+/)`` returns -## ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do not match the -## pattern and even-indexed ones do. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each two successive elements correspond -## to a substring in *str* of the part not matching *re* (odd-indexed) -## and the part that matches *re* (even-indexed). -## -## .. zeek:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split -function split_all%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 1, 0); - %} - ## Splits a string into an array of strings according to a pattern. This ## function is the same as :zeek:id:`split_string`, except that the separators ## are returned as well. For example, ``split_string_all("a-b--cd", /(\-)+/)`` @@ -665,32 +494,6 @@ function split_string_all%(str: string, re: pattern%): string_vec return do_split_string(str, re, 1, 0); %} -## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :zeek:id:`split1` and -## :zeek:id:`split_all`, but with customizable behavior with respect to -## including separators in the result and the number of times to split. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :zeek:id:`split_all`). -## -## max_num_sep: The number of times to split *str*. -## -## Returns: An array of strings where, if *incl_sep* is true, each two -## successive elements correspond to a substring in *str* of the part -## not matching *re* (odd-indexed) and the part that matches *re* -## (even-indexed). -## -## .. zeek:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split -function split_n%(str: string, re: pattern, - incl_sep: bool, max_num_sep: count%): string_array &deprecated - %{ - return do_split(str, re, incl_sep, max_num_sep); - %} - ## Splits a string a given number of times into an array of strings according ## to a pattern. This function is similar to :zeek:id:`split_string1` and ## :zeek:id:`split_string_all`, but with customizable behavior with respect to @@ -1022,7 +825,7 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su ## ## Returns: A vector of strings. ## -## .. zeek:see:: split split1 split_all split_n +## .. zeek:see:: split_string split_string1 split_string_all split_string_n function str_split%(s: string, idx: index_vec%): string_vec %{ vector* idx_v = idx->AsVector(); diff --git a/src/strsep.c b/src/strsep.c index 8540ac3688..0c65402441 100644 --- a/src/strsep.c +++ b/src/strsep.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include "bro-config.h" +#include "zeek-config.h" #ifndef HAVE_STRSEP diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index 95bfd8acd0..67434957e5 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -1,7 +1,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "BasicThread.h" #include "Manager.h" #include "pthread.h" diff --git a/src/threading/Formatter.cc b/src/threading/Formatter.cc index b881962732..395a7fefa6 100644 --- a/src/threading/Formatter.cc +++ b/src/threading/Formatter.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc index 8468d19ea8..dcc35f793c 100644 --- a/src/threading/SerialTypes.cc +++ b/src/threading/SerialTypes.cc @@ -2,8 +2,8 @@ #include "SerialTypes.h" -#include "../RemoteSerializer.h" - +#include "SerializationFormat.h" +#include "Reporter.h" using namespace threading; diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 5a8361feba..65bb79b659 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -13,7 +13,6 @@ using namespace std; class SerializationFormat; -class RemoteSerializer; namespace threading { @@ -78,8 +77,6 @@ struct Field { string TypeName() const; private: - friend class ::RemoteSerializer; - // Force usage of constructor above. Field() {} }; diff --git a/src/threading/formatters/Ascii.cc b/src/threading/formatters/Ascii.cc index 94d450a86f..147305485b 100644 --- a/src/threading/formatters/Ascii.cc +++ b/src/threading/formatters/Ascii.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc index 73e9489dc5..a324a08530 100644 --- a/src/threading/formatters/JSON.cc +++ b/src/threading/formatters/JSON.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS diff --git a/src/util.cc b/src/util.cc index 0367700ffb..3551e5c8b0 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util-config.h" #ifdef TIME_WITH_SYS_TIME @@ -53,11 +53,13 @@ #include "iosource/Manager.h" /** - * Return IP address without enclosing brackets and any leading 0x. + * Return IP address without enclosing brackets and any leading 0x. Also + * trims leading/trailing whitespace. */ std::string extract_ip(const std::string& i) { - std::string s(skip_whitespace(i.c_str())); + std::string s(strstrip(i)); + if ( s.size() > 0 && s[0] == '[' ) s.erase(0, 1); diff --git a/src/util.h b/src/util.h index b63b74a3f7..d4ff325eda 100644 --- a/src/util.h +++ b/src/util.h @@ -34,7 +34,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "siphash24.h" #ifdef DEBUG diff --git a/src/version.c.in b/src/version.c.in index 65df65da00..1b7676bf3a 100644 --- a/src/version.c.in +++ b/src/version.c.in @@ -1,5 +1,5 @@ -#include "bro-config.h" +#include "zeek-config.h" char version[] = "@VERSION@"; diff --git a/src/zeexygen/CMakeLists.txt b/src/zeekygen/CMakeLists.txt similarity index 73% rename from src/zeexygen/CMakeLists.txt rename to src/zeekygen/CMakeLists.txt index 43060866a9..de50378f5a 100644 --- a/src/zeexygen/CMakeLists.txt +++ b/src/zeekygen/CMakeLists.txt @@ -7,7 +7,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR} ) -set(zeexygen_SRCS +set(zeekygen_SRCS Manager.cc Info.h PackageInfo.cc @@ -19,7 +19,7 @@ set(zeexygen_SRCS utils.cc ) -bif_target(zeexygen.bif) -bro_add_subdir_library(zeexygen ${zeexygen_SRCS}) +bif_target(zeekygen.bif) +bro_add_subdir_library(zeekygen ${zeekygen_SRCS}) -add_dependencies(bro_zeexygen generate_outputs) +add_dependencies(bro_zeekygen generate_outputs) diff --git a/src/zeexygen/Configuration.cc b/src/zeekygen/Configuration.cc similarity index 87% rename from src/zeexygen/Configuration.cc rename to src/zeekygen/Configuration.cc index 7b1f5e35fd..dbbbebf578 100644 --- a/src/zeexygen/Configuration.cc +++ b/src/zeekygen/Configuration.cc @@ -11,7 +11,7 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; static TargetFactory create_target_factory() @@ -37,7 +37,7 @@ Config::Config(const string& arg_file, const string& delim) ifstream f(file.c_str()); if ( ! f.is_open() ) - reporter->FatalError("failed to open Zeexygen config file '%s': %s", + reporter->FatalError("failed to open Zeekygen config file '%s': %s", file.c_str(), strerror(errno)); string line; @@ -59,20 +59,20 @@ Config::Config(const string& arg_file, const string& delim) continue; if ( tokens.size() != 3 ) - reporter->FatalError("malformed Zeexygen target in %s:%u: %s", + reporter->FatalError("malformed Zeekygen target in %s:%u: %s", file.c_str(), line_number, line.c_str()); Target* target = target_factory.Create(tokens[0], tokens[2], tokens[1]); if ( ! target ) - reporter->FatalError("unknown Zeexygen target type: %s", + reporter->FatalError("unknown Zeekygen target type: %s", tokens[0].c_str()); targets.push_back(target); } if ( f.bad() ) - reporter->InternalError("error reading Zeexygen config file '%s': %s", + reporter->InternalError("error reading Zeekygen config file '%s': %s", file.c_str(), strerror(errno)); } @@ -99,5 +99,5 @@ time_t Config::GetModificationTime() const if ( file.empty() ) return 0; - return zeexygen::get_mtime(file); + return zeekygen::get_mtime(file); } diff --git a/src/zeexygen/Configuration.h b/src/zeekygen/Configuration.h similarity index 80% rename from src/zeexygen/Configuration.h rename to src/zeekygen/Configuration.h index a0da9761bc..97ca125275 100644 --- a/src/zeexygen/Configuration.h +++ b/src/zeekygen/Configuration.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_CONFIGURATION_H -#define ZEEXYGEN_CONFIGURATION_H +#ifndef ZEEKYGEN_CONFIGURATION_H +#define ZEEKYGEN_CONFIGURATION_H #include "Info.h" #include "Target.h" @@ -9,7 +9,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Manages the generation of reStructuredText documents corresponding to @@ -22,8 +22,8 @@ class Config { public: /** - * Read a Zeexygen configuration file, parsing all targets in it. - * @param file The file containing a list of Zeexygen targets. If it's + * Read a Zeekygen configuration file, parsing all targets in it. + * @param file The file containing a list of Zeekygen targets. If it's * an empty string most methods are a no-op. * @param delim The delimiter between target fields. */ @@ -41,7 +41,7 @@ public: void FindDependencies(const std::vector& infos); /** - * Build each Zeexygen target (i.e. write out the reST documents to disk). + * Build each Zeekygen target (i.e. write out the reST documents to disk). */ void GenerateDocs() const; @@ -58,6 +58,6 @@ private: TargetFactory target_factory; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/IdentifierInfo.cc b/src/zeekygen/IdentifierInfo.cc similarity index 97% rename from src/zeexygen/IdentifierInfo.cc rename to src/zeekygen/IdentifierInfo.cc index ebb15373bf..5c494799b4 100644 --- a/src/zeexygen/IdentifierInfo.cc +++ b/src/zeekygen/IdentifierInfo.cc @@ -7,7 +7,7 @@ #include "Val.h" using namespace std; -using namespace zeexygen; +using namespace zeekygen; IdentifierInfo::IdentifierInfo(ID* arg_id, ScriptInfo* script) : Info(), @@ -128,7 +128,7 @@ string IdentifierInfo::DoReStructuredText(bool roles_only) const { string s = comments[i]; - if ( zeexygen::prettify_params(s) ) + if ( zeekygen::prettify_params(s) ) d.NL(); d.Add(s.c_str()); diff --git a/src/zeexygen/IdentifierInfo.h b/src/zeekygen/IdentifierInfo.h similarity index 92% rename from src/zeexygen/IdentifierInfo.h rename to src/zeekygen/IdentifierInfo.h index a930f67feb..868dd3781b 100644 --- a/src/zeexygen/IdentifierInfo.h +++ b/src/zeekygen/IdentifierInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_IDENTIFIERINFO_H -#define ZEEXYGEN_IDENTIFIERINFO_H +#ifndef ZEEKYGEN_IDENTIFIERINFO_H +#define ZEEKYGEN_IDENTIFIERINFO_H #include "Info.h" #include "ScriptInfo.h" @@ -14,7 +14,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { class ScriptInfo; @@ -42,7 +42,7 @@ public: * Add a comment associated with the identifier. If the identifier is a * record type and it's in the middle of parsing fields, the comment is * associated with the last field that was parsed. - * @param comment A string extracted from Zeexygen-style comment. + * @param comment A string extracted from Zeekygen-style comment. */ void AddComment(const std::string& comment) { last_field_seen ? last_field_seen->comments.push_back(comment) @@ -102,13 +102,13 @@ public: std::string GetDeclaringScriptForField(const std::string& field) const; /** - * @return All Zeexygen comments associated with the identifier. + * @return All Zeekygen comments associated with the identifier. */ std::vector GetComments() const; /** * @param field A record field name. - * @return All Zeexygen comments associated with the record field. + * @return All Zeekygen comments associated with the record field. */ std::vector GetFieldComments(const std::string& field) const; @@ -118,7 +118,7 @@ public: struct Redefinition { std::string from_script; /**< Name of script doing the redef. */ std::string new_val_desc; /**< Description of new value bound to ID. */ - std::vector comments; /**< Zeexygen comments on redef. */ + std::vector comments; /**< Zeekygen comments on redef. */ }; /** @@ -159,6 +159,6 @@ private: ScriptInfo* declaring_script; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Info.h b/src/zeekygen/Info.h similarity index 89% rename from src/zeexygen/Info.h rename to src/zeekygen/Info.h index 46fba7b7b6..f6e09cb498 100644 --- a/src/zeexygen/Info.h +++ b/src/zeekygen/Info.h @@ -1,15 +1,15 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_INFO_H -#define ZEEXYGEN_INFO_H +#ifndef ZEEKYGEN_INFO_H +#define ZEEKYGEN_INFO_H #include #include -namespace zeexygen { +namespace zeekygen { /** - * Abstract base class for any thing that Zeexygen can document. + * Abstract base class for any thing that Zeekygen can document. */ class Info { @@ -68,6 +68,6 @@ private: { } }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Manager.cc b/src/zeekygen/Manager.cc similarity index 87% rename from src/zeexygen/Manager.cc rename to src/zeekygen/Manager.cc index d638705d8b..5cddac0901 100644 --- a/src/zeexygen/Manager.cc +++ b/src/zeekygen/Manager.cc @@ -7,7 +7,7 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; static void DbgAndWarn(const char* msg) @@ -19,7 +19,7 @@ static void DbgAndWarn(const char* msg) return; reporter->Warning("%s", msg); - DBG_LOG(DBG_ZEEXYGEN, "%s", msg); + DBG_LOG(DBG_ZEEKYGEN, "%s", msg); } static void WarnMissingScript(const char* type, const ID* id, @@ -28,7 +28,7 @@ static void WarnMissingScript(const char* type, const ID* id, if ( script == "" ) return; - DbgAndWarn(fmt("Can't generate Zeexygen doumentation for %s %s, " + DbgAndWarn(fmt("Can't generate Zeekygen doumentation for %s %s, " "lookup of %s failed", type, id->Name(), script.c_str())); } @@ -83,7 +83,7 @@ Manager::Manager(const string& arg_config, const string& bro_command) // a PATH component that starts with a tilde (such as "~/bin"). A simple // workaround is to just run bro with a relative or absolute path. if ( path_to_bro.empty() || stat(path_to_bro.c_str(), &s) < 0 ) - reporter->InternalError("Zeexygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", + reporter->InternalError("Zeekygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", path_to_bro.c_str(), strerror(errno)); bro_mtime = s.st_mtime; @@ -129,7 +129,7 @@ void Manager::Script(const string& path) if ( scripts.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeexygen script documentation: %s", + DbgAndWarn(fmt("Duplicate Zeekygen script documentation: %s", name.c_str())); return; } @@ -137,7 +137,7 @@ void Manager::Script(const string& path) ScriptInfo* info = new ScriptInfo(name, path); scripts.map[name] = info; all_info.push_back(info); - DBG_LOG(DBG_ZEEXYGEN, "Made ScriptInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Made ScriptInfo %s", name.c_str()); if ( ! info->IsPkgLoader() ) return; @@ -146,7 +146,7 @@ void Manager::Script(const string& path) if ( packages.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeexygen package documentation: %s", + DbgAndWarn(fmt("Duplicate Zeekygen package documentation: %s", name.c_str())); return; } @@ -154,7 +154,7 @@ void Manager::Script(const string& path) PackageInfo* pkginfo = new PackageInfo(name); packages.map[name] = pkginfo; all_info.push_back(pkginfo); - DBG_LOG(DBG_ZEEXYGEN, "Made PackageInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Made PackageInfo %s", name.c_str()); } void Manager::ScriptDependency(const string& path, const string& dep) @@ -164,7 +164,7 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( dep.empty() ) { - DbgAndWarn(fmt("Empty Zeexygen script doc dependency: %s", + DbgAndWarn(fmt("Empty Zeekygen script doc dependency: %s", path.c_str())); return; } @@ -175,17 +175,17 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeexygen script doc dependency %s " + DbgAndWarn(fmt("Failed to add Zeekygen script doc dependency %s " "for %s", depname.c_str(), name.c_str())); return; } script_info->AddDependency(depname); - DBG_LOG(DBG_ZEEXYGEN, "Added script dependency %s for %s", + DBG_LOG(DBG_ZEEKYGEN, "Added script dependency %s for %s", depname.c_str(), name.c_str()); for ( size_t i = 0; i < comment_buffer.size(); ++i ) - DbgAndWarn(fmt("Discarded extraneous Zeexygen comment: %s", + DbgAndWarn(fmt("Discarded extraneous Zeekygen comment: %s", comment_buffer[i].c_str())); } @@ -199,13 +199,13 @@ void Manager::ModuleUsage(const string& path, const string& module) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeexygen module usage %s in %s", + DbgAndWarn(fmt("Failed to add Zeekygen module usage %s in %s", module.c_str(), name.c_str())); return; } script_info->AddModule(module); - DBG_LOG(DBG_ZEEXYGEN, "Added module usage %s in %s", + DBG_LOG(DBG_ZEEKYGEN, "Added module usage %s in %s", module.c_str(), name.c_str()); } @@ -246,7 +246,7 @@ void Manager::StartType(ID* id) if ( id->GetLocationInfo() == &no_location ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for %s, " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for %s, " "no location available", id->Name())); return; } @@ -261,7 +261,7 @@ void Manager::StartType(ID* id) } incomplete_type = CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo (incomplete) %s, in %s", + DBG_LOG(DBG_ZEEKYGEN, "Made IdentifierInfo (incomplete) %s, in %s", id->Name(), script.c_str()); } @@ -279,7 +279,7 @@ void Manager::Identifier(ID* id) { if ( incomplete_type->Name() == id->Name() ) { - DBG_LOG(DBG_ZEEXYGEN, "Finished document for type %s", id->Name()); + DBG_LOG(DBG_ZEEKYGEN, "Finished document for type %s", id->Name()); incomplete_type->CompletedTypeDecl(); incomplete_type = 0; return; @@ -309,7 +309,7 @@ void Manager::Identifier(ID* id) { // Internally-created identifier (e.g. file/proto analyzer enum tags). // Handled specially since they don't have a script location. - DBG_LOG(DBG_ZEEXYGEN, "Made internal IdentifierInfo %s", + DBG_LOG(DBG_ZEEKYGEN, "Made internal IdentifierInfo %s", id->Name()); CreateIdentifierInfo(id, 0); return; @@ -325,7 +325,7 @@ void Manager::Identifier(ID* id) } CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo %s, in script %s", + DBG_LOG(DBG_ZEEKYGEN, "Made IdentifierInfo %s, in script %s", id->Name(), script.c_str()); } @@ -339,7 +339,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, if ( ! idd ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for " "record field %s, unknown record: %s", field->id, id->Name())); return; @@ -348,7 +348,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, string script = NormalizeScriptPath(path); idd->AddRecordField(field, script, comment_buffer); comment_buffer.clear(); - DBG_LOG(DBG_ZEEXYGEN, "Document record field %s, identifier %s, script %s", + DBG_LOG(DBG_ZEEKYGEN, "Document record field %s, identifier %s, script %s", field->id, id->Name(), script.c_str()); } @@ -365,7 +365,7 @@ void Manager::Redef(const ID* id, const string& path) if ( ! id_info ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for " "redef of %s, identifier lookup failed", id->Name())); return; @@ -384,7 +384,7 @@ void Manager::Redef(const ID* id, const string& path) script_info->AddRedef(id_info); comment_buffer.clear(); last_identifier_seen = id_info; - DBG_LOG(DBG_ZEEXYGEN, "Added redef of %s from %s", + DBG_LOG(DBG_ZEEKYGEN, "Added redef of %s from %s", id->Name(), from_script.c_str()); } @@ -421,7 +421,7 @@ void Manager::PostComment(const string& comment, const string& id_hint) if ( last_identifier_seen ) last_identifier_seen->AddComment(RemoveLeadingSpace(comment)); else - DbgAndWarn(fmt("Discarded unassociated Zeexygen comment %s", + DbgAndWarn(fmt("Discarded unassociated Zeekygen comment %s", comment.c_str())); return; diff --git a/src/zeexygen/Manager.h b/src/zeekygen/Manager.h similarity index 89% rename from src/zeexygen/Manager.h rename to src/zeekygen/Manager.h index 5b2142e047..ad4d98f668 100644 --- a/src/zeexygen/Manager.h +++ b/src/zeekygen/Manager.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_MANAGER_H -#define ZEEXYGEN_MANAGER_H +#ifndef ZEEKYGEN_MANAGER_H +#define ZEEKYGEN_MANAGER_H #include "Configuration.h" #include "Info.h" @@ -21,7 +21,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Map of info objects. Just a wrapper around std::map to improve code @@ -54,7 +54,7 @@ public: /** * Ctor. - * @param config Path to a Zeexygen config file if documentation is to be + * @param config Path to a Zeekygen config file if documentation is to be * written to disk. * @param bro_command The command used to invoke the bro process. * It's used when checking for out-of-date targets. If the bro binary is @@ -80,7 +80,7 @@ public: void InitPostScript(); /** - * Builds all Zeexygen targets specified by config file and write out + * Builds all Zeekygen targets specified by config file and write out * documentation to disk. */ void GenerateDocs() const; @@ -140,24 +140,24 @@ public: void Redef(const ID* id, const std::string& path); /** - * Register Zeexygen script summary content. + * Register Zeekygen script summary content. * @param path Absolute path to a Bro script. - * @param comment Zeexygen-style summary comment ("##!") to associate with + * @param comment Zeekygen-style summary comment ("##!") to associate with * script given by \a path. */ void SummaryComment(const std::string& path, const std::string& comment); /** - * Register a Zeexygen comment ("##") for an upcoming identifier (i.e. + * Register a Zeekygen comment ("##") for an upcoming identifier (i.e. * this content is buffered and consumed by next identifier/field * declaration. - * @param comment Content of the Zeexygen comment. + * @param comment Content of the Zeekygen comment. */ void PreComment(const std::string& comment); /** - * Register a Zeexygen comment ("##<") for the last identifier seen. - * @param comment Content of the Zeexygen comment. + * Register a Zeekygen comment ("##<") for the last identifier seen. + * @param comment Content of the Zeekygen comment. * @param identifier_hint Expected name of identifier with which to * associate \a comment. */ @@ -197,11 +197,11 @@ public: { return packages.GetInfo(name); } /** - * Check if a Zeexygen target is up-to-date. - * @param target_file output file of a Zeexygen target. + * Check if a Zeekygen target is up-to-date. + * @param target_file output file of a Zeekygen target. * @param dependencies all dependencies of the target. * @return true if modification time of \a target_file is newer than - * modification time of Bro binary, Zeexygen config file, and all + * modification time of Bro binary, Zeekygen config file, and all * dependencies, else false. */ template @@ -241,7 +241,7 @@ bool Manager::IsUpToDate(const string& target_file, // Doesn't exist. return false; - reporter->InternalError("Zeexygen failed to stat target file '%s': %s", + reporter->InternalError("Zeekygen failed to stat target file '%s': %s", target_file.c_str(), strerror(errno)); } @@ -258,8 +258,8 @@ bool Manager::IsUpToDate(const string& target_file, return true; } -} // namespace zeexygen +} // namespace zeekygen -extern zeexygen::Manager* zeexygen_mgr; +extern zeekygen::Manager* zeekygen_mgr; #endif diff --git a/src/zeexygen/PackageInfo.cc b/src/zeekygen/PackageInfo.cc similarity index 85% rename from src/zeexygen/PackageInfo.cc rename to src/zeekygen/PackageInfo.cc index 1fd607fd08..4fe1ba8ad9 100644 --- a/src/zeexygen/PackageInfo.cc +++ b/src/zeekygen/PackageInfo.cc @@ -9,7 +9,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; PackageInfo::PackageInfo(const string& arg_name) : Info(), @@ -23,7 +23,7 @@ PackageInfo::PackageInfo(const string& arg_name) ifstream f(readme_file.c_str()); if ( ! f.is_open() ) - reporter->InternalWarning("Zeexygen failed to open '%s': %s", + reporter->InternalWarning("Zeekygen failed to open '%s': %s", readme_file.c_str(), strerror(errno)); string line; @@ -32,7 +32,7 @@ PackageInfo::PackageInfo(const string& arg_name) readme.push_back(line); if ( f.bad() ) - reporter->InternalWarning("Zeexygen error reading '%s': %s", + reporter->InternalWarning("Zeekygen error reading '%s': %s", readme_file.c_str(), strerror(errno)); } @@ -54,5 +54,5 @@ time_t PackageInfo::DoGetModificationTime() const if ( readme_file.empty() ) return 0; - return zeexygen::get_mtime(readme_file); + return zeekygen::get_mtime(readme_file); } diff --git a/src/zeexygen/PackageInfo.h b/src/zeekygen/PackageInfo.h similarity index 89% rename from src/zeexygen/PackageInfo.h rename to src/zeekygen/PackageInfo.h index 977f31fece..4db2718944 100644 --- a/src/zeexygen/PackageInfo.h +++ b/src/zeekygen/PackageInfo.h @@ -1,14 +1,14 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_PACKAGEINFO_H -#define ZEEXYGEN_PACKAGEINFO_H +#ifndef ZEEKYGEN_PACKAGEINFO_H +#define ZEEKYGEN_PACKAGEINFO_H #include "Info.h" #include #include -namespace zeexygen { +namespace zeekygen { /** * Information about a Bro script package. @@ -45,6 +45,6 @@ private: std::vector readme; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/ReStructuredTextTable.cc b/src/zeekygen/ReStructuredTextTable.cc similarity index 98% rename from src/zeexygen/ReStructuredTextTable.cc rename to src/zeekygen/ReStructuredTextTable.cc index c8306313e5..55c576a2a4 100644 --- a/src/zeexygen/ReStructuredTextTable.cc +++ b/src/zeekygen/ReStructuredTextTable.cc @@ -5,7 +5,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; ReStructuredTextTable::ReStructuredTextTable(size_t arg_num_cols) : num_cols(arg_num_cols), rows(), longest_row_in_column() diff --git a/src/zeexygen/ReStructuredTextTable.h b/src/zeekygen/ReStructuredTextTable.h similarity index 92% rename from src/zeexygen/ReStructuredTextTable.h rename to src/zeekygen/ReStructuredTextTable.h index 9a4059ca83..aefa8aaa26 100644 --- a/src/zeexygen/ReStructuredTextTable.h +++ b/src/zeekygen/ReStructuredTextTable.h @@ -1,12 +1,12 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_RESTTABLE_H -#define ZEEXYGEN_RESTTABLE_H +#ifndef ZEEKYGEN_RESTTABLE_H +#define ZEEKYGEN_RESTTABLE_H #include #include -namespace zeexygen { +namespace zeekygen { /** * A reST table with arbitrary number of columns. @@ -48,6 +48,6 @@ private: std::vector longest_row_in_column; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/ScriptInfo.cc b/src/zeekygen/ScriptInfo.cc similarity index 86% rename from src/zeexygen/ScriptInfo.cc rename to src/zeekygen/ScriptInfo.cc index 47769c615a..d55b42b7bc 100644 --- a/src/zeexygen/ScriptInfo.cc +++ b/src/zeekygen/ScriptInfo.cc @@ -10,7 +10,7 @@ #include "Desc.h" using namespace std; -using namespace zeexygen; +using namespace zeekygen; bool IdInfoComp::operator ()(const IdentifierInfo* lhs, const IdentifierInfo* rhs) const @@ -24,11 +24,11 @@ static vector summary_comment(const vector& cmnts) for ( size_t i = 0; i < cmnts.size(); ++i ) { - size_t end = zeexygen::end_of_first_sentence(cmnts[i]); + size_t end = zeekygen::end_of_first_sentence(cmnts[i]); if ( end == string::npos ) { - if ( zeexygen::is_all_whitespace(cmnts[i]) ) + if ( zeekygen::is_all_whitespace(cmnts[i]) ) break; rval.push_back(cmnts[i]); @@ -86,7 +86,7 @@ static string make_summary(const string& heading, char underline, char border, add_summary_rows(d, summary_comment((*it)->GetComments()), &table); } - return zeexygen::make_heading(heading, underline) + table.AsString(border) + return zeekygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -115,7 +115,7 @@ static string make_redef_summary(const string& heading, char underline, add_summary_rows(d, summary_comment(iit->comments), &table); } - return zeexygen::make_heading(heading, underline) + table.AsString(border) + return zeekygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -125,7 +125,7 @@ static string make_details(const string& heading, char underline, if ( id_list.empty() ) return ""; - string rval = zeexygen::make_heading(heading, underline); + string rval = zeekygen::make_heading(heading, underline); for ( id_info_list::const_iterator it = id_list.begin(); it != id_list.end(); ++it ) @@ -143,7 +143,7 @@ static string make_redef_details(const string& heading, char underline, if ( id_set.empty() ) return ""; - string rval = zeexygen::make_heading(heading, underline); + string rval = zeekygen::make_heading(heading, underline); for ( id_info_set::const_iterator it = id_set.begin(); it != id_set.end(); ++it ) @@ -178,13 +178,13 @@ void ScriptInfo::DoInitPostScript() IdentifierInfo* info = it->second; ID* id = info->GetID(); - if ( ! zeexygen::is_public_api(id) ) + if ( ! zeekygen::is_public_api(id) ) continue; if ( id->AsType() ) { types.push_back(info); - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a type", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a type", id->Name(), name.c_str()); continue; } @@ -193,17 +193,17 @@ void ScriptInfo::DoInitPostScript() { switch ( id->Type()->AsFuncType()->Flavor() ) { case FUNC_FLAVOR_HOOK: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a hook", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a hook", id->Name(), name.c_str()); hooks.push_back(info); break; case FUNC_FLAVOR_EVENT: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a event", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a event", id->Name(), name.c_str()); events.push_back(info); break; case FUNC_FLAVOR_FUNCTION: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a function", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a function", id->Name(), name.c_str()); functions.push_back(info); break; @@ -219,13 +219,13 @@ void ScriptInfo::DoInitPostScript() { if ( id->FindAttr(ATTR_REDEF) ) { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a redef_option", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a redef_option", id->Name(), name.c_str()); redef_options.push_back(info); } else { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a constant", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a constant", id->Name(), name.c_str()); constants.push_back(info); } @@ -234,7 +234,7 @@ void ScriptInfo::DoInitPostScript() } else if ( id->IsOption() ) { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as an runtime option", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as an runtime option", id->Name(), name.c_str()); options.push_back(info); @@ -246,7 +246,7 @@ void ScriptInfo::DoInitPostScript() // documentation. continue; - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a state variable", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a state variable", id->Name(), name.c_str()); state_vars.push_back(info); } @@ -275,7 +275,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const string rval; rval += ":tocdepth: 3\n\n"; - rval += zeexygen::make_heading(name, '='); + rval += zeekygen::make_heading(name, '='); for ( string_set::const_iterator it = module_usages.begin(); it != module_usages.end(); ++it ) @@ -329,7 +329,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const //rval += fmt(":Source File: :download:`/scripts/%s`\n", name.c_str()); rval += "\n"; - rval += zeexygen::make_heading("Summary", '~'); + rval += zeekygen::make_heading("Summary", '~'); rval += make_summary("Runtime Options", '#', '=', options); rval += make_summary("Redefinable Options", '#', '=', redef_options); rval += make_summary("Constants", '#', '=', constants); @@ -340,7 +340,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const rval += make_summary("Hooks", '#', '=', hooks); rval += make_summary("Functions", '#', '=', functions); rval += "\n"; - rval += zeexygen::make_heading("Detailed Interface", '~'); + rval += zeekygen::make_heading("Detailed Interface", '~'); rval += make_details("Runtime Options", '#', options); rval += make_details("Redefinable Options", '#', redef_options); rval += make_details("Constants", '#', constants); @@ -356,25 +356,25 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const time_t ScriptInfo::DoGetModificationTime() const { - time_t most_recent = zeexygen::get_mtime(path); + time_t most_recent = zeekygen::get_mtime(path); for ( string_set::const_iterator it = dependencies.begin(); it != dependencies.end(); ++it ) { - Info* info = zeexygen_mgr->GetScriptInfo(*it); + Info* info = zeekygen_mgr->GetScriptInfo(*it); if ( ! info ) { for (const string& ext : script_extensions) { string pkg_name = *it + "/__load__" + ext; - info = zeexygen_mgr->GetScriptInfo(pkg_name); + info = zeekygen_mgr->GetScriptInfo(pkg_name); if ( info ) break; } if ( ! info ) - reporter->InternalWarning("Zeexygen failed to get mtime of %s", + reporter->InternalWarning("Zeekygen failed to get mtime of %s", it->c_str()); continue; } diff --git a/src/zeexygen/ScriptInfo.h b/src/zeekygen/ScriptInfo.h similarity index 92% rename from src/zeexygen/ScriptInfo.h rename to src/zeekygen/ScriptInfo.h index fb0f0c15ae..dde7560544 100644 --- a/src/zeexygen/ScriptInfo.h +++ b/src/zeekygen/ScriptInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_SCRIPTINFO_H -#define ZEEXYGEN_SCRIPTINFO_H +#ifndef ZEEKYGEN_SCRIPTINFO_H +#define ZEEKYGEN_SCRIPTINFO_H #include "Info.h" #include "IdentifierInfo.h" @@ -12,7 +12,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { class IdentifierInfo; @@ -39,7 +39,7 @@ public: ScriptInfo(const std::string& name, const std::string& path); /** - * Associate a Zeexygen summary comment ("##!") with the script. + * Associate a Zeekygen summary comment ("##!") with the script. * @param comment String extracted from the comment. */ void AddComment(const std::string& comment) @@ -83,7 +83,7 @@ public: { return is_pkg_loader; } /** - * @return All the scripts Zeexygen summary comments. + * @return All the scripts Zeekygen summary comments. */ std::vector GetComments() const; @@ -119,6 +119,6 @@ private: id_info_set redefs; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Target.cc b/src/zeekygen/Target.cc similarity index 90% rename from src/zeexygen/Target.cc rename to src/zeekygen/Target.cc index 406f6ffe4d..0e40defee3 100644 --- a/src/zeexygen/Target.cc +++ b/src/zeekygen/Target.cc @@ -16,7 +16,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; static void write_plugin_section_heading(FILE* f, const plugin::Plugin* p) { @@ -123,13 +123,13 @@ static void write_plugin_bif_items(FILE* f, const plugin::Plugin* p, for ( it = bifitems.begin(); it != bifitems.end(); ++it ) { - zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo( + zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo( it->GetID()); if ( doc ) fprintf(f, "%s\n\n", doc->ReStructuredText().c_str()); else - reporter->InternalWarning("Zeexygen ID lookup failed: %s\n", + reporter->InternalWarning("Zeekygen ID lookup failed: %s\n", it->GetID().c_str()); } } @@ -138,10 +138,10 @@ static void WriteAnalyzerTagDefn(FILE* f, const string& module) { string tag_id = module + "::Tag"; - zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(tag_id); + zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(tag_id); if ( ! doc ) - reporter->InternalError("Zeexygen failed analyzer tag lookup: %s", + reporter->InternalError("Zeekygen failed analyzer tag lookup: %s", tag_id.c_str()); fprintf(f, "%s\n", doc->ReStructuredText().c_str()); @@ -177,7 +177,7 @@ static vector filter_matches(const vector& from, Target* t) if ( t->MatchesPattern(d) ) { - DBG_LOG(DBG_ZEEXYGEN, "'%s' matched pattern for target '%s'", + DBG_LOG(DBG_ZEEKYGEN, "'%s' matched pattern for target '%s'", d->Name().c_str(), t->Name().c_str()); rval.push_back(d); } @@ -194,14 +194,14 @@ TargetFile::TargetFile(const string& arg_name) string dir = SafeDirname(name).result; if ( ! ensure_intermediate_dirs(dir.c_str()) ) - reporter->FatalError("Zeexygen failed to make dir %s", + reporter->FatalError("Zeekygen failed to make dir %s", dir.c_str()); } f = fopen(name.c_str(), "w"); if ( ! f ) - reporter->FatalError("Zeexygen failed to open '%s' for writing: %s", + reporter->FatalError("Zeekygen failed to open '%s' for writing: %s", name.c_str(), strerror(errno)); } @@ -210,7 +210,7 @@ TargetFile::~TargetFile() if ( f ) fclose(f); - DBG_LOG(DBG_ZEEXYGEN, "Wrote out-of-date target '%s'", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Wrote out-of-date target '%s'", name.c_str()); } @@ -245,11 +245,11 @@ void AnalyzerTarget::DoFindDependencies(const std::vector& infos) void AnalyzerTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), vector()) ) + if ( zeekygen_mgr->IsUpToDate(Name(), vector()) ) return; if ( Pattern() != "*" ) - reporter->InternalWarning("Zeexygen only implements analyzer target" + reporter->InternalWarning("Zeekygen only implements analyzer target" " pattern '*'"); TargetFile file(Name()); @@ -313,7 +313,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); for ( size_t i = 0; i < infos.size(); ++i ) @@ -329,7 +329,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps[j]->Name().size())) continue; - DBG_LOG(DBG_ZEEXYGEN, "Script %s associated with package %s", + DBG_LOG(DBG_ZEEKYGEN, "Script %s associated with package %s", script->Name().c_str(), pkg_deps[j]->Name().c_str()); pkg_manifest[pkg_deps[j]].push_back(script); script_deps.push_back(script); @@ -339,8 +339,8 @@ void PackageTarget::DoFindDependencies(const vector& infos) void PackageTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) && - zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) && + zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -382,13 +382,13 @@ void PackageIndexTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void PackageIndexTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -402,7 +402,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) script_deps = filter_matches(infos, this); if ( script_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); if ( ! IsDir() ) @@ -483,7 +483,7 @@ void ScriptTarget::DoGenerate() const vector dep; dep.push_back(script_deps[i]); - if ( zeexygen_mgr->IsUpToDate(target_filename, dep) ) + if ( zeekygen_mgr->IsUpToDate(target_filename, dep) ) continue; TargetFile file(target_filename); @@ -508,7 +508,7 @@ void ScriptTarget::DoGenerate() const reporter->Warning("Failed to unlink %s: %s", f.c_str(), strerror(errno)); - DBG_LOG(DBG_ZEEXYGEN, "Delete stale script file %s", f.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Delete stale script file %s", f.c_str()); } return; @@ -516,7 +516,7 @@ void ScriptTarget::DoGenerate() const // Target is a single file, all matching scripts get written there. - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -527,7 +527,7 @@ void ScriptTarget::DoGenerate() const void ScriptSummaryTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -552,7 +552,7 @@ void ScriptSummaryTarget::DoGenerate() const void ScriptIndexTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -577,13 +577,13 @@ void IdentifierTarget::DoFindDependencies(const vector& infos) id_deps = filter_matches(infos, this); if ( id_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void IdentifierTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), id_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), id_deps) ) return; TargetFile file(Name()); diff --git a/src/zeexygen/Target.h b/src/zeekygen/Target.h similarity index 97% rename from src/zeexygen/Target.h rename to src/zeekygen/Target.h index ef3c8b2e00..1129fe42ed 100644 --- a/src/zeexygen/Target.h +++ b/src/zeekygen/Target.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_TARGET_H -#define ZEEXYGEN_TARGET_H +#ifndef ZEEKYGEN_TARGET_H +#define ZEEKYGEN_TARGET_H #include "Info.h" #include "PackageInfo.h" @@ -13,7 +13,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Helper class to create files in arbitrary file paths and automatically @@ -39,7 +39,7 @@ struct TargetFile { }; /** - * A Zeexygen target abstract base class. A target is generally any portion of + * A Zeekygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. @@ -125,7 +125,7 @@ public: /** * Register a new target type. - * @param type_name The target type name as it will appear in Zeexygen + * @param type_name The target type name as it will appear in Zeekygen * config files. */ template @@ -136,7 +136,7 @@ public: /** * Instantiate a target. - * @param type_name The target type name as it appears in Zeexygen config + * @param type_name The target type name as it appears in Zeekygen config * files. * @param name The output file name of the target. * @param pattern The dependency pattern of the target. @@ -384,6 +384,6 @@ private: std::vector id_deps; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/utils.cc b/src/zeekygen/utils.cc similarity index 83% rename from src/zeexygen/utils.cc rename to src/zeekygen/utils.cc index 5cf76c1af6..b04790ee92 100644 --- a/src/zeexygen/utils.cc +++ b/src/zeekygen/utils.cc @@ -7,10 +7,10 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; -bool zeexygen::prettify_params(string& s) +bool zeekygen::prettify_params(string& s) { size_t identifier_start_pos = 0; bool in_identifier = false; @@ -76,29 +76,29 @@ bool zeexygen::prettify_params(string& s) return false; } -bool zeexygen::is_public_api(const ID* id) +bool zeekygen::is_public_api(const ID* id) { return (id->Scope() == SCOPE_GLOBAL) || (id->Scope() == SCOPE_MODULE && id->IsExport()); } -time_t zeexygen::get_mtime(const string& filename) +time_t zeekygen::get_mtime(const string& filename) { struct stat s; if ( stat(filename.c_str(), &s) < 0 ) - reporter->InternalError("Zeexygen failed to stat file '%s': %s", + reporter->InternalError("Zeekygen failed to stat file '%s': %s", filename.c_str(), strerror(errno)); return s.st_mtime; } -string zeexygen::make_heading(const string& heading, char underline) +string zeekygen::make_heading(const string& heading, char underline) { return heading + "\n" + string(heading.size(), underline) + "\n"; } -size_t zeexygen::end_of_first_sentence(const string& s) +size_t zeekygen::end_of_first_sentence(const string& s) { size_t rval = 0; @@ -119,7 +119,7 @@ size_t zeexygen::end_of_first_sentence(const string& s) return rval; } -bool zeexygen::is_all_whitespace(const string& s) +bool zeekygen::is_all_whitespace(const string& s) { for ( size_t i = 0; i < s.size(); ++i ) if ( ! isspace(s[i]) ) @@ -128,7 +128,7 @@ bool zeexygen::is_all_whitespace(const string& s) return true; } -string zeexygen::redef_indication(const string& from_script) +string zeekygen::redef_indication(const string& from_script) { return fmt("(present if :doc:`/scripts/%s` is loaded)", from_script.c_str()); diff --git a/src/zeexygen/utils.h b/src/zeekygen/utils.h similarity index 88% rename from src/zeexygen/utils.h rename to src/zeekygen/utils.h index b9a99a71f7..07430f66ba 100644 --- a/src/zeexygen/utils.h +++ b/src/zeekygen/utils.h @@ -1,18 +1,18 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_UTILS_H -#define ZEEXYGEN_UTILS_H +#ifndef ZEEKYGEN_UTILS_H +#define ZEEKYGEN_UTILS_H #include "ID.h" #include -namespace zeexygen { +namespace zeekygen { /** - * Transform content of a Zeexygen comment which may contain function + * Transform content of a Zeekygen comment which may contain function * parameter or return value documentation to a prettier reST format. - * @param s Content from a Zeexygen comment to transform. "id: ..." and + * @param s Content from a Zeekygen comment to transform. "id: ..." and * "Returns: ..." change to ":id: ..." and ":returns: ...". * @return Whether any content in \a s was transformed. */ @@ -62,6 +62,6 @@ bool is_all_whitespace(const std::string& s); */ std::string redef_indication(const std::string& from_script); -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/zeexygen.bif b/src/zeekygen/zeekygen.bif similarity index 81% rename from src/zeexygen/zeexygen.bif rename to src/zeekygen/zeekygen.bif index f7ce04d292..e10ee9f3ec 100644 --- a/src/zeexygen/zeexygen.bif +++ b/src/zeekygen/zeekygen.bif @@ -3,7 +3,7 @@ ##! Functions for querying script, package, or variable documentation. %%{ -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "util.h" static StringVal* comments_to_val(const vector& comments) @@ -12,7 +12,7 @@ static StringVal* comments_to_val(const vector& comments) } %%} -## Retrieve the Zeexygen-style comments (``##``) associated with an identifier +## Retrieve the Zeekygen-style comments (``##``) associated with an identifier ## (e.g. a variable or type). ## ## name: a script-level identifier for which to retrieve comments. @@ -21,8 +21,8 @@ static StringVal* comments_to_val(const vector& comments) ## identifier, an empty string is returned. function get_identifier_comments%(name: string%): string %{ - using namespace zeexygen; - IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(name->CheckString()); + using namespace zeekygen; + IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -30,7 +30,7 @@ function get_identifier_comments%(name: string%): string return comments_to_val(d->GetComments()); %} -## Retrieve the Zeexygen-style summary comments (``##!``) associated with +## Retrieve the Zeekygen-style summary comments (``##!``) associated with ## a Bro script. ## ## name: the name of a Bro script. It must be a relative path to where @@ -41,8 +41,8 @@ function get_identifier_comments%(name: string%): string ## *name* is not a known script, an empty string is returned. function get_script_comments%(name: string%): string %{ - using namespace zeexygen; - ScriptInfo* d = zeexygen_mgr->GetScriptInfo(name->CheckString()); + using namespace zeekygen; + ScriptInfo* d = zeekygen_mgr->GetScriptInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -59,8 +59,8 @@ function get_script_comments%(name: string%): string ## package, an empty string is returned. function get_package_readme%(name: string%): string %{ - using namespace zeexygen; - PackageInfo* d = zeexygen_mgr->GetPackageInfo(name->CheckString()); + using namespace zeekygen; + PackageInfo* d = zeekygen_mgr->GetPackageInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -68,7 +68,7 @@ function get_package_readme%(name: string%): string return comments_to_val(d->GetReadme()); %} -## Retrieve the Zeexygen-style comments (``##``) associated with a record field. +## Retrieve the Zeekygen-style comments (``##``) associated with a record field. ## ## name: the name of a record type and a field within it formatted like ## a typical record field access: "$". @@ -78,7 +78,7 @@ function get_package_readme%(name: string%): string ## type, an empty string is returned. function get_record_field_comments%(name: string%): string %{ - using namespace zeexygen; + using namespace zeekygen; string accessor = name->CheckString(); size_t i = accessor.find('$'); @@ -87,7 +87,7 @@ function get_record_field_comments%(name: string%): string string id = accessor.substr(0, i); - IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(id); + IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(id); if ( ! d ) return val_mgr->GetEmptyString(); diff --git a/testing/README b/testing/README index ba407fcc67..37f8aa9014 100644 --- a/testing/README +++ b/testing/README @@ -1,13 +1,13 @@ -This directory contains suites for testing for Bro's correct +This directory contains suites for testing for Zeek's correct operation: btest/ - An ever-growing set of small unit tests testing Bro's + An ever-growing set of small unit tests testing Zeek's functionality. external/ A framework for downloading additional test sets that run more - complex Bro configuration on larger traces files. Due to their + complex Zeek configuration on larger traces files. Due to their size, these are not included directly. See the README for more information. diff --git a/testing/btest/Baseline/bifs.cat_string_array/out b/testing/btest/Baseline/bifs.cat_string_array/out deleted file mode 100644 index 963f826db9..0000000000 --- a/testing/btest/Baseline/bifs.cat_string_array/out +++ /dev/null @@ -1,3 +0,0 @@ -isatest -thisisatest -isa diff --git a/testing/btest/Baseline/bifs.decode_base64/out b/testing/btest/Baseline/bifs.decode_base64/out index aa265d2148..bb04766fd8 100644 --- a/testing/btest/Baseline/bifs.decode_base64/out +++ b/testing/btest/Baseline/bifs.decode_base64/out @@ -6,9 +6,3 @@ bro bro bro bro -bro -bro -bro -bro -bro -bro diff --git a/testing/btest/Baseline/bifs.encode_base64/out b/testing/btest/Baseline/bifs.encode_base64/out index 3008115853..cacea20cca 100644 --- a/testing/btest/Baseline/bifs.encode_base64/out +++ b/testing/btest/Baseline/bifs.encode_base64/out @@ -2,9 +2,6 @@ YnJv YnJv YnJv }n-v -YnJv -YnJv -}n-v cGFkZGluZw== cGFkZGluZzE= cGFkZGluZzEy diff --git a/testing/btest/Baseline/bifs.join_string/out b/testing/btest/Baseline/bifs.join_string/out index e916fc304a..dbfa4c1e52 100644 --- a/testing/btest/Baseline/bifs.join_string/out +++ b/testing/btest/Baseline/bifs.join_string/out @@ -1,6 +1,3 @@ -this * is * a * test -thisisatest -mytest this__is__another__test thisisanothertest Test diff --git a/testing/btest/Baseline/bifs.lookup_ID/out b/testing/btest/Baseline/bifs.lookup_ID/out index 64b6379deb..40170b1f7c 100644 --- a/testing/btest/Baseline/bifs.lookup_ID/out +++ b/testing/btest/Baseline/bifs.lookup_ID/out @@ -1,4 +1,4 @@ -bro test +zeek test diff --git a/testing/btest/Baseline/bifs.merge_pattern/out b/testing/btest/Baseline/bifs.merge_pattern/out deleted file mode 100644 index fe8ebc3c01..0000000000 --- a/testing/btest/Baseline/bifs.merge_pattern/out +++ /dev/null @@ -1,2 +0,0 @@ -match -match diff --git a/testing/btest/Baseline/bifs.sort_string_array/out b/testing/btest/Baseline/bifs.sort_string_array/out deleted file mode 100644 index 533844768d..0000000000 --- a/testing/btest/Baseline/bifs.sort_string_array/out +++ /dev/null @@ -1,4 +0,0 @@ -a -is -test -this diff --git a/testing/btest/Baseline/bifs.split/out b/testing/btest/Baseline/bifs.split/out deleted file mode 100644 index 0ec2541f3d..0000000000 --- a/testing/btest/Baseline/bifs.split/out +++ /dev/null @@ -1,32 +0,0 @@ -t -s is a t -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a t -es -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a test ---------------------- -[, thi, s i, s a tes, t] ---------------------- -X-Mailer -Testing Test (http://www.example.com) ---------------------- -A -= - B -= - C -= - D diff --git a/testing/btest/Baseline/core.leaks.broker.data/bro..stdout b/testing/btest/Baseline/core.leaks.broker.data/zeek..stdout similarity index 100% rename from testing/btest/Baseline/core.leaks.broker.data/bro..stdout rename to testing/btest/Baseline/core.leaks.broker.data/zeek..stdout diff --git a/testing/btest/Baseline/core.old_comm_usage/out b/testing/btest/Baseline/core.old_comm_usage/out deleted file mode 100644 index cf4820d82e..0000000000 --- a/testing/btest/Baseline/core.old_comm_usage/out +++ /dev/null @@ -1,2 +0,0 @@ -warning in /Users/jon/projects/bro/bro/testing/btest/.tmp/core.old_comm_usage/old_comm_usage.zeek, line 6: deprecated (terminate_communication) -fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions, but the suggested solution is to port scripts to use the new Broker API. diff --git a/testing/btest/Baseline/core.option-runtime-errors/.stderr b/testing/btest/Baseline/core.option-runtime-errors/.stderr index 0d4da12312..a8362f52c0 100644 --- a/testing/btest/Baseline/core.option-runtime-errors/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.zeek, line 8: Could not find ID named 'B' (Option::set(B, 6, )) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.zeek, line 9: Could not find ID named 'B' (Option::set(B, 6, )) diff --git a/testing/btest/Baseline/core.plugins.hooks/output b/testing/btest/Baseline/core.plugins.hooks/output index 2725e48507..138d019b34 100644 --- a/testing/btest/Baseline/core.plugins.hooks/output +++ b/testing/btest/Baseline/core.plugins.hooks/output @@ -275,7 +275,7 @@ 0.000000 MetaHookPost LoadFile(./average) -> -1 0.000000 MetaHookPost LoadFile(./bloom-filter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./bro.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(./zeexygen.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./zeekygen.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./cardinality-counter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./const.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./consts) -> -1 @@ -855,7 +855,7 @@ 0.000000 MetaHookPre LoadFile(./average) 0.000000 MetaHookPre LoadFile(./bloom-filter.bif.bro) 0.000000 MetaHookPre LoadFile(./bro.bif.bro) -0.000000 MetaHookPre LoadFile(./zeexygen.bif.bro) +0.000000 MetaHookPre LoadFile(./zeekygen.bif.bro) 0.000000 MetaHookPre LoadFile(./cardinality-counter.bif.bro) 0.000000 MetaHookPre LoadFile(./const.bif.bro) 0.000000 MetaHookPre LoadFile(./consts) @@ -1435,7 +1435,7 @@ 0.000000 | HookLoadFile ./average.bro/bro 0.000000 | HookLoadFile ./bloom-filter.bif.bro/bro 0.000000 | HookLoadFile ./bro.bif.bro/bro -0.000000 | HookLoadFile ./zeexygen.bif.bro/bro +0.000000 | HookLoadFile ./zeekygen.bif.bro/bro 0.000000 | HookLoadFile ./cardinality-counter.bif.bro/bro 0.000000 | HookLoadFile ./const.bif.bro/bro 0.000000 | HookLoadFile ./consts.bif.bro/bro diff --git a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output b/testing/btest/Baseline/core.when-interpreter-exceptions/zeek.output similarity index 100% rename from testing/btest/Baseline/core.when-interpreter-exceptions/bro.output rename to testing/btest/Baseline/core.when-interpreter-exceptions/zeek.output diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 1976784e41..a4caf4f6be 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/zeexygen.bif.zeek + build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 6595a63eb3..a13c8849a1 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,18 +1,4 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//zeexygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) +warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 7951d68e2b..4c33718ad2 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/zeexygen.bif.zeek + build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr b/testing/btest/Baseline/doc.zeekygen.all_scripts/.stderr similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr rename to testing/btest/Baseline/doc.zeekygen.all_scripts/.stderr diff --git a/testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout b/testing/btest/Baseline/doc.zeekygen.all_scripts/.stdout similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout rename to testing/btest/Baseline/doc.zeekygen.all_scripts/.stdout diff --git a/testing/btest/Baseline/doc.zeexygen.command_line/output b/testing/btest/Baseline/doc.zeekygen.command_line/output similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.command_line/output rename to testing/btest/Baseline/doc.zeekygen.command_line/output diff --git a/testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out b/testing/btest/Baseline/doc.zeekygen.comment_retrieval_bifs/out similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out rename to testing/btest/Baseline/doc.zeekygen.comment_retrieval_bifs/out diff --git a/testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst b/testing/btest/Baseline/doc.zeekygen.enums/autogen-reST-enums.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst rename to testing/btest/Baseline/doc.zeekygen.enums/autogen-reST-enums.rst diff --git a/testing/btest/Baseline/doc.zeexygen.example/example.rst b/testing/btest/Baseline/doc.zeekygen.example/example.rst similarity index 77% rename from testing/btest/Baseline/doc.zeexygen.example/example.rst rename to testing/btest/Baseline/doc.zeekygen.example/example.rst index 4ea8dfe0c3..141a06cc2a 100644 --- a/testing/btest/Baseline/doc.zeexygen.example/example.rst +++ b/testing/btest/Baseline/doc.zeekygen.example/example.rst @@ -1,10 +1,10 @@ :tocdepth: 3 -zeexygen/example.zeek +zeekygen/example.zeek ===================== -.. zeek:namespace:: ZeexygenExample +.. zeek:namespace:: ZeekygenExample -This is an example script that demonstrates Zeexygen-style +This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -19,14 +19,14 @@ purpose. They are transferred directly in to the generated There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. -See also: :zeek:see:`ZeexygenExample::a_var`, -:zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` +See also: :zeek:see:`ZeekygenExample::a_var`, +:zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: -.. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info +.. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info -:Namespace: ZeexygenExample +:Namespace: ZeekygenExample :Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` Summary @@ -34,25 +34,25 @@ Summary Redefinable Options ################### ======================================================================================= ======================================================= -:zeek:id:`ZeexygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. -:zeek:id:`ZeexygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. +:zeek:id:`ZeekygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. +:zeek:id:`ZeekygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. ======================================================================================= ======================================================= State Variables ############### ========================================================================== ======================================================================== -:zeek:id:`ZeexygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. -:zeek:id:`ZeexygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. -:zeek:id:`ZeexygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. +:zeek:id:`ZeekygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. +:zeek:id:`ZeekygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. +:zeek:id:`ZeekygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. ========================================================================== ======================================================================== Types ##### ==================================================================================== =========================================================== -:zeek:type:`ZeexygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. -:zeek:type:`ZeexygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. -:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. -:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. +:zeek:type:`ZeekygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. +:zeek:type:`ZeekygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. +:zeek:type:`ZeekygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. +:zeek:type:`ZeekygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. ==================================================================================== =========================================================== Redefinitions @@ -60,21 +60,21 @@ Redefinitions =============================================================== ==================================================================== :zeek:type:`Log::ID`: :zeek:type:`enum` :zeek:type:`Notice::Type`: :zeek:type:`enum` -:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding +:zeek:type:`ZeekygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding the *redef* itself. -:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. +:zeek:type:`ZeekygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. =============================================================== ==================================================================== Events ###### ======================================================== ========================== -:zeek:id:`ZeexygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. +:zeek:id:`ZeekygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. ======================================================== ========================== Functions ######### ============================================================= ======================================= -:zeek:id:`ZeexygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. +:zeek:id:`ZeekygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. ============================================================= ======================================= @@ -82,7 +82,7 @@ Detailed Interface ~~~~~~~~~~~~~~~~~~ Redefinable Options ################### -.. zeek:id:: ZeexygenExample::an_option +.. zeek:id:: ZeekygenExample::an_option :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] :Attributes: :zeek:attr:`&redef` @@ -91,7 +91,7 @@ Redefinable Options Add documentation for "an_option" here. The type/attribute information is all generated automatically. -.. zeek:id:: ZeexygenExample::option_with_init +.. zeek:id:: ZeekygenExample::option_with_init :Type: :zeek:type:`interval` :Attributes: :zeek:attr:`&redef` @@ -102,7 +102,7 @@ Redefinable Options State Variables ############### -.. zeek:id:: ZeexygenExample::a_var +.. zeek:id:: ZeekygenExample::a_var :Type: :zeek:type:`bool` @@ -110,7 +110,7 @@ State Variables isn't a function/event/hook is classified as a "state variable" in the generated docs. -.. zeek:id:: ZeexygenExample::summary_test +.. zeek:id:: ZeekygenExample::summary_test :Type: :zeek:type:`string` @@ -118,7 +118,7 @@ State Variables And this second sentence doesn't show in the short description provided by the table of all identifiers declared by this script. -.. zeek:id:: ZeexygenExample::var_without_explicit_type +.. zeek:id:: ZeekygenExample::var_without_explicit_type :Type: :zeek:type:`string` :Default: ``"this works"`` @@ -127,7 +127,7 @@ State Variables Types ##### -.. zeek:type:: ZeexygenExample::ComplexRecord +.. zeek:type:: ZeekygenExample::ComplexRecord :Type: :zeek:type:`record` @@ -137,8 +137,8 @@ Types field2: :zeek:type:`bool` Toggles something. - field3: :zeek:type:`ZeexygenExample::SimpleRecord` - Zeexygen automatically tracks types + field3: :zeek:type:`ZeekygenExample::SimpleRecord` + Zeekygen automatically tracks types and cross-references are automatically inserted in to generated docs. @@ -148,7 +148,7 @@ Types General documentation for a type "ComplexRecord" goes here. -.. zeek:type:: ZeexygenExample::Info +.. zeek:type:: ZeekygenExample::Info :Type: :zeek:type:`record` @@ -164,33 +164,33 @@ Types fields plus the extensions and the scripts which contributed to it (provided they are also @load'ed). -.. zeek:type:: ZeexygenExample::SimpleEnum +.. zeek:type:: ZeekygenExample::SimpleEnum :Type: :zeek:type:`enum` - .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::ONE ZeekygenExample::SimpleEnum Documentation for particular enum values is added like this. And can also span multiple lines. - .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::TWO ZeekygenExample::SimpleEnum Or this style is valid to document the preceding enum value. - .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::THREE ZeekygenExample::SimpleEnum - .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FOUR ZeekygenExample::SimpleEnum And some documentation for "FOUR". - .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FIVE ZeekygenExample::SimpleEnum Also "FIVE". Documentation for the "SimpleEnum" type goes here. It can span multiple lines. -.. zeek:type:: ZeexygenExample::SimpleRecord +.. zeek:type:: ZeekygenExample::SimpleRecord :Type: :zeek:type:`record` @@ -210,23 +210,23 @@ Types Events ###### -.. zeek:id:: ZeexygenExample::an_event +.. zeek:id:: ZeekygenExample::an_event :Type: :zeek:type:`event` (name: :zeek:type:`string`) Summarize "an_event" here. Give more details about "an_event" here. - ZeexygenExample::a_function should not be confused as a parameter + ZeekygenExample::a_function should not be confused as a parameter in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. :name: Describe the argument here. Functions ######### -.. zeek:id:: ZeexygenExample::a_function +.. zeek:id:: ZeekygenExample::a_function :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` diff --git a/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.zeekygen.func-params/autogen-reST-func-params.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst rename to testing/btest/Baseline/doc.zeekygen.func-params/autogen-reST-func-params.rst diff --git a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst b/testing/btest/Baseline/doc.zeekygen.identifier/test.rst similarity index 70% rename from testing/btest/Baseline/doc.zeexygen.identifier/test.rst rename to testing/btest/Baseline/doc.zeekygen.identifier/test.rst index 128e1c6a5f..34c4ae71a6 100644 --- a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.identifier/test.rst @@ -1,91 +1,91 @@ -.. zeek:id:: ZeexygenExample::Zeexygen_One +.. zeek:id:: ZeekygenExample::Zeekygen_One :Type: :zeek:type:`Notice::Type` Any number of this type of comment - will document "Zeexygen_One". + will document "Zeekygen_One". -.. zeek:id:: ZeexygenExample::Zeexygen_Two +.. zeek:id:: ZeekygenExample::Zeekygen_Two :Type: :zeek:type:`Notice::Type` Any number of this type of comment - will document "ZEEXYGEN_TWO". + will document "ZEEKYGEN_TWO". -.. zeek:id:: ZeexygenExample::Zeexygen_Three +.. zeek:id:: ZeekygenExample::Zeekygen_Three :Type: :zeek:type:`Notice::Type` -.. zeek:id:: ZeexygenExample::Zeexygen_Four +.. zeek:id:: ZeekygenExample::Zeekygen_Four :Type: :zeek:type:`Notice::Type` Omitting comments is fine, and so is mixing ``##`` and ``##<``, but it's probably best to use only one style consistently. -.. zeek:id:: ZeexygenExample::LOG +.. zeek:id:: ZeekygenExample::LOG :Type: :zeek:type:`Log::ID` -.. zeek:type:: ZeexygenExample::SimpleEnum +.. zeek:type:: ZeekygenExample::SimpleEnum :Type: :zeek:type:`enum` - .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::ONE ZeekygenExample::SimpleEnum Documentation for particular enum values is added like this. And can also span multiple lines. - .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::TWO ZeekygenExample::SimpleEnum Or this style is valid to document the preceding enum value. - .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::THREE ZeekygenExample::SimpleEnum - .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FOUR ZeekygenExample::SimpleEnum And some documentation for "FOUR". - .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FIVE ZeekygenExample::SimpleEnum Also "FIVE". Documentation for the "SimpleEnum" type goes here. It can span multiple lines. -.. zeek:id:: ZeexygenExample::ONE +.. zeek:id:: ZeekygenExample::ONE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Documentation for particular enum values is added like this. And can also span multiple lines. -.. zeek:id:: ZeexygenExample::TWO +.. zeek:id:: ZeekygenExample::TWO - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Or this style is valid to document the preceding enum value. -.. zeek:id:: ZeexygenExample::THREE +.. zeek:id:: ZeekygenExample::THREE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` -.. zeek:id:: ZeexygenExample::FOUR +.. zeek:id:: ZeekygenExample::FOUR - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` And some documentation for "FOUR". -.. zeek:id:: ZeexygenExample::FIVE +.. zeek:id:: ZeekygenExample::FIVE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Also "FIVE". -.. zeek:type:: ZeexygenExample::SimpleRecord +.. zeek:type:: ZeekygenExample::SimpleRecord :Type: :zeek:type:`record` @@ -103,7 +103,7 @@ The way fields can be documented is similar to what's already seen for enums. -.. zeek:type:: ZeexygenExample::ComplexRecord +.. zeek:type:: ZeekygenExample::ComplexRecord :Type: :zeek:type:`record` @@ -113,8 +113,8 @@ field2: :zeek:type:`bool` Toggles something. - field3: :zeek:type:`ZeexygenExample::SimpleRecord` - Zeexygen automatically tracks types + field3: :zeek:type:`ZeekygenExample::SimpleRecord` + Zeekygen automatically tracks types and cross-references are automatically inserted in to generated docs. @@ -124,7 +124,7 @@ General documentation for a type "ComplexRecord" goes here. -.. zeek:type:: ZeexygenExample::Info +.. zeek:type:: ZeekygenExample::Info :Type: :zeek:type:`record` @@ -140,7 +140,7 @@ fields plus the extensions and the scripts which contributed to it (provided they are also @load'ed). -.. zeek:id:: ZeexygenExample::an_option +.. zeek:id:: ZeekygenExample::an_option :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] :Attributes: :zeek:attr:`&redef` @@ -149,7 +149,7 @@ Add documentation for "an_option" here. The type/attribute information is all generated automatically. -.. zeek:id:: ZeexygenExample::option_with_init +.. zeek:id:: ZeekygenExample::option_with_init :Type: :zeek:type:`interval` :Attributes: :zeek:attr:`&redef` @@ -158,7 +158,7 @@ Default initialization will be generated automatically. More docs can be added here. -.. zeek:id:: ZeexygenExample::a_var +.. zeek:id:: ZeekygenExample::a_var :Type: :zeek:type:`bool` @@ -166,14 +166,14 @@ isn't a function/event/hook is classified as a "state variable" in the generated docs. -.. zeek:id:: ZeexygenExample::var_without_explicit_type +.. zeek:id:: ZeekygenExample::var_without_explicit_type :Type: :zeek:type:`string` :Default: ``"this works"`` Types are inferred, that information is self-documenting. -.. zeek:id:: ZeexygenExample::summary_test +.. zeek:id:: ZeekygenExample::summary_test :Type: :zeek:type:`string` @@ -181,7 +181,7 @@ And this second sentence doesn't show in the short description provided by the table of all identifiers declared by this script. -.. zeek:id:: ZeexygenExample::a_function +.. zeek:id:: ZeekygenExample::a_function :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` @@ -200,26 +200,26 @@ :returns: Describe the return type here. -.. zeek:id:: ZeexygenExample::an_event +.. zeek:id:: ZeekygenExample::an_event :Type: :zeek:type:`event` (name: :zeek:type:`string`) Summarize "an_event" here. Give more details about "an_event" here. - ZeexygenExample::a_function should not be confused as a parameter + ZeekygenExample::a_function should not be confused as a parameter in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. :name: Describe the argument here. -.. zeek:id:: ZeexygenExample::function_without_proto +.. zeek:id:: ZeekygenExample::function_without_proto :Type: :zeek:type:`function` (tag: :zeek:type:`string`) : :zeek:type:`string` -.. zeek:type:: ZeexygenExample::PrivateRecord +.. zeek:type:: ZeekygenExample::PrivateRecord :Type: :zeek:type:`record` diff --git a/testing/btest/Baseline/doc.zeexygen.package/test.rst b/testing/btest/Baseline/doc.zeekygen.package/test.rst similarity index 70% rename from testing/btest/Baseline/doc.zeexygen.package/test.rst rename to testing/btest/Baseline/doc.zeekygen.package/test.rst index 345b2b6847..6ced7b797e 100644 --- a/testing/btest/Baseline/doc.zeexygen.package/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.package/test.rst @@ -1,19 +1,19 @@ :orphan: -Package: zeexygen +Package: zeekygen ================= This package is loaded during the process which automatically generates -reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/zeexygen/__load__.zeek` +:doc:`/scripts/zeekygen/__load__.zeek` -:doc:`/scripts/zeexygen/example.zeek` +:doc:`/scripts/zeekygen/example.zeek` - This is an example script that demonstrates Zeexygen-style + This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -28,10 +28,10 @@ extra scripts needed or used by the documentation process. There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :zeek:see:`ZeexygenExample::a_var`, - :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + See also: :zeek:see:`ZeekygenExample::a_var`, + :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst b/testing/btest/Baseline/doc.zeekygen.package_index/test.rst similarity index 68% rename from testing/btest/Baseline/doc.zeexygen.package_index/test.rst rename to testing/btest/Baseline/doc.zeekygen.package_index/test.rst index 4a854e9736..df9907bd1b 100644 --- a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.package_index/test.rst @@ -1,7 +1,7 @@ -:doc:`zeexygen ` +:doc:`zeekygen ` This package is loaded during the process which automatically generates - reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only + reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. diff --git a/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.zeekygen.records/autogen-reST-records.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst rename to testing/btest/Baseline/doc.zeekygen.records/autogen-reST-records.rst diff --git a/testing/btest/Baseline/doc.zeekygen.script_index/test.rst b/testing/btest/Baseline/doc.zeekygen.script_index/test.rst new file mode 100644 index 0000000000..1ca04759bb --- /dev/null +++ b/testing/btest/Baseline/doc.zeekygen.script_index/test.rst @@ -0,0 +1,5 @@ +.. toctree:: + :maxdepth: 1 + + zeekygen/__load__.zeek + zeekygen/example.zeek diff --git a/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst b/testing/btest/Baseline/doc.zeekygen.script_summary/test.rst similarity index 71% rename from testing/btest/Baseline/doc.zeexygen.script_summary/test.rst rename to testing/btest/Baseline/doc.zeekygen.script_summary/test.rst index 3dd189ca77..7f3885b86e 100644 --- a/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.script_summary/test.rst @@ -1,5 +1,5 @@ -:doc:`/scripts/zeexygen/example.zeek` - This is an example script that demonstrates Zeexygen-style +:doc:`/scripts/zeekygen/example.zeek` + This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -14,10 +14,10 @@ There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :zeek:see:`ZeexygenExample::a_var`, - :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + See also: :zeek:see:`ZeekygenExample::a_var`, + :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst similarity index 60% rename from testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst rename to testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst index 7f60859a5a..4dfae471c4 100644 --- a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst +++ b/testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst @@ -1,16 +1,16 @@ -.. zeek:type:: ZeexygenTest::TypeAlias +.. zeek:type:: ZeekygenTest::TypeAlias :Type: :zeek:type:`bool` This is just an alias for a builtin type ``bool``. -.. zeek:type:: ZeexygenTest::NotTypeAlias +.. zeek:type:: ZeekygenTest::NotTypeAlias :Type: :zeek:type:`bool` This type should get its own comments, not associated w/ TypeAlias. -.. zeek:type:: ZeexygenTest::OtherTypeAlias +.. zeek:type:: ZeekygenTest::OtherTypeAlias :Type: :zeek:type:`bool` @@ -19,25 +19,25 @@ one doesn't have to click through the full type alias chain to find out what the actual type is... -.. zeek:id:: ZeexygenTest::a +.. zeek:id:: ZeekygenTest::a - :Type: :zeek:type:`ZeexygenTest::TypeAlias` + :Type: :zeek:type:`ZeekygenTest::TypeAlias` But this should reference a type of ``TypeAlias``. -.. zeek:id:: ZeexygenTest::b +.. zeek:id:: ZeekygenTest::b - :Type: :zeek:type:`ZeexygenTest::OtherTypeAlias` + :Type: :zeek:type:`ZeekygenTest::OtherTypeAlias` And this should reference a type of ``OtherTypeAlias``. -.. zeek:type:: ZeexygenTest::MyRecord +.. zeek:type:: ZeekygenTest::MyRecord :Type: :zeek:type:`record` - f1: :zeek:type:`ZeexygenTest::TypeAlias` + f1: :zeek:type:`ZeekygenTest::TypeAlias` - f2: :zeek:type:`ZeexygenTest::OtherTypeAlias` + f2: :zeek:type:`ZeekygenTest::OtherTypeAlias` f3: :zeek:type:`bool` diff --git a/testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst b/testing/btest/Baseline/doc.zeekygen.vectors/autogen-reST-vectors.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst rename to testing/btest/Baseline/doc.zeekygen.vectors/autogen-reST-vectors.rst diff --git a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst b/testing/btest/Baseline/doc.zeexygen.script_index/test.rst deleted file mode 100644 index eab6c439b2..0000000000 --- a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst +++ /dev/null @@ -1,5 +0,0 @@ -.. toctree:: - :maxdepth: 1 - - zeexygen/__load__.zeek - zeexygen/example.zeek diff --git a/testing/btest/Baseline/language.returnwhen/bro..stdout b/testing/btest/Baseline/language.returnwhen/zeek..stdout similarity index 100% rename from testing/btest/Baseline/language.returnwhen/bro..stdout rename to testing/btest/Baseline/language.returnwhen/zeek..stdout diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index aa27d73819..0fea39bacc 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -785,7 +785,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/zeexygen.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/zeekygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 @@ -1688,7 +1688,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/utils.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/variance.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/zeexygen.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/zeekygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) @@ -2599,7 +2599,7 @@ 0.000000 | HookLoadFile .<...>/variance.zeek 0.000000 | HookLoadFile .<...>/video.sig 0.000000 | HookLoadFile .<...>/weird.zeek -0.000000 | HookLoadFile .<...>/zeexygen.bif.zeek +0.000000 | HookLoadFile .<...>/zeekygen.bif.zeek 0.000000 | HookLoadFile <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.zeek diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.read_config/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.read_config/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.several-files/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.several-files/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.updates/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.updates/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/broproc.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/broproc.intel.log rename to testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/zeekproc.intel.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log rename to testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/zeekproc.intel.log diff --git a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 index 2f84ca097a..3c3f495e11 100644 --- a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 +++ b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 @@ -1 +1 @@ -1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. +1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Zeek reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. diff --git a/testing/btest/Baseline/scripts.base.utils.addrs/output b/testing/btest/Baseline/scripts.base.utils.addrs/output index 37afcb4719..37cd37bbb2 100644 --- a/testing/btest/Baseline/scripts.base.utils.addrs/output +++ b/testing/btest/Baseline/scripts.base.utils.addrs/output @@ -1,4 +1,4 @@ -============ test ipv4 regex +============ test ipv4 regex (good strings) T T T @@ -6,9 +6,24 @@ T T T T +T +T +T +T +T +T +T +============ bad ipv4 decimals F F F +F +F +F +============ too many ipv4 decimals +F +F +============ typical looking ipv4 T T ============ test ipv6 regex @@ -30,6 +45,9 @@ T F F F +F +F ============ test extract_ip_addresses() [1.1.1.1, 2.2.2.2, 3.3.3.3] [1.1.1.1, 0:0:0:0:0:0:0:0, 3.3.3.3] +[6:1:2::3:4:5:6] diff --git a/testing/btest/Baseline/scripts.base.utils.dir/bro..stdout b/testing/btest/Baseline/scripts.base.utils.dir/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.utils.dir/bro..stdout rename to testing/btest/Baseline/scripts.base.utils.dir/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.exec/bro..stdout b/testing/btest/Baseline/scripts.base.utils.exec/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.utils.exec/bro..stdout rename to testing/btest/Baseline/scripts.base.utils.exec/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.paths/output b/testing/btest/Baseline/scripts.base.utils.paths/output index e5693546da..1bf7f738a3 100644 --- a/testing/btest/Baseline/scripts.base.utils.paths/output +++ b/testing/btest/Baseline/scripts.base.utils.paths/output @@ -62,9 +62,9 @@ Expect: /this/is/a/dir\ is\ current\ directory Result: /this/is/a/dir\ is\ current\ directory Result: SUCCESS =============================== -Given : hey, /foo/bar/baz.bro is a cool script -Expect: /foo/bar/baz.bro -Result: /foo/bar/baz.bro +Given : hey, /foo/bar/baz.zeek is a cool script +Expect: /foo/bar/baz.zeek +Result: /foo/bar/baz.zeek Result: SUCCESS =============================== Given : here's two dirs: /foo/bar and /foo/baz @@ -74,11 +74,11 @@ Result: SUCCESS =============================== test build_path_compressed() =============================== -/home/bro/policy/somefile.bro -/usr/local/bro/share/bro/somefile.bro -/usr/local/bro/somefile.bro +/home/bro/policy/somefile.zeek +/usr/local/bro/share/bro/somefile.zeek +/usr/local/bro/somefile.zeek =============================== test build_full_path() =============================== -/home/bro//policy/somefile.bro -/usr/local/bro/share/bro/somefile.bro +/home/bro//policy/somefile.zeek +/usr/local/bro/share/bro/somefile.zeek diff --git a/testing/btest/Baseline/scripts.policy.frameworks.intel.removal/broproc.intel.log b/testing/btest/Baseline/scripts.policy.frameworks.intel.removal/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.policy.frameworks.intel.removal/broproc.intel.log rename to testing/btest/Baseline/scripts.policy.frameworks.intel.removal/zeekproc.intel.log diff --git a/testing/btest/Baseline/scripts.policy.misc.weird-stats/bro.weird_stats.log b/testing/btest/Baseline/scripts.policy.misc.weird-stats/zeek.weird_stats.log similarity index 100% rename from testing/btest/Baseline/scripts.policy.misc.weird-stats/bro.weird_stats.log rename to testing/btest/Baseline/scripts.policy.misc.weird-stats/zeek.weird_stats.log diff --git a/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out b/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out new file mode 100644 index 0000000000..5b5066d638 --- /dev/null +++ b/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out @@ -0,0 +1,6 @@ +signature match, Found .*XXXX, XXXX +signature match, Found .*YYYY, YYYY +signature match, Found XXXX, XXXX +signature match, Found YYYY, YYYY +signature match, Found ^XXXX, XXXX +signature match, Found ^YYYY, YYYY diff --git a/testing/btest/README b/testing/btest/README index 200d1a3e0e..f20205c36b 100644 --- a/testing/btest/README +++ b/testing/btest/README @@ -1,4 +1,4 @@ -This a test suite of small "unit tests" that verify individual pieces of Bro +This a test suite of small "unit tests" that verify individual pieces of Zeek functionality. They all utilize BTest, a simple framework/driver for writing unit tests. More information about BTest can be found at https://github.com/zeek/btest @@ -20,14 +20,14 @@ Significant Subdirectories Packet captures utilized by the various BTest tests. * scripts/ - This hierarchy of tests emulates the hierarchy of the Bro scripts/ + This hierarchy of tests emulates the hierarchy of the Zeek scripts/ directory. * coverage/ This collection of tests relates to checking whether we're covering everything we want to in terms of tests, documentation, and which - scripts get loaded in different Bro configurations. These tests are - more prone to fail as new Bro scripts are developed and added to the + scripts get loaded in different Zeek configurations. These tests are + more prone to fail as new Zeek scripts are developed and added to the distribution -- checking the individual test's comments is the best place to check for more details on what exactly the test is checking and hints on how to fix it when it fails. @@ -48,7 +48,7 @@ run ``btest`` directly with desired options/arguments. Examples: You can specify a directory on the command line to run just the tests contained in that directory. This is useful if you wish to run all of a given type of test, without running all the tests - there are. For example, "btest scripts" will run all of the Bro + there are. For example, "btest scripts" will run all of the Zeek script unit tests. diff --git a/testing/btest/bifs/addr_count_conversion.zeek b/testing/btest/bifs/addr_count_conversion.zeek index fb87a0c6a3..c27d154932 100644 --- a/testing/btest/bifs/addr_count_conversion.zeek +++ b/testing/btest/bifs/addr_count_conversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global v: index_vec; diff --git a/testing/btest/bifs/addr_to_ptr_name.zeek b/testing/btest/bifs/addr_to_ptr_name.zeek index ac2391cf9b..113750cb4e 100644 --- a/testing/btest/bifs/addr_to_ptr_name.zeek +++ b/testing/btest/bifs/addr_to_ptr_name.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print addr_to_ptr_name([2607:f8b0:4009:802::1012]); diff --git a/testing/btest/bifs/addr_version.zeek b/testing/btest/bifs/addr_version.zeek index bf96c0d1f3..ca3e4a3100 100644 --- a/testing/btest/bifs/addr_version.zeek +++ b/testing/btest/bifs/addr_version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print is_v4_addr(1.2.3.4); diff --git a/testing/btest/bifs/all_set.zeek b/testing/btest/bifs/all_set.zeek index 86a56ed9fa..70a5ea0ecd 100644 --- a/testing/btest/bifs/all_set.zeek +++ b/testing/btest/bifs/all_set.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/analyzer_name.zeek b/testing/btest/bifs/analyzer_name.zeek index b763aabe08..fc896dc417 100644 --- a/testing/btest/bifs/analyzer_name.zeek +++ b/testing/btest/bifs/analyzer_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/any_set.zeek b/testing/btest/bifs/any_set.zeek index e19a467206..b64fbb461d 100644 --- a/testing/btest/bifs/any_set.zeek +++ b/testing/btest/bifs/any_set.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/bloomfilter-seed.zeek b/testing/btest/bifs/bloomfilter-seed.zeek index 24531de915..bfa0b0795f 100644 --- a/testing/btest/bifs/bloomfilter-seed.zeek +++ b/testing/btest/bifs/bloomfilter-seed.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT global_hash_seed="foo" >>output -# @TEST-EXEC: bro -b %INPUT global_hash_seed="my_seed" >>output +# @TEST-EXEC: zeek -b %INPUT global_hash_seed="foo" >>output +# @TEST-EXEC: zeek -b %INPUT global_hash_seed="my_seed" >>output # @TEST-EXEC: btest-diff output type Foo: record diff --git a/testing/btest/bifs/bloomfilter.zeek b/testing/btest/bifs/bloomfilter.zeek index dbad5acf5a..6b7abf3a17 100644 --- a/testing/btest/bifs/bloomfilter.zeek +++ b/testing/btest/bifs/bloomfilter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output function test_basic_bloom_filter() diff --git a/testing/btest/bifs/bro_version.zeek b/testing/btest/bifs/bro_version.zeek index f4de22e09d..84d485a292 100644 --- a/testing/btest/bifs/bro_version.zeek +++ b/testing/btest/bifs/bro_version.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/bytestring_to_count.zeek b/testing/btest/bifs/bytestring_to_count.zeek index 5d15bde38b..2368533432 100644 --- a/testing/btest/bifs/bytestring_to_count.zeek +++ b/testing/btest/bifs/bytestring_to_count.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/bifs/bytestring_to_double.zeek b/testing/btest/bifs/bytestring_to_double.zeek index 6ebcbe503b..ef6890bd61 100644 --- a/testing/btest/bifs/bytestring_to_double.zeek +++ b/testing/btest/bifs/bytestring_to_double.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/bytestring_to_hexstr.zeek b/testing/btest/bifs/bytestring_to_hexstr.zeek index 0b3e8154ab..ec0e23005e 100644 --- a/testing/btest/bifs/bytestring_to_hexstr.zeek +++ b/testing/btest/bifs/bytestring_to_hexstr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/capture_state_updates.zeek b/testing/btest/bifs/capture_state_updates.zeek index 17d015a661..b9a802a53d 100644 --- a/testing/btest/bifs/capture_state_updates.zeek +++ b/testing/btest/bifs/capture_state_updates.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: test -f testfile diff --git a/testing/btest/bifs/cat.zeek b/testing/btest/bifs/cat.zeek index 5e811f147e..5540ebf106 100644 --- a/testing/btest/bifs/cat.zeek +++ b/testing/btest/bifs/cat.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/cat_string_array.zeek b/testing/btest/bifs/cat_string_array.zeek deleted file mode 100644 index f9aa3f266d..0000000000 --- a/testing/btest/bifs/cat_string_array.zeek +++ /dev/null @@ -1,14 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [0] = "this", [1] = "is", [2] = "a", [3] = "test" - }; - - print cat_string_array(a); - print cat_string_array_n(a, 0, |a|-1); - print cat_string_array_n(a, 1, 2); - } diff --git a/testing/btest/bifs/check_subnet.zeek b/testing/btest/bifs/check_subnet.zeek index d476be1bc8..5dfe2c1f72 100644 --- a/testing/btest/bifs/check_subnet.zeek +++ b/testing/btest/bifs/check_subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testt: set[subnet] = { diff --git a/testing/btest/bifs/checkpoint_state.zeek b/testing/btest/bifs/checkpoint_state.zeek deleted file mode 100644 index e9eeeccb75..0000000000 --- a/testing/btest/bifs/checkpoint_state.zeek +++ /dev/null @@ -1,10 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT -# @TEST-EXEC: test -f .state/state.bst - -event zeek_init() - { - local a = checkpoint_state(); - if ( a != T ) - exit(1); - } diff --git a/testing/btest/bifs/clear_table.zeek b/testing/btest/bifs/clear_table.zeek index a6c2e67341..08c91e9908 100644 --- a/testing/btest/bifs/clear_table.zeek +++ b/testing/btest/bifs/clear_table.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/convert_for_pattern.zeek b/testing/btest/bifs/convert_for_pattern.zeek index 1828284f37..0962abfe31 100644 --- a/testing/btest/bifs/convert_for_pattern.zeek +++ b/testing/btest/bifs/convert_for_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/count_to_addr.zeek b/testing/btest/bifs/count_to_addr.zeek index 4abbaf8d1e..8229f9a4a9 100644 --- a/testing/btest/bifs/count_to_addr.zeek +++ b/testing/btest/bifs/count_to_addr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/create_file.zeek b/testing/btest/bifs/create_file.zeek index db7d38d087..0336f9ab33 100644 --- a/testing/btest/bifs/create_file.zeek +++ b/testing/btest/bifs/create_file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff testfile # @TEST-EXEC: btest-diff testfile2 diff --git a/testing/btest/bifs/current_analyzer.zeek b/testing/btest/bifs/current_analyzer.zeek index 8678907320..14acc0d55c 100644 --- a/testing/btest/bifs/current_analyzer.zeek +++ b/testing/btest/bifs/current_analyzer.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/current_time.zeek b/testing/btest/bifs/current_time.zeek index 4d2712ae98..c29ae969f8 100644 --- a/testing/btest/bifs/current_time.zeek +++ b/testing/btest/bifs/current_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/decode_base64.zeek b/testing/btest/bifs/decode_base64.zeek index 2d552a2523..f88203a89a 100644 --- a/testing/btest/bifs/decode_base64.zeek +++ b/testing/btest/bifs/decode_base64.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out global default_alphabet: string = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; @@ -9,14 +9,8 @@ print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); diff --git a/testing/btest/bifs/decode_base64_conn.zeek b/testing/btest/bifs/decode_base64_conn.zeek index e515ed68ac..57d9af69c9 100644 --- a/testing/btest/bifs/decode_base64_conn.zeek +++ b/testing/btest/bifs/decode_base64_conn.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT >out # @TEST-EXEC: btest-diff weird.log event connection_established(c: connection) diff --git a/testing/btest/bifs/directory_operations.zeek b/testing/btest/bifs/directory_operations.zeek index 0a5a8b0413..e5282eb47b 100644 --- a/testing/btest/bifs/directory_operations.zeek +++ b/testing/btest/bifs/directory_operations.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/dump_current_packet.zeek b/testing/btest/bifs/dump_current_packet.zeek index e61c9585cd..ce177a1daf 100644 --- a/testing/btest/bifs/dump_current_packet.zeek +++ b/testing/btest/bifs/dump_current_packet.zeek @@ -1,12 +1,12 @@ # @TEST-REQUIRES: which hexdump -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: hexdump -C 1.pcap >1.hex # @TEST-EXEC: hexdump -C 2.pcap >2.hex # @TEST-EXEC: btest-diff 1.hex # @TEST-EXEC: btest-diff 2.hex # Note that the hex output will contain global pcap header information, -# including Bro's snaplen setting (so maybe check that out in the case +# including Zeek's snaplen setting (so maybe check that out in the case # you are reading this message due to this test failing in the future). global i: count = 0; diff --git a/testing/btest/bifs/edit.zeek b/testing/btest/bifs/edit.zeek index ba6ebdef38..c33289f0e5 100644 --- a/testing/btest/bifs/edit.zeek +++ b/testing/btest/bifs/edit.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/enable_raw_output.test b/testing/btest/bifs/enable_raw_output.test index 14bd2110ee..c46b6e317f 100644 --- a/testing/btest/bifs/enable_raw_output.test +++ b/testing/btest/bifs/enable_raw_output.test @@ -1,7 +1,7 @@ # Files which enable raw output via the BiF shouldn't interpret NUL characters # in strings that are `print`ed to it. -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: tr '\000' 'X' output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cmp myfile hookfile diff --git a/testing/btest/bifs/encode_base64.zeek b/testing/btest/bifs/encode_base64.zeek index bbad715ecc..351a8e3b0c 100644 --- a/testing/btest/bifs/encode_base64.zeek +++ b/testing/btest/bifs/encode_base64.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out global default_alphabet: string = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; @@ -10,10 +10,6 @@ print encode_base64("bro", default_alphabet); print encode_base64("bro", ""); # should use default alpabet print encode_base64("bro", my_alphabet); -print encode_base64_custom("bro", default_alphabet); -print encode_base64_custom("bro", ""); # should use default alpabet -print encode_base64_custom("bro", my_alphabet); - print encode_base64("padding"); print encode_base64("padding1"); print encode_base64("padding12"); diff --git a/testing/btest/bifs/entropy_test.zeek b/testing/btest/bifs/entropy_test.zeek index 11effd1159..fe1d80cc21 100644 --- a/testing/btest/bifs/entropy_test.zeek +++ b/testing/btest/bifs/entropy_test.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/enum_to_int.zeek b/testing/btest/bifs/enum_to_int.zeek index b48c925c8f..17fd1ff8a9 100644 --- a/testing/btest/bifs/enum_to_int.zeek +++ b/testing/btest/bifs/enum_to_int.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out export { diff --git a/testing/btest/bifs/escape_string.zeek b/testing/btest/bifs/escape_string.zeek index 4ae79a869a..93c593d833 100644 --- a/testing/btest/bifs/escape_string.zeek +++ b/testing/btest/bifs/escape_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/exit.zeek b/testing/btest/bifs/exit.zeek index 03ea13efd3..e9a27f6379 100644 --- a/testing/btest/bifs/exit.zeek +++ b/testing/btest/bifs/exit.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out || test $? -eq 7 +# @TEST-EXEC: zeek -b %INPUT >out || test $? -eq 7 # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/file_mode.zeek b/testing/btest/bifs/file_mode.zeek index de43439080..8fe39b6404 100644 --- a/testing/btest/bifs/file_mode.zeek +++ b/testing/btest/bifs/file_mode.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/filter_subnet_table.zeek b/testing/btest/bifs/filter_subnet_table.zeek index 79829bc252..b11cbf0a8f 100644 --- a/testing/btest/bifs/filter_subnet_table.zeek +++ b/testing/btest/bifs/filter_subnet_table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testa: set[subnet] = { diff --git a/testing/btest/bifs/find_all.zeek b/testing/btest/bifs/find_all.zeek index cb7e7b35d0..c51086ade0 100644 --- a/testing/btest/bifs/find_all.zeek +++ b/testing/btest/bifs/find_all.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/find_entropy.zeek b/testing/btest/bifs/find_entropy.zeek index 771a6221f7..d8be9c08a6 100644 --- a/testing/btest/bifs/find_entropy.zeek +++ b/testing/btest/bifs/find_entropy.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/find_last.zeek b/testing/btest/bifs/find_last.zeek index 0eab201464..1f986cc6cd 100644 --- a/testing/btest/bifs/find_last.zeek +++ b/testing/btest/bifs/find_last.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/fmt.zeek b/testing/btest/bifs/fmt.zeek index 979dbafe67..3f3b58073d 100644 --- a/testing/btest/bifs/fmt.zeek +++ b/testing/btest/bifs/fmt.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type color: enum { Red, Blue }; diff --git a/testing/btest/bifs/fmt_ftp_port.zeek b/testing/btest/bifs/fmt_ftp_port.zeek index b265c0ad67..956b223cf0 100644 --- a/testing/btest/bifs/fmt_ftp_port.zeek +++ b/testing/btest/bifs/fmt_ftp_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/get_current_packet_header.zeek b/testing/btest/bifs/get_current_packet_header.zeek index 24144545ef..8efa727e11 100644 --- a/testing/btest/bifs/get_current_packet_header.zeek +++ b/testing/btest/bifs/get_current_packet_header.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output # @TEST-EXEC: btest-diff output event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) diff --git a/testing/btest/bifs/get_matcher_stats.zeek b/testing/btest/bifs/get_matcher_stats.zeek index 76d019caca..5126f614dd 100644 --- a/testing/btest/bifs/get_matcher_stats.zeek +++ b/testing/btest/bifs/get_matcher_stats.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -s mysig %INPUT +# @TEST-EXEC: zeek -b -s mysig %INPUT @TEST-START-FILE mysig.sig signature my_ftp_client { diff --git a/testing/btest/bifs/get_port_transport_proto.zeek b/testing/btest/bifs/get_port_transport_proto.zeek index 18dfdd4974..8ebbc3adaa 100644 --- a/testing/btest/bifs/get_port_transport_proto.zeek +++ b/testing/btest/bifs/get_port_transport_proto.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/gethostname.zeek b/testing/btest/bifs/gethostname.zeek index b30407190d..dd94b446c6 100644 --- a/testing/btest/bifs/gethostname.zeek +++ b/testing/btest/bifs/gethostname.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/getpid.zeek b/testing/btest/bifs/getpid.zeek index a7348d4743..a1fbcde8bf 100644 --- a/testing/btest/bifs/getpid.zeek +++ b/testing/btest/bifs/getpid.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/getsetenv.zeek b/testing/btest/bifs/getsetenv.zeek index 24fecb7800..63f973e36d 100644 --- a/testing/btest/bifs/getsetenv.zeek +++ b/testing/btest/bifs/getsetenv.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: TESTBRO=testvalue bro -b %INPUT >out +# @TEST-EXEC: TESTBRO=testvalue zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/global_ids.zeek b/testing/btest/bifs/global_ids.zeek index 8875065b3b..b3cf1d3645 100644 --- a/testing/btest/bifs/global_ids.zeek +++ b/testing/btest/bifs/global_ids.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/global_sizes.zeek b/testing/btest/bifs/global_sizes.zeek index 5705ae5e95..373cf74425 100644 --- a/testing/btest/bifs/global_sizes.zeek +++ b/testing/btest/bifs/global_sizes.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/haversine_distance.zeek b/testing/btest/bifs/haversine_distance.zeek index 0d2e7891c0..b1429b13c1 100644 --- a/testing/btest/bifs/haversine_distance.zeek +++ b/testing/btest/bifs/haversine_distance.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test(la1: double, lo1: double, la2: double, lo2: double) diff --git a/testing/btest/bifs/hexdump.zeek b/testing/btest/bifs/hexdump.zeek index 10e1855a19..eae0f58409 100644 --- a/testing/btest/bifs/hexdump.zeek +++ b/testing/btest/bifs/hexdump.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/hexstr_to_bytestring.zeek b/testing/btest/bifs/hexstr_to_bytestring.zeek index 0d41ca00a1..41ca6a4823 100644 --- a/testing/btest/bifs/hexstr_to_bytestring.zeek +++ b/testing/btest/bifs/hexstr_to_bytestring.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/hll_cardinality.zeek b/testing/btest/bifs/hll_cardinality.zeek index 6bb9c83708..5a919a9f2f 100644 --- a/testing/btest/bifs/hll_cardinality.zeek +++ b/testing/btest/bifs/hll_cardinality.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro %INPUT>out +# @TEST-EXEC: zeek %INPUT>out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/hll_large_estimate.zeek b/testing/btest/bifs/hll_large_estimate.zeek index 520b9633e3..9238e13b36 100644 --- a/testing/btest/bifs/hll_large_estimate.zeek +++ b/testing/btest/bifs/hll_large_estimate.zeek @@ -1,8 +1,8 @@ # # Test the quality of HLL once by checking adding a large number of IP entries. # -# @TEST-EXEC: bro -b %INPUT > out -# @TEST-EXEC: BRO_SEED_FILE="" bro -b %INPUT > out2 +# @TEST-EXEC: zeek -b %INPUT > out +# @TEST-EXEC: BRO_SEED_FILE="" zeek -b %INPUT > out2 # @TEST-EXEC: head -n1 out2 >> out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/bifs/identify_data.zeek b/testing/btest/bifs/identify_data.zeek index 283c50fc86..8ea6e267a1 100644 --- a/testing/btest/bifs/identify_data.zeek +++ b/testing/btest/bifs/identify_data.zeek @@ -1,5 +1,5 @@ # Text encodings may vary with libmagic version so don't test that part. -# @TEST-EXEC: bro -b %INPUT | sed 's/; charset=.*//g' >out +# @TEST-EXEC: zeek -b %INPUT | sed 's/; charset=.*//g' >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/install_src_addr_filter.test b/testing/btest/bifs/install_src_addr_filter.test index 0ee0c85c43..95d1f51d54 100644 --- a/testing/btest/bifs/install_src_addr_filter.test +++ b/testing/btest/bifs/install_src_addr_filter.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/bifs/is_ascii.zeek b/testing/btest/bifs/is_ascii.zeek index 7930dafa58..505e21e715 100644 --- a/testing/btest/bifs/is_ascii.zeek +++ b/testing/btest/bifs/is_ascii.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/is_local_interface.zeek b/testing/btest/bifs/is_local_interface.zeek index 8667babb85..f1ee1e9990 100644 --- a/testing/btest/bifs/is_local_interface.zeek +++ b/testing/btest/bifs/is_local_interface.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/is_port.zeek b/testing/btest/bifs/is_port.zeek index 709c142070..28f63f63b6 100644 --- a/testing/btest/bifs/is_port.zeek +++ b/testing/btest/bifs/is_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/join_string.zeek b/testing/btest/bifs/join_string.zeek index 1ea1afa5c2..9cac2faa0d 100644 --- a/testing/btest/bifs/join_string.zeek +++ b/testing/btest/bifs/join_string.zeek @@ -1,11 +1,11 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" + local a: string_array = { + [1] = "this", [2] = "is", [3] = "a", [4] = "test" }; local b: string_array = { [1] = "mytest" }; local c: string_vec = vector( "this", "is", "another", "test" ); @@ -14,10 +14,6 @@ event zeek_init() e[3] = "hi"; e[5] = "there"; - print join_string_array(" * ", a); - print join_string_array("", a); - print join_string_array("x", b); - print join_string_vec(c, "__"); print join_string_vec(c, ""); print join_string_vec(d, "-"); diff --git a/testing/btest/bifs/levenshtein_distance.zeek b/testing/btest/bifs/levenshtein_distance.zeek index b877a68a22..14aaa78264 100644 --- a/testing/btest/bifs/levenshtein_distance.zeek +++ b/testing/btest/bifs/levenshtein_distance.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/lookup_ID.zeek b/testing/btest/bifs/lookup_ID.zeek index 1d11d1a8cb..534e678729 100644 --- a/testing/btest/bifs/lookup_ID.zeek +++ b/testing/btest/bifs/lookup_ID.zeek @@ -1,8 +1,8 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out -global a = "bro test"; +global a = "zeek test"; event zeek_init() { diff --git a/testing/btest/bifs/lowerupper.zeek b/testing/btest/bifs/lowerupper.zeek index 2cb04bfdaa..dfda21d39e 100644 --- a/testing/btest/bifs/lowerupper.zeek +++ b/testing/btest/bifs/lowerupper.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/lstrip.zeek b/testing/btest/bifs/lstrip.zeek index 850ec90d3f..6674b2a49c 100644 --- a/testing/btest/bifs/lstrip.zeek +++ b/testing/btest/bifs/lstrip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/mask_addr.zeek b/testing/btest/bifs/mask_addr.zeek index e69a55f590..36ac6d91dd 100644 --- a/testing/btest/bifs/mask_addr.zeek +++ b/testing/btest/bifs/mask_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; diff --git a/testing/btest/bifs/matching_subnets.zeek b/testing/btest/bifs/matching_subnets.zeek index 3d38d32182..c51915ec0d 100644 --- a/testing/btest/bifs/matching_subnets.zeek +++ b/testing/btest/bifs/matching_subnets.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testt: set[subnet] = { diff --git a/testing/btest/bifs/math.zeek b/testing/btest/bifs/math.zeek index 288838ffc1..353704f0f9 100644 --- a/testing/btest/bifs/math.zeek +++ b/testing/btest/bifs/math.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/md5.test b/testing/btest/bifs/md5.test index b022302c59..1d00d3f173 100644 --- a/testing/btest/bifs/md5.test +++ b/testing/btest/bifs/md5.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print md5_hash("one"); diff --git a/testing/btest/bifs/merge_pattern.zeek b/testing/btest/bifs/merge_pattern.zeek deleted file mode 100644 index 2d99137b56..0000000000 --- a/testing/btest/bifs/merge_pattern.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = /foo/; - local b = /b[a-z]+/; - local c = merge_pattern(a, b); - - if ( "bar" == c ) - print "match"; - - if ( "foo" == c ) - print "match"; - - } diff --git a/testing/btest/bifs/net_stats_trace.test b/testing/btest/bifs/net_stats_trace.test index 1cc1ba5567..0b593c11e4 100644 --- a/testing/btest/bifs/net_stats_trace.test +++ b/testing/btest/bifs/net_stats_trace.test @@ -1,5 +1,5 @@ # Checks that accurate stats are returned when reading from a trace file. -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace >output %INPUT +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace >output %INPUT # @TEST-EXEC: btest-diff output event zeek_done() diff --git a/testing/btest/bifs/netbios-functions.zeek b/testing/btest/bifs/netbios-functions.zeek index 8e65f1d5ec..c3e951ffa8 100644 --- a/testing/btest/bifs/netbios-functions.zeek +++ b/testing/btest/bifs/netbios-functions.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/order.zeek b/testing/btest/bifs/order.zeek index 34c8e8c101..b989bb6095 100644 --- a/testing/btest/bifs/order.zeek +++ b/testing/btest/bifs/order.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function myfunc1(a: addr, b: addr): int diff --git a/testing/btest/bifs/parse_ftp.zeek b/testing/btest/bifs/parse_ftp.zeek index 1e982def27..47b53284e6 100644 --- a/testing/btest/bifs/parse_ftp.zeek +++ b/testing/btest/bifs/parse_ftp.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/piped_exec.zeek b/testing/btest/bifs/piped_exec.zeek index 70f8d70523..469803735e 100644 --- a/testing/btest/bifs/piped_exec.zeek +++ b/testing/btest/bifs/piped_exec.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff test.txt global cmds = "print \"hello world\";"; cmds = string_cat(cmds, "\nprint \"foobar\";"); -if ( piped_exec("bro", cmds) != T ) +if ( piped_exec("zeek", cmds) != T ) exit(1); # Test null output. diff --git a/testing/btest/bifs/ptr_name_to_addr.zeek b/testing/btest/bifs/ptr_name_to_addr.zeek index d1a7878e3d..7779ec7772 100644 --- a/testing/btest/bifs/ptr_name_to_addr.zeek +++ b/testing/btest/bifs/ptr_name_to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global v6 = ptr_name_to_addr("2.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.2.0.8.0.9.0.0.4.0.b.8.f.7.0.6.2.ip6.arpa"); diff --git a/testing/btest/bifs/rand.zeek b/testing/btest/bifs/rand.zeek index 591f0bf035..b4b0facabc 100644 --- a/testing/btest/bifs/rand.zeek +++ b/testing/btest/bifs/rand.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2 +# @TEST-EXEC: zeek -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT do_seed=F >out.2 # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out.2 diff --git a/testing/btest/bifs/raw_bytes_to_v4_addr.zeek b/testing/btest/bifs/raw_bytes_to_v4_addr.zeek index 9ac266a0bd..1229ac6135 100644 --- a/testing/btest/bifs/raw_bytes_to_v4_addr.zeek +++ b/testing/btest/bifs/raw_bytes_to_v4_addr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/reading_traces.zeek b/testing/btest/bifs/reading_traces.zeek index e6fa21999e..11d1e2a3f7 100644 --- a/testing/btest/bifs/reading_traces.zeek +++ b/testing/btest/bifs/reading_traces.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b %INPUT >out1 +# @TEST-EXEC: zeek -b %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: bro -r $TRACES/web.trace %INPUT >out2 +# @TEST-EXEC: zeek -r $TRACES/web.trace %INPUT >out2 # @TEST-EXEC: btest-diff out2 event zeek_init() diff --git a/testing/btest/bifs/record_type_to_vector.zeek b/testing/btest/bifs/record_type_to_vector.zeek index e5e79a4f49..3b45af835b 100644 --- a/testing/btest/bifs/record_type_to_vector.zeek +++ b/testing/btest/bifs/record_type_to_vector.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type myrecord: record { diff --git a/testing/btest/bifs/records_fields.zeek b/testing/btest/bifs/records_fields.zeek index a130a63267..632bcb2fcf 100644 --- a/testing/btest/bifs/records_fields.zeek +++ b/testing/btest/bifs/records_fields.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type myrec: record { diff --git a/testing/btest/bifs/remask_addr.zeek b/testing/btest/bifs/remask_addr.zeek index 7b7e89c018..1014b22550 100644 --- a/testing/btest/bifs/remask_addr.zeek +++ b/testing/btest/bifs/remask_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; diff --git a/testing/btest/bifs/resize.zeek b/testing/btest/bifs/resize.zeek index 97c3b8c20b..483564ef1f 100644 --- a/testing/btest/bifs/resize.zeek +++ b/testing/btest/bifs/resize.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/reverse.zeek b/testing/btest/bifs/reverse.zeek index b6831ef3a7..9a87704cc0 100644 --- a/testing/btest/bifs/reverse.zeek +++ b/testing/btest/bifs/reverse.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/rotate_file.zeek b/testing/btest/bifs/rotate_file.zeek index a7c3bf3971..028b374653 100644 --- a/testing/btest/bifs/rotate_file.zeek +++ b/testing/btest/bifs/rotate_file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/rotate_file_by_name.zeek b/testing/btest/bifs/rotate_file_by_name.zeek index b02d4011be..985084e6ed 100644 --- a/testing/btest/bifs/rotate_file_by_name.zeek +++ b/testing/btest/bifs/rotate_file_by_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/routing0_data_to_addrs.test b/testing/btest/bifs/routing0_data_to_addrs.test index a20bb3bf59..1c81eb0cd1 100644 --- a/testing/btest/bifs/routing0_data_to_addrs.test +++ b/testing/btest/bifs/routing0_data_to_addrs.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output # @TEST-EXEC: btest-diff output event ipv6_ext_headers(c: connection, p: pkt_hdr) diff --git a/testing/btest/bifs/rstrip.zeek b/testing/btest/bifs/rstrip.zeek index f99ebd5f8d..2f19af4207 100644 --- a/testing/btest/bifs/rstrip.zeek +++ b/testing/btest/bifs/rstrip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/safe_shell_quote.zeek b/testing/btest/bifs/safe_shell_quote.zeek index 9f43fe4089..46940a0976 100644 --- a/testing/btest/bifs/safe_shell_quote.zeek +++ b/testing/btest/bifs/safe_shell_quote.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/same_object.zeek b/testing/btest/bifs/same_object.zeek index 8e38912f58..0afc362f04 100644 --- a/testing/btest/bifs/same_object.zeek +++ b/testing/btest/bifs/same_object.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/sha1.test b/testing/btest/bifs/sha1.test index 7bbd8b002e..1e9396b602 100644 --- a/testing/btest/bifs/sha1.test +++ b/testing/btest/bifs/sha1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print sha1_hash("one"); diff --git a/testing/btest/bifs/sha256.test b/testing/btest/bifs/sha256.test index a1c17f7113..83c937029a 100644 --- a/testing/btest/bifs/sha256.test +++ b/testing/btest/bifs/sha256.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print sha256_hash("one"); diff --git a/testing/btest/bifs/sort.zeek b/testing/btest/bifs/sort.zeek index 2f3789c8a9..8bfd1c5f5d 100644 --- a/testing/btest/bifs/sort.zeek +++ b/testing/btest/bifs/sort.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function myfunc1(a: addr, b: addr): int diff --git a/testing/btest/bifs/sort_string_array.zeek b/testing/btest/bifs/sort_string_array.zeek deleted file mode 100644 index 3d3949d89b..0000000000 --- a/testing/btest/bifs/sort_string_array.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" - }; - - local b = sort_string_array(a); - - print b[1]; - print b[2]; - print b[3]; - print b[4]; - } diff --git a/testing/btest/bifs/split.zeek b/testing/btest/bifs/split.zeek deleted file mode 100644 index 2485c3af1f..0000000000 --- a/testing/btest/bifs/split.zeek +++ /dev/null @@ -1,58 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = "this is a test"; - local pat = /hi|es/; - local idx = vector( 3, 6, 13); - - local b = split(a, pat); - local c = split1(a, pat); - local d = split_all(a, pat); - local e1 = split_n(a, pat, F, 1); - local e2 = split_n(a, pat, T, 1); - - print b[1]; - print b[2]; - print b[3]; - print "---------------------"; - print c[1]; - print c[2]; - print "---------------------"; - print d[1]; - print d[2]; - print d[3]; - print d[4]; - print d[5]; - print "---------------------"; - print e1[1]; - print e1[2]; - print "---------------------"; - print e2[1]; - print e2[2]; - print e2[3]; - print "---------------------"; - print str_split(a, idx); - print "---------------------"; - - a = "X-Mailer: Testing Test (http://www.example.com)"; - pat = /:[[:blank:]]*/; - local f = split1(a, pat); - - print f[1]; - print f[2]; - print "---------------------"; - - a = "A = B = C = D"; - pat = /=/; - local g = split_all(a, pat); - print g[1]; - print g[2]; - print g[3]; - print g[4]; - print g[5]; - print g[6]; - print g[7]; - } diff --git a/testing/btest/bifs/split_string.zeek b/testing/btest/bifs/split_string.zeek index 2f67921a04..9692f32da5 100644 --- a/testing/btest/bifs/split_string.zeek +++ b/testing/btest/bifs/split_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function print_string_vector(v: string_vec) diff --git a/testing/btest/bifs/str_shell_escape.zeek b/testing/btest/bifs/str_shell_escape.zeek index 9079ef3953..f3f08b0072 100644 --- a/testing/btest/bifs/str_shell_escape.zeek +++ b/testing/btest/bifs/str_shell_escape.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strcmp.zeek b/testing/btest/bifs/strcmp.zeek index 6893656e69..93528ed8f1 100644 --- a/testing/btest/bifs/strcmp.zeek +++ b/testing/btest/bifs/strcmp.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strftime.zeek b/testing/btest/bifs/strftime.zeek index 8a9f42d8b3..5a68892a22 100644 --- a/testing/btest/bifs/strftime.zeek +++ b/testing/btest/bifs/strftime.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/string_fill.zeek b/testing/btest/bifs/string_fill.zeek index 81a447ed47..9398588b2a 100644 --- a/testing/btest/bifs/string_fill.zeek +++ b/testing/btest/bifs/string_fill.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/string_to_pattern.zeek b/testing/btest/bifs/string_to_pattern.zeek index 089cc3c557..d7e36f7fa8 100644 --- a/testing/btest/bifs/string_to_pattern.zeek +++ b/testing/btest/bifs/string_to_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strip.zeek b/testing/btest/bifs/strip.zeek index ae80811a30..caed076f2c 100644 --- a/testing/btest/bifs/strip.zeek +++ b/testing/btest/bifs/strip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strptime.zeek b/testing/btest/bifs/strptime.zeek index c8f57b1dfc..3923ced4c0 100644 --- a/testing/btest/bifs/strptime.zeek +++ b/testing/btest/bifs/strptime.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strstr.zeek b/testing/btest/bifs/strstr.zeek index 75a362375a..23f8c871ed 100644 --- a/testing/btest/bifs/strstr.zeek +++ b/testing/btest/bifs/strstr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/sub.zeek b/testing/btest/bifs/sub.zeek index f83113ad19..1ad4e60137 100644 --- a/testing/btest/bifs/sub.zeek +++ b/testing/btest/bifs/sub.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/subnet_to_addr.zeek b/testing/btest/bifs/subnet_to_addr.zeek index 02bb6254e0..45cac551d2 100644 --- a/testing/btest/bifs/subnet_to_addr.zeek +++ b/testing/btest/bifs/subnet_to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/subnet_version.zeek b/testing/btest/bifs/subnet_version.zeek index 1efd633f68..a01bc77dd3 100644 --- a/testing/btest/bifs/subnet_version.zeek +++ b/testing/btest/bifs/subnet_version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print is_v4_subnet(1.2.3.4/16); diff --git a/testing/btest/bifs/subst_string.zeek b/testing/btest/bifs/subst_string.zeek index 186ca7f921..7ceb8040a2 100644 --- a/testing/btest/bifs/subst_string.zeek +++ b/testing/btest/bifs/subst_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/system.zeek b/testing/btest/bifs/system.zeek index e488601ee5..7dab420ed0 100644 --- a/testing/btest/bifs/system.zeek +++ b/testing/btest/bifs/system.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/system_env.zeek b/testing/btest/bifs/system_env.zeek index beece2e2c6..7332990fa2 100644 --- a/testing/btest/bifs/system_env.zeek +++ b/testing/btest/bifs/system_env.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testfile event zeek_init() diff --git a/testing/btest/bifs/to_addr.zeek b/testing/btest/bifs/to_addr.zeek index 3a43438bb7..bbef484f72 100644 --- a/testing/btest/bifs/to_addr.zeek +++ b/testing/btest/bifs/to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/to_count.zeek b/testing/btest/bifs/to_count.zeek index dc87fe94b9..7489ca8b79 100644 --- a/testing/btest/bifs/to_count.zeek +++ b/testing/btest/bifs/to_count.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_double.zeek b/testing/btest/bifs/to_double.zeek index b2d2d65f4d..d62d30d5af 100644 --- a/testing/btest/bifs/to_double.zeek +++ b/testing/btest/bifs/to_double.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_double_from_string.zeek b/testing/btest/bifs/to_double_from_string.zeek index 781261084f..106a987eb4 100644 --- a/testing/btest/bifs/to_double_from_string.zeek +++ b/testing/btest/bifs/to_double_from_string.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff error diff --git a/testing/btest/bifs/to_int.zeek b/testing/btest/bifs/to_int.zeek index fe7d530835..23e74030ba 100644 --- a/testing/btest/bifs/to_int.zeek +++ b/testing/btest/bifs/to_int.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_interval.zeek b/testing/btest/bifs/to_interval.zeek index b877cedacc..a9bab7b675 100644 --- a/testing/btest/bifs/to_interval.zeek +++ b/testing/btest/bifs/to_interval.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_port.zeek b/testing/btest/bifs/to_port.zeek index 9c53de7297..b1e220f982 100644 --- a/testing/btest/bifs/to_port.zeek +++ b/testing/btest/bifs/to_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_subnet.zeek b/testing/btest/bifs/to_subnet.zeek index 59064893e1..ebce392c98 100644 --- a/testing/btest/bifs/to_subnet.zeek +++ b/testing/btest/bifs/to_subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/to_time.zeek b/testing/btest/bifs/to_time.zeek index b286d92ea4..f2e9032176 100644 --- a/testing/btest/bifs/to_time.zeek +++ b/testing/btest/bifs/to_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/topk.zeek b/testing/btest/bifs/topk.zeek index 06246da4ac..667107cbc0 100644 --- a/testing/btest/bifs/topk.zeek +++ b/testing/btest/bifs/topk.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/type_name.zeek b/testing/btest/bifs/type_name.zeek index 6f9f9c6f32..e78f52af3c 100644 --- a/testing/btest/bifs/type_name.zeek +++ b/testing/btest/bifs/type_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type color: enum { Red, Blue }; diff --git a/testing/btest/bifs/unique_id-pools.zeek b/testing/btest/bifs/unique_id-pools.zeek index ba31485dc3..7e615d6625 100644 --- a/testing/btest/bifs/unique_id-pools.zeek +++ b/testing/btest/bifs/unique_id-pools.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro order_rand | sort >out.1 -# @TEST-EXEC: bro order_base | sort >out.2 +# @TEST-EXEC: zeek order_rand | sort >out.1 +# @TEST-EXEC: zeek order_base | sort >out.2 # @TEST-EXEC: cmp out.1 out.2 @TEST-START-FILE order_rand.zeek diff --git a/testing/btest/bifs/unique_id-rnd.zeek b/testing/btest/bifs/unique_id-rnd.zeek index 02be9fcb92..6a694ae588 100644 --- a/testing/btest/bifs/unique_id-rnd.zeek +++ b/testing/btest/bifs/unique_id-rnd.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: BRO_SEED_FILE= bro -b %INPUT >out -# @TEST-EXEC: BRO_SEED_FILE= bro -b %INPUT >>out +# @TEST-EXEC: BRO_SEED_FILE= zeek -b %INPUT >out +# @TEST-EXEC: BRO_SEED_FILE= zeek -b %INPUT >>out # @TEST-EXEC: cat out | sort | uniq | wc -l | sed 's/ //g' >count # @TEST-EXEC: btest-diff count diff --git a/testing/btest/bifs/unique_id.zeek b/testing/btest/bifs/unique_id.zeek index d87c757f3f..db640a6081 100644 --- a/testing/btest/bifs/unique_id.zeek +++ b/testing/btest/bifs/unique_id.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print unique_id("A-"); diff --git a/testing/btest/bifs/uuid_to_string.zeek b/testing/btest/bifs/uuid_to_string.zeek index 2df9d2f0f0..21c29eb3e6 100644 --- a/testing/btest/bifs/uuid_to_string.zeek +++ b/testing/btest/bifs/uuid_to_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/val_size.zeek b/testing/btest/bifs/val_size.zeek index 8757bde285..b375c94551 100644 --- a/testing/btest/bifs/val_size.zeek +++ b/testing/btest/bifs/val_size.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/x509_verify.zeek b/testing/btest/bifs/x509_verify.zeek index 2afc735172..2786ee04b4 100644 --- a/testing/btest/bifs/x509_verify.zeek +++ b/testing/btest/bifs/x509_verify.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT # This is a hack: the results of OpenSSL 1.1's vs 1.0's # X509_verify_cert() -> X509_STORE_CTX_get1_chain() calls diff --git a/testing/btest/broker/connect-on-retry.zeek b/testing/btest/broker/connect-on-retry.zeek index ac5caffb69..55e98cb27d 100644 --- a/testing/btest/broker/connect-on-retry.zeek +++ b/testing/btest/broker/connect-on-retry.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/disconnect.zeek b/testing/btest/broker/disconnect.zeek index 7b4d2f7540..c5ad155193 100644 --- a/testing/btest/broker/disconnect.zeek +++ b/testing/btest/broker/disconnect.zeek @@ -1,11 +1,11 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 45 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run recv2 "bro -B broker -b ../recv.zeek >recv2.out" +# @TEST-EXEC: btest-bg-run recv2 "zeek -B broker -b ../recv.zeek >recv2.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff send/send.out diff --git a/testing/btest/broker/error.zeek b/testing/btest/broker/error.zeek index e6b902e6bb..dec46bbbe3 100644 --- a/testing/btest/broker/error.zeek +++ b/testing/btest/broker/error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -B main-loop,broker -b send.zeek >send.out +# @TEST-EXEC: zeek -B main-loop,broker -b send.zeek >send.out # @TEST-EXEC: btest-diff send.out # diff --git a/testing/btest/broker/remote_event.zeek b/testing/btest/broker/remote_event.zeek index b160506f8f..0fec6e4628 100644 --- a/testing/btest/broker/remote_event.zeek +++ b/testing/btest/broker/remote_event.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_any.zeek b/testing/btest/broker/remote_event_any.zeek index b4df830195..d45dcfdee2 100644 --- a/testing/btest/broker/remote_event_any.zeek +++ b/testing/btest/broker/remote_event_any.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_auto.zeek b/testing/btest/broker/remote_event_auto.zeek index dde153d2ad..77d98c389a 100644 --- a/testing/btest/broker/remote_event_auto.zeek +++ b/testing/btest/broker/remote_event_auto.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_ssl_auth.zeek b/testing/btest/broker/remote_event_ssl_auth.zeek index 3e80a98b1e..e5fdfa8fbb 100644 --- a/testing/btest/broker/remote_event_ssl_auth.zeek +++ b/testing/btest/broker/remote_event_ssl_auth.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_vector_any.zeek b/testing/btest/broker/remote_event_vector_any.zeek index 93f667791d..4736600429 100644 --- a/testing/btest/broker/remote_event_vector_any.zeek +++ b/testing/btest/broker/remote_event_vector_any.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_id.zeek b/testing/btest/broker/remote_id.zeek index a41675e5e8..faa0980414 100644 --- a/testing/btest/broker/remote_id.zeek +++ b/testing/btest/broker/remote_id.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek test_var=newval >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek test_var=newval >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log.zeek b/testing/btest/broker/remote_log.zeek index 2ab5d71343..fa80475f6f 100644 --- a/testing/btest/broker/remote_log.zeek +++ b/testing/btest/broker/remote_log.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log_late_join.zeek b/testing/btest/broker/remote_log_late_join.zeek index c199c19dcf..86b9a54935 100644 --- a/testing/btest/broker/remote_log_late_join.zeek +++ b/testing/btest/broker/remote_log_late_join.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log_types.zeek b/testing/btest/broker/remote_log_types.zeek index 153c1c27b3..beff5e997d 100644 --- a/testing/btest/broker/remote_log_types.zeek +++ b/testing/btest/broker/remote_log_types.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/ssl_auth_failure.zeek b/testing/btest/broker/ssl_auth_failure.zeek index 737a8deccc..45c091c1fb 100644 --- a/testing/btest/broker/ssl_auth_failure.zeek +++ b/testing/btest/broker/ssl_auth_failure.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/store/clone.zeek b/testing/btest/broker/store/clone.zeek index 2d68380ba1..8730b017d2 100644 --- a/testing/btest/broker/store/clone.zeek +++ b/testing/btest/broker/store/clone.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run clone "bro -B broker -b ../clone-main.zeek >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -B broker -b ../master-main.zeek >master.out" +# @TEST-EXEC: btest-bg-run clone "zeek -B broker -b ../clone-main.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "zeek -B broker -b ../master-main.zeek >master.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff clone/clone.out diff --git a/testing/btest/broker/store/local.zeek b/testing/btest/broker/store/local.zeek index 1846d8c2c3..9ec3140c10 100644 --- a/testing/btest/broker/store/local.zeek +++ b/testing/btest/broker/store/local.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/ops.zeek b/testing/btest/broker/store/ops.zeek index 4e89f365bf..aed9ab5d9a 100644 --- a/testing/btest/broker/store/ops.zeek +++ b/testing/btest/broker/store/ops.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -B broker -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -B broker -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/record.zeek b/testing/btest/broker/store/record.zeek index 62ee4735ba..374fb7cab3 100644 --- a/testing/btest/broker/store/record.zeek +++ b/testing/btest/broker/store/record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/set.zeek b/testing/btest/broker/store/set.zeek index c2524cec6a..8e4b29b1da 100644 --- a/testing/btest/broker/store/set.zeek +++ b/testing/btest/broker/store/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/sqlite.zeek b/testing/btest/broker/store/sqlite.zeek index 8adde597f5..613f348550 100644 --- a/testing/btest/broker/store/sqlite.zeek +++ b/testing/btest/broker/store/sqlite.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT RUN=1 >out -# @TEST-EXEC: bro -b %INPUT RUN=2 >>out +# @TEST-EXEC: zeek -b %INPUT RUN=1 >out +# @TEST-EXEC: zeek -b %INPUT RUN=2 >>out # @TEST-EXEC: btest-diff out global RUN = 0 &redef; diff --git a/testing/btest/broker/store/table.zeek b/testing/btest/broker/store/table.zeek index 6fdf7615a6..acedef0318 100644 --- a/testing/btest/broker/store/table.zeek +++ b/testing/btest/broker/store/table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/type-conversion.zeek b/testing/btest/broker/store/type-conversion.zeek index fa9e16d587..733a10af73 100644 --- a/testing/btest/broker/store/type-conversion.zeek +++ b/testing/btest/broker/store/type-conversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out @@ -13,7 +13,7 @@ type R2: record { event zeek_init() { - ### Print every broker data type + ### Print every Broker data type print Broker::data_type(Broker::data(T)); print Broker::data_type(Broker::data(+1)); print Broker::data_type(Broker::data(1)); @@ -33,7 +33,7 @@ event zeek_init() print "***************************"; - ### Convert a Bro value to a broker value, then print the result + ### Convert a Zeek value to a Broker value, then print the result print (Broker::data(T) as bool); print (Broker::data(F) as bool); diff --git a/testing/btest/broker/store/vector.zeek b/testing/btest/broker/store/vector.zeek index 7c44640334..b896524ea8 100644 --- a/testing/btest/broker/store/vector.zeek +++ b/testing/btest/broker/store/vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/unpeer.zeek b/testing/btest/broker/unpeer.zeek index b03d53925e..dc4f589d4b 100644 --- a/testing/btest/broker/unpeer.zeek +++ b/testing/btest/broker/unpeer.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 5a570d9021..fc2f79ef14 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -6,13 +6,13 @@ IgnoreDirs = .svn CVS .tmp IgnoreFiles = *.tmp *.swp #* *.trace .DS_Store [environment] -BROPATH=`bash -c %(testbase)s/../../build/bro-path-dev` +BROPATH=`bash -c %(testbase)s/../../build/zeek-path-dev` BRO_SEED_FILE=%(testbase)s/random.seed BRO_PLUGIN_PATH= TZ=UTC LC_ALL=C BTEST_PATH=%(testbase)s/../../aux/btest -PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/bro-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin +PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/zeek-aux/zeek-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin TRACES=%(testbase)s/Traces FILES=%(testbase)s/Files SCRIPTS=%(testbase)s/../scripts diff --git a/testing/btest/core/bits_per_uid.zeek b/testing/btest/core/bits_per_uid.zeek index 6e997907de..d252eefe23 100644 --- a/testing/btest/core/bits_per_uid.zeek +++ b/testing/btest/core/bits_per_uid.zeek @@ -1,12 +1,12 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 # @TEST-EXEC: btest-diff 32 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 # @TEST-EXEC: btest-diff 64 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 # @TEST-EXEC: btest-diff 96 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 # @TEST-EXEC: btest-diff 128 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 # @TEST-EXEC: btest-diff 256 # @TEST-EXEC: cmp 128 256 diff --git a/testing/btest/core/check-unused-event-handlers.test b/testing/btest/core/check-unused-event-handlers.test index 3836414054..7d3a581d6c 100644 --- a/testing/btest/core/check-unused-event-handlers.test +++ b/testing/btest/core/check-unused-event-handlers.test @@ -1,5 +1,5 @@ # This test should print a warning that the event handler is never invoked. -# @TEST-EXEC: bro -b %INPUT check_for_unused_event_handlers=T +# @TEST-EXEC: zeek -b %INPUT check_for_unused_event_handlers=T # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderr event this_is_never_used() diff --git a/testing/btest/core/checksums.test b/testing/btest/core/checksums.test index 77fe2a62d3..6d5d286097 100644 --- a/testing/btest/core/checksums.test +++ b/testing/btest/core/checksums.test @@ -1,41 +1,41 @@ -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-bad-chksum.pcap # @TEST-EXEC: mv weird.log bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-good-chksum.pcap # @TEST-EXEC: mv weird.log good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out # @TEST-EXEC: btest-diff bad.out diff --git a/testing/btest/core/cisco-fabric-path.zeek b/testing/btest/core/cisco-fabric-path.zeek index ff7fa298e3..183c16f84d 100644 --- a/testing/btest/core/cisco-fabric-path.zeek +++ b/testing/btest/core/cisco-fabric-path.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/cisco-fabric-path.pcap +# @TEST-EXEC: zeek -C -r $TRACES/cisco-fabric-path.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/conn-size-threshold.zeek b/testing/btest/core/conn-size-threshold.zeek index ce83e5939d..d886846df5 100644 --- a/testing/btest/core/conn-size-threshold.zeek +++ b/testing/btest/core/conn-size-threshold.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_established(c: connection) diff --git a/testing/btest/core/conn-uid.zeek b/testing/btest/core/conn-uid.zeek index 52ff8fc4d3..40626e27c9 100644 --- a/testing/btest/core/conn-uid.zeek +++ b/testing/btest/core/conn-uid.zeek @@ -1,12 +1,12 @@ # # In "normal" test mode, connection uids should be determistic. # -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # # Without a seed, they should differ each time: # -# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT >output2 +# @TEST-EXEC: unset BRO_SEED_FILE && zeek -C -r $TRACES/wikipedia.trace %INPUT >output2 # @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts # @TEST-EXEC: btest-diff counts diff --git a/testing/btest/core/connection_flip_roles.zeek b/testing/btest/core/connection_flip_roles.zeek index e68d94c5fe..e5e52671eb 100644 --- a/testing/btest/core/connection_flip_roles.zeek +++ b/testing/btest/core/connection_flip_roles.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/handshake-reorder.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/handshake-reorder.trace %INPUT >out # @TEST-EXEC: btest-diff out # This tests the Connection::FlipRoles code path (SYN/SYN-ACK reversal). diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test index 88eb2b853f..eace575cca 100644 --- a/testing/btest/core/disable-mobile-ipv6.test +++ b/testing/btest/core/disable-mobile-ipv6.test @@ -1,5 +1,6 @@ -# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT +# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# +# @TEST-EXEC: zeek -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT # @TEST-EXEC: btest-diff weird.log event mobile_ipv6_message(p: pkt_hdr) diff --git a/testing/btest/core/discarder.zeek b/testing/btest/core/discarder.zeek index 454d5a0de1..21bae33541 100644 --- a/testing/btest/core/discarder.zeek +++ b/testing/btest/core/discarder.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-ip.zeek >output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-tcp.zeek >>output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-udp.zeek >>output -# @TEST-EXEC: bro -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-ip.zeek >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-tcp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-udp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.zeek >>output # @TEST-EXEC: btest-diff output @TEST-START-FILE discarder-ip.zeek diff --git a/testing/btest/core/div-by-zero.zeek b/testing/btest/core/div-by-zero.zeek index da06569c2f..d1c95db88c 100644 --- a/testing/btest/core/div-by-zero.zeek +++ b/testing/btest/core/div-by-zero.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event div_int(a: int, b: int) diff --git a/testing/btest/core/dns-init.zeek b/testing/btest/core/dns-init.zeek index 5a7efff6fb..0372bbf7b8 100644 --- a/testing/btest/core/dns-init.zeek +++ b/testing/btest/core/dns-init.zeek @@ -1,6 +1,6 @@ # We once had a bug where DNS lookups at init time lead to an immediate crash. # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output const foo: set[addr] = { diff --git a/testing/btest/core/embedded-null.zeek b/testing/btest/core/embedded-null.zeek index c85da21541..bae3767d8c 100644 --- a/testing/btest/core/embedded-null.zeek +++ b/testing/btest/core/embedded-null.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT 2>&1 +# @TEST-EXEC: zeek -b %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/core/enum-redef-exists.zeek b/testing/btest/core/enum-redef-exists.zeek index 69c331c74d..d9b1cc2415 100644 --- a/testing/btest/core/enum-redef-exists.zeek +++ b/testing/btest/core/enum-redef-exists.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output module SSH; diff --git a/testing/btest/core/erspan.zeek b/testing/btest/core/erspan.zeek index eb05cdcf5a..379afb55fb 100644 --- a/testing/btest/core/erspan.zeek +++ b/testing/btest/core/erspan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspan.trace %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspan.trace %INPUT # @TEST-EXEC: btest-diff tunnel.log @load base/frameworks/tunnels diff --git a/testing/btest/core/erspanII.zeek b/testing/btest/core/erspanII.zeek index b59c0ecf08..945a8ff3d2 100644 --- a/testing/btest/core/erspanII.zeek +++ b/testing/btest/core/erspanII.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspanII.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspanII.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/erspanIII.zeek b/testing/btest/core/erspanIII.zeek index 3215f4b9da..de3072e022 100644 --- a/testing/btest/core/erspanIII.zeek +++ b/testing/btest/core/erspanIII.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspanIII.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspanIII.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/ether-addrs.zeek b/testing/btest/core/ether-addrs.zeek index 2cb1d42b6f..d905d97baa 100644 --- a/testing/btest/core/ether-addrs.zeek +++ b/testing/btest/core/ether-addrs.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/wikipedia.trace %INPUT >>output -# @TEST-EXEC: bro -C -b -r $TRACES/radiotap.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -b -r $TRACES/wikipedia.trace %INPUT >>output +# @TEST-EXEC: zeek -C -b -r $TRACES/radiotap.pcap %INPUT >>output # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/event-arg-reuse.zeek b/testing/btest/core/event-arg-reuse.zeek index 3ad5f82cab..b96f4a5a18 100644 --- a/testing/btest/core/event-arg-reuse.zeek +++ b/testing/btest/core/event-arg-reuse.zeek @@ -1,6 +1,6 @@ # @TEST-DOC: Check that assignment to event parameters isn't visible to other handlers. # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output event f(a: int) &priority=5 diff --git a/testing/btest/core/expr-exception.zeek b/testing/btest/core/expr-exception.zeek index 9e84717935..79f460b1e4 100644 --- a/testing/btest/core/expr-exception.zeek +++ b/testing/btest/core/expr-exception.zeek @@ -1,7 +1,7 @@ # Expressions in an event handler that raise interpreter exceptions -# shouldn't abort Bro entirely, but just return from the function body. +# shouldn't abort Zeek entirely, but just return from the function body. # -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/fake_dns.zeek b/testing/btest/core/fake_dns.zeek index f5cd4d2067..d16152cb7b 100644 --- a/testing/btest/core/fake_dns.zeek +++ b/testing/btest/core/fake_dns.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: BRO_DNS_FAKE=1 bro -b %INPUT >out +# @TEST-EXEC: BRO_DNS_FAKE=1 zeek -b %INPUT >out # @TEST-EXEC: btest-diff out redef exit_only_after_terminate = T; diff --git a/testing/btest/core/file-caching-serialization.test b/testing/btest/core/file-caching-serialization.test index c6edeb55c2..6588dc96e4 100644 --- a/testing/btest/core/file-caching-serialization.test +++ b/testing/btest/core/file-caching-serialization.test @@ -4,11 +4,11 @@ # second case, files are eventually forced out of the cache and # undergo serialization, which requires re-opening. -# @TEST-EXEC: bro -b %INPUT "test_file_prefix=one" +# @TEST-EXEC: zeek -b %INPUT "test_file_prefix=one" # @TEST-EXEC: btest-diff one0 # @TEST-EXEC: btest-diff one1 # @TEST-EXEC: btest-diff one2 -# @TEST-EXEC: bro -b %INPUT "test_file_prefix=two" "max_files_in_cache=2" +# @TEST-EXEC: zeek -b %INPUT "test_file_prefix=two" "max_files_in_cache=2" # @TEST-EXEC: btest-diff two0 # @TEST-EXEC: btest-diff two1 # @TEST-EXEC: btest-diff two2 diff --git a/testing/btest/core/global_opaque_val.zeek b/testing/btest/core/global_opaque_val.zeek index 0232271ced..4bc0607029 100644 --- a/testing/btest/core/global_opaque_val.zeek +++ b/testing/btest/core/global_opaque_val.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global test = md5_hash_init(); diff --git a/testing/btest/core/history-flip.zeek b/testing/btest/core/history-flip.zeek index e9769d99b5..3895c3e2c6 100644 --- a/testing/btest/core/history-flip.zeek +++ b/testing/btest/core/history-flip.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log @load policy/protocols/conn/mac-logging diff --git a/testing/btest/core/icmp/icmp-context.test b/testing/btest/core/icmp/icmp-context.test index ca7a34c5aa..58e696cf9c 100644 --- a/testing/btest/core/icmp/icmp-context.test +++ b/testing/btest/core/icmp/icmp-context.test @@ -1,8 +1,8 @@ # These tests all check that IPv6 context packet construction for ICMP6 works. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-no-context.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-ip.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-no-context.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-ip.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) diff --git a/testing/btest/core/icmp/icmp-events.test b/testing/btest/core/icmp/icmp-events.test index 1a54f05fba..3aa0ee1177 100644 --- a/testing/btest/core/icmp/icmp-events.test +++ b/testing/btest/core/icmp/icmp-events.test @@ -1,8 +1,8 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-timeexceeded.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-ping.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-timeexceeded.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-ping.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp6-context.test b/testing/btest/core/icmp/icmp6-context.test index dfa8271cbc..66d57b527b 100644 --- a/testing/btest/core/icmp/icmp6-context.test +++ b/testing/btest/core/icmp/icmp6-context.test @@ -1,9 +1,9 @@ # These tests all check that IPv6 context packet construction for ICMP6 works. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-no-context.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-trunc.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-no-context.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-trunc.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) diff --git a/testing/btest/core/icmp/icmp6-events.test b/testing/btest/core/icmp/icmp6-events.test index 5263dd6e7f..6174e697fd 100644 --- a/testing/btest/core/icmp/icmp6-events.test +++ b/testing/btest/core/icmp/icmp6-events.test @@ -1,15 +1,15 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-toobig.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-timeexceeded.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-paramprob.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-ping.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-router-advert.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-neighbor-advert.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-router-solicit.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-toobig.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-timeexceeded.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-paramprob.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-ping.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-redirect.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-router-advert.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-neighbor-advert.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-router-solicit.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp6-nd-options.test b/testing/btest/core/icmp/icmp6-nd-options.test index 64543852a3..93f1931524 100644 --- a/testing/btest/core/icmp/icmp6-nd-options.test +++ b/testing/btest/core/icmp/icmp6-nd-options.test @@ -1,7 +1,7 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp_sent.zeek b/testing/btest/core/icmp/icmp_sent.zeek index 406ca637ba..72e6ab543b 100644 --- a/testing/btest/core/icmp/icmp_sent.zeek +++ b/testing/btest/core/icmp/icmp_sent.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out # @TEST-EXEC: btest-diff out event icmp_sent(c: connection, icmp: icmp_conn) diff --git a/testing/btest/core/init-error.zeek b/testing/btest/core/init-error.zeek index 858fad4eb1..82226e9dfa 100644 --- a/testing/btest/core/init-error.zeek +++ b/testing/btest/core/init-error.zeek @@ -1,6 +1,6 @@ # The default is for an initialization error to be a hard failure. -# @TEST-EXEC-FAIL: unset ZEEK_ALLOW_INIT_ERRORS && bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: unset ZEEK_ALLOW_INIT_ERRORS && zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() &priority=10 diff --git a/testing/btest/core/ip-broken-header.zeek b/testing/btest/core/ip-broken-header.zeek index a539628829..08c72b06f1 100644 --- a/testing/btest/core/ip-broken-header.zeek +++ b/testing/btest/core/ip-broken-header.zeek @@ -1,7 +1,7 @@ # This test has a trace that was generated from fuzzing which used to cause -# OOB reads in Bro. It has a number of packets broken in weird ways. +# OOB reads in Zeek. It has a number of packets broken in weird ways. # -# @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | bro -C -b -r - %INPUT +# @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | zeek -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log @load base/frameworks/notice/weird diff --git a/testing/btest/core/ipv6-atomic-frag.test b/testing/btest/core/ipv6-atomic-frag.test index 8c8fe6ca64..a247d50cec 100644 --- a/testing/btest/core/ipv6-atomic-frag.test +++ b/testing/btest/core/ipv6-atomic-frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/ipv6-flow-labels.test b/testing/btest/core/ipv6-flow-labels.test index 2265cd55d4..332a684cc9 100644 --- a/testing/btest/core/ipv6-flow-labels.test +++ b/testing/btest/core/ipv6-flow-labels.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv6.trace %INPUT >output # @TEST-EXEC: btest-diff output function print_connection(c: connection, event_name: string) diff --git a/testing/btest/core/ipv6-frag.test b/testing/btest/core/ipv6-frag.test index 32c7c0a8c1..815dd9910b 100644 --- a/testing/btest/core/ipv6-frag.test +++ b/testing/btest/core/ipv6-frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/ipv6_esp.test b/testing/btest/core/ipv6_esp.test index 508a4597f2..4f8b3a4b69 100644 --- a/testing/btest/core/ipv6_esp.test +++ b/testing/btest/core/ipv6_esp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ip6_esp.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ip6_esp.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/ipv6_ext_headers.test b/testing/btest/core/ipv6_ext_headers.test index 32a0f5d558..100410510b 100644 --- a/testing/btest/core/ipv6_ext_headers.test +++ b/testing/btest/core/ipv6_ext_headers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/ipv6_zero_len_ah.test b/testing/btest/core/ipv6_zero_len_ah.test index 014ba7b3cc..28c612992f 100644 --- a/testing/btest/core/ipv6_zero_len_ah.test +++ b/testing/btest/core/ipv6_zero_len_ah.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6_zero_len_ah.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6_zero_len_ah.trace %INPUT >output # @TEST-EXEC: btest-diff output # Shouldn't crash, but we also won't have seq and data fields set of the ip6_ah diff --git a/testing/btest/core/leaks/ayiya.test b/testing/btest/core/leaks/ayiya.test index 3572cf98ba..abbf46e6d8 100644 --- a/testing/btest/core/leaks/ayiya.test +++ b/testing/btest/core/leaks/ayiya.test @@ -1,8 +1,8 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/ayiya3.trace +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/ayiya3.trace # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/basic-cluster.zeek b/testing/btest/core/leaks/basic-cluster.zeek index e186b7aa43..7698c46023 100644 --- a/testing/btest/core/leaks/basic-cluster.zeek +++ b/testing/btest/core/leaks/basic-cluster.zeek @@ -5,11 +5,11 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m %INPUT +# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek -m %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE cluster-layout.zeek diff --git a/testing/btest/core/leaks/bloomfilter.zeek b/testing/btest/core/leaks/bloomfilter.zeek index e93bfe23cc..6318251767 100644 --- a/testing/btest/core/leaks/bloomfilter.zeek +++ b/testing/btest/core/leaks/bloomfilter.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_basic_bloom_filter() diff --git a/testing/btest/core/leaks/broker/clone_store.zeek b/testing/btest/core/leaks/broker/clone_store.zeek index a1f1256551..bf8732a60f 100644 --- a/testing/btest/core/leaks/broker/clone_store.zeek +++ b/testing/btest/core/leaks/broker/clone_store.zeek @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.zeek >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -b ../master.zeek >master.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "zeek -m -b ../clone.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "zeek -b ../master.zeek >master.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out diff --git a/testing/btest/core/leaks/broker/data.zeek b/testing/btest/core/leaks/broker/data.zeek index 590d041ff1..9f9daadee0 100644 --- a/testing/btest/core/leaks/broker/data.zeek +++ b/testing/btest/core/leaks/broker/data.zeek @@ -1,9 +1,9 @@ -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 45 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout type bro_set: set[string]; type bro_table: table[string] of count; @@ -110,7 +110,7 @@ if ( did_it ) return; did_it = T; -### Print every broker data type +### Print every Broker data type print Broker::data_type(Broker::data(T)); print Broker::data_type(Broker::data(+1)); @@ -134,7 +134,7 @@ print Broker::data_type(Broker::data(r)); print "***************************"; -### Convert a Bro value to a broker value, then print the result +### Convert a Zeek value to a Broker value, then print the result print (Broker::data(T)) as bool; print (Broker::data(F)) as bool; @@ -175,7 +175,7 @@ print broker_to_bro_record(cr); print "***************************"; -### Test the broker set BIFs +### Test the Broker set BIFs cs = Broker::set_create(); print Broker::set_size(cs); @@ -197,7 +197,7 @@ print broker_to_bro_set(cs); print "***************************"; -### Test the broker table BIFs +### Test the Broker table BIFs ct = Broker::table_create(); print Broker::table_size(ct); @@ -221,7 +221,7 @@ print broker_to_bro_table(ct); print "***************************"; -### Test the broker vector BIFs +### Test the Broker vector BIFs cv = Broker::vector_create(); print Broker::vector_size(cv); @@ -244,7 +244,7 @@ print broker_to_bro_vector(cv); print "***************************"; -### Test the broker record BIFs +### Test the Broker record BIFs cr = Broker::record_create(3); print Broker::record_size(cr); diff --git a/testing/btest/core/leaks/broker/master_store.zeek b/testing/btest/core/leaks/broker/master_store.zeek index 08919bb461..c8527b8d73 100644 --- a/testing/btest/core/leaks/broker/master_store.zeek +++ b/testing/btest/core/leaks/broker/master_store.zeek @@ -1,7 +1,7 @@ -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 45 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/broker/remote_event.test b/testing/btest/core/leaks/broker/remote_event.test index 9983f7871d..470fc0837a 100644 --- a/testing/btest/core/leaks/broker/remote_event.test +++ b/testing/btest/core/leaks/broker/remote_event.test @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "zeek -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "zeek -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/core/leaks/broker/remote_log.test b/testing/btest/core/leaks/broker/remote_log.test index 21d387b15f..2580877de0 100644 --- a/testing/btest/core/leaks/broker/remote_log.test +++ b/testing/btest/core/leaks/broker/remote_log.test @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "zeek -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "zeek -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/core/leaks/dns-nsec3.zeek b/testing/btest/core/leaks/dns-nsec3.zeek index 16be0103e6..29b591b0ee 100644 --- a/testing/btest/core/leaks/dns-nsec3.zeek +++ b/testing/btest/core/leaks/dns-nsec3.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 @load policy/protocols/dns/auth-addl diff --git a/testing/btest/core/leaks/dns-txt.zeek b/testing/btest/core/leaks/dns-txt.zeek index c04e5df6ea..93d049a40b 100644 --- a/testing/btest/core/leaks/dns-txt.zeek +++ b/testing/btest/core/leaks/dns-txt.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dns.zeek b/testing/btest/core/leaks/dns.zeek index f16a4ca3bb..e4f8c92cdb 100644 --- a/testing/btest/core/leaks/dns.zeek +++ b/testing/btest/core/leaks/dns.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dtls.zeek b/testing/btest/core/leaks/dtls.zeek index e7f75a530e..b7f27de91d 100644 --- a/testing/btest/core/leaks/dtls.zeek +++ b/testing/btest/core/leaks/dtls.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/exec.test b/testing/btest/core/leaks/exec.test index ec4eb0d75f..793954a9dc 100644 --- a/testing/btest/core/leaks/exec.test +++ b/testing/btest/core/leaks/exec.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b ../exectest.zeek +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE exectest.zeek diff --git a/testing/btest/core/leaks/file-analysis-http-get.zeek b/testing/btest/core/leaks/file-analysis-http-get.zeek index 960a510137..6e0dae16be 100644 --- a/testing/btest/core/leaks/file-analysis-http-get.zeek +++ b/testing/btest/core/leaks/file-analysis-http-get.zeek @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/core/leaks/gridftp.test b/testing/btest/core/leaks/gridftp.test index 4c7d31937d..4028df6b33 100644 --- a/testing/btest/core/leaks/gridftp.test +++ b/testing/btest/core/leaks/gridftp.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/globus-url-copy.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/globus-url-copy.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ftp/gridftp diff --git a/testing/btest/core/leaks/gtp_opt_header.test b/testing/btest/core/leaks/gtp_opt_header.test index 79cc50d752..e11ecf1942 100644 --- a/testing/btest/core/leaks/gtp_opt_header.test +++ b/testing/btest/core/leaks/gtp_opt_header.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out # @TEST-EXEC: btest-bg-wait 60 # Some GTPv1 headers have some optional fields totaling to a 4-byte extension diff --git a/testing/btest/core/leaks/hll_cluster.zeek b/testing/btest/core/leaks/hll_cluster.zeek index 40f964ad3a..a6afed593a 100644 --- a/testing/btest/core/leaks/hll_cluster.zeek +++ b/testing/btest/core/leaks/hll_cluster.zeek @@ -5,12 +5,12 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: bro -m %INPUT>out -# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m runnumber=1 %INPUT -# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m runnumber=2 %INPUT +# @TEST-EXEC: zeek -m %INPUT>out +# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek -m runnumber=1 %INPUT +# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek -m runnumber=2 %INPUT # @TEST-EXEC: btest-bg-wait 60 # # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/core/leaks/hook.zeek b/testing/btest/core/leaks/hook.zeek index 0d991bc9a0..5f25a8a011 100644 --- a/testing/btest/core/leaks/hook.zeek +++ b/testing/btest/core/leaks/hook.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 type rec: record { diff --git a/testing/btest/core/leaks/http-connect.zeek b/testing/btest/core/leaks/http-connect.zeek index 8a7f1c8146..c18871c55d 100644 --- a/testing/btest/core/leaks/http-connect.zeek +++ b/testing/btest/core/leaks/http-connect.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/conn diff --git a/testing/btest/core/leaks/incr-vec-expr.test b/testing/btest/core/leaks/incr-vec-expr.test index 42d9d9f820..ff6117feea 100644 --- a/testing/btest/core/leaks/incr-vec-expr.test +++ b/testing/btest/core/leaks/incr-vec-expr.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 type rec: record { diff --git a/testing/btest/core/leaks/input-basic.zeek b/testing/btest/core/leaks/input-basic.zeek index 177cbc5e26..8903fa0409 100644 --- a/testing/btest/core/leaks/input-basic.zeek +++ b/testing/btest/core/leaks/input-basic.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/input-errors.zeek b/testing/btest/core/leaks/input-errors.zeek index 93a143c8d5..7262e16c06 100644 --- a/testing/btest/core/leaks/input-errors.zeek +++ b/testing/btest/core/leaks/input-errors.zeek @@ -3,9 +3,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-missing-enum.zeek b/testing/btest/core/leaks/input-missing-enum.zeek index 5f931a35f3..9c34d163dd 100644 --- a/testing/btest/core/leaks/input-missing-enum.zeek +++ b/testing/btest/core/leaks/input-missing-enum.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-optional-event.zeek b/testing/btest/core/leaks/input-optional-event.zeek index df8d591769..500a076ed6 100644 --- a/testing/btest/core/leaks/input-optional-event.zeek +++ b/testing/btest/core/leaks/input-optional-event.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-optional-table.zeek b/testing/btest/core/leaks/input-optional-table.zeek index f3e4c05fb4..09f50fb8c8 100644 --- a/testing/btest/core/leaks/input-optional-table.zeek +++ b/testing/btest/core/leaks/input-optional-table.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-raw.zeek b/testing/btest/core/leaks/input-raw.zeek index 39ab13adfd..938875987c 100644 --- a/testing/btest/core/leaks/input-raw.zeek +++ b/testing/btest/core/leaks/input-raw.zeek @@ -2,13 +2,13 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 60 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 60 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got6 15 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got6 15 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/input-reread.zeek b/testing/btest/core/leaks/input-reread.zeek index c15a91a6aa..6621c14574 100644 --- a/testing/btest/core/leaks/input-reread.zeek +++ b/testing/btest/core/leaks/input-reread.zeek @@ -2,17 +2,17 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 60 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 60 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got6 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got6 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got8 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got8 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input5.log input.log # @TEST-EXEC: btest-bg-wait 120 diff --git a/testing/btest/core/leaks/input-sqlite.zeek b/testing/btest/core/leaks/input-sqlite.zeek index d278a00533..9606779c7b 100644 --- a/testing/btest/core/leaks/input-sqlite.zeek +++ b/testing/btest/core/leaks/input-sqlite.zeek @@ -2,11 +2,11 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE conn.sql diff --git a/testing/btest/core/leaks/input-with-remove.zeek b/testing/btest/core/leaks/input-with-remove.zeek index 59e3f28c0a..2a55c8a3fa 100644 --- a/testing/btest/core/leaks/input-with-remove.zeek +++ b/testing/btest/core/leaks/input-with-remove.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/frameworks/input diff --git a/testing/btest/core/leaks/ip-in-ip.test b/testing/btest/core/leaks/ip-in-ip.test index 3ceae55d49..41cc6a7724 100644 --- a/testing/btest/core/leaks/ip-in-ip.test +++ b/testing/btest/core/leaks/ip-in-ip.test @@ -1,12 +1,12 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 bro -m -b -r $TRACES/tunnels/6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 bro -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 bro -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek1 zeek -m -b -r $TRACES/tunnels/6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek2 zeek -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek3 zeek -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/leaks/ipv6_ext_headers.test b/testing/btest/core/leaks/ipv6_ext_headers.test index 3b6f8d467c..84ad8e69a8 100644 --- a/testing/btest/core/leaks/ipv6_ext_headers.test +++ b/testing/btest/core/leaks/ipv6_ext_headers.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/leaks/irc.test b/testing/btest/core/leaks/irc.test index 7b2ac389d4..7b3130a553 100644 --- a/testing/btest/core/leaks/irc.test +++ b/testing/btest/core/leaks/irc.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) diff --git a/testing/btest/core/leaks/krb-service-name.test b/testing/btest/core/leaks/krb-service-name.test index a0d8a84322..5b07a48633 100644 --- a/testing/btest/core/leaks/krb-service-name.test +++ b/testing/btest/core/leaks/krb-service-name.test @@ -1,8 +1,8 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/krb/optional-service-name.pcap +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/krb/optional-service-name.pcap # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/krb.test b/testing/btest/core/leaks/krb.test index 7bfb7a550d..a16711b850 100644 --- a/testing/btest/core/leaks/krb.test +++ b/testing/btest/core/leaks/krb.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/krb/kinit.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/krb/kinit.trace %INPUT # @TEST-EXEC: btest-bg-wait 30 @load base/protocols/krb \ No newline at end of file diff --git a/testing/btest/core/leaks/kv-iteration.zeek b/testing/btest/core/leaks/kv-iteration.zeek index 5c7a9f1f62..7496698e42 100644 --- a/testing/btest/core/leaks/kv-iteration.zeek +++ b/testing/btest/core/leaks/kv-iteration.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/leaks/mysql.test b/testing/btest/core/leaks/mysql.test index 2e9ec6990f..07f3239885 100644 --- a/testing/btest/core/leaks/mysql.test +++ b/testing/btest/core/leaks/mysql.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/mysql/mysql.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/mysql/mysql.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/mysql diff --git a/testing/btest/core/leaks/pattern.zeek b/testing/btest/core/leaks/pattern.zeek index f48a8f28bd..e223e64b57 100644 --- a/testing/btest/core/leaks/pattern.zeek +++ b/testing/btest/core/leaks/pattern.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_case(msg: string, expect: bool) diff --git a/testing/btest/core/leaks/pe.test b/testing/btest/core/leaks/pe.test index d951cdbd47..3ff64b587f 100644 --- a/testing/btest/core/leaks/pe.test +++ b/testing/btest/core/leaks/pe.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ftp diff --git a/testing/btest/core/leaks/radius.test b/testing/btest/core/leaks/radius.test index 228973c47e..e6d1d66bea 100644 --- a/testing/btest/core/leaks/radius.test +++ b/testing/btest/core/leaks/radius.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/radius/radius.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/radius/radius.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/radius diff --git a/testing/btest/core/leaks/returnwhen.zeek b/testing/btest/core/leaks/returnwhen.zeek index 1220a3c371..689adf1256 100644 --- a/testing/btest/core/leaks/returnwhen.zeek +++ b/testing/btest/core/leaks/returnwhen.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: btest-bg-run bro HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b %INPUT +# @TEST-EXEC: btest-bg-run zeek HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/set.zeek b/testing/btest/core/leaks/set.zeek index b3f2200d28..a902fe9797 100644 --- a/testing/btest/core/leaks/set.zeek +++ b/testing/btest/core/leaks/set.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_case(msg: string, expect: bool) diff --git a/testing/btest/core/leaks/sip.test b/testing/btest/core/leaks/sip.test index 1aac2b30e0..25125e1816 100644 --- a/testing/btest/core/leaks/sip.test +++ b/testing/btest/core/leaks/sip.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/sip/wireshark.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/sip/wireshark.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/sip diff --git a/testing/btest/core/leaks/smtp_attachment.test b/testing/btest/core/leaks/smtp_attachment.test index 3094deb65c..63eb1e8b5c 100644 --- a/testing/btest/core/leaks/smtp_attachment.test +++ b/testing/btest/core/leaks/smtp_attachment.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/smtp diff --git a/testing/btest/core/leaks/snmp.test b/testing/btest/core/leaks/snmp.test index 43112eb9bf..f6769f2602 100644 --- a/testing/btest/core/leaks/snmp.test +++ b/testing/btest/core/leaks/snmp.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.zeek %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/snmp diff --git a/testing/btest/core/leaks/ssh.test b/testing/btest/core/leaks/ssh.test index 714d7bb3eb..a43654705d 100644 --- a/testing/btest/core/leaks/ssh.test +++ b/testing/btest/core/leaks/ssh.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/ssh/ssh.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssh diff --git a/testing/btest/core/leaks/stats.zeek b/testing/btest/core/leaks/stats.zeek index 7df104be95..f541b4fb79 100644 --- a/testing/btest/core/leaks/stats.zeek +++ b/testing/btest/core/leaks/stats.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load policy/misc/stats diff --git a/testing/btest/core/leaks/string-indexing.zeek b/testing/btest/core/leaks/string-indexing.zeek index 37f7868190..1ac28efe63 100644 --- a/testing/btest/core/leaks/string-indexing.zeek +++ b/testing/btest/core/leaks/string-indexing.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/switch-statement.zeek b/testing/btest/core/leaks/switch-statement.zeek index e5145f9227..b0c906ec46 100644 --- a/testing/btest/core/leaks/switch-statement.zeek +++ b/testing/btest/core/leaks/switch-statement.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 type MyEnum: enum { diff --git a/testing/btest/core/leaks/teredo.zeek b/testing/btest/core/leaks/teredo.zeek index c83a501705..2841679b0e 100644 --- a/testing/btest/core/leaks/teredo.zeek +++ b/testing/btest/core/leaks/teredo.zeek @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output # @TEST-EXEC: btest-bg-wait 60 function print_teredo(name: string, outer: connection, inner: teredo_hdr) diff --git a/testing/btest/core/leaks/test-all.zeek b/testing/btest/core/leaks/test-all.zeek index d4f8a040ec..79bc8c916a 100644 --- a/testing/btest/core/leaks/test-all.zeek +++ b/testing/btest/core/leaks/test-all.zeek @@ -2,7 +2,7 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace test-all-policy +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/wikipedia.trace test-all-policy # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/vector-val-bifs.test b/testing/btest/core/leaks/vector-val-bifs.test index 9e9caece69..a552279a57 100644 --- a/testing/btest/core/leaks/vector-val-bifs.test +++ b/testing/btest/core/leaks/vector-val-bifs.test @@ -2,13 +2,13 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # The BIFS used in this test originally didn't call the VectorVal() ctor right, # assuming that it didn't automatically Ref the VectorType argument and thus # leaked that memeory. # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function myfunc(aa: interval, bb: interval): int diff --git a/testing/btest/core/leaks/while.zeek b/testing/btest/core/leaks/while.zeek index 44f17e9b69..f490c9a13d 100644 --- a/testing/btest/core/leaks/while.zeek +++ b/testing/btest/core/leaks/while.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_noop() diff --git a/testing/btest/core/leaks/x509_ocsp_verify.zeek b/testing/btest/core/leaks/x509_ocsp_verify.zeek index ab24f28ee8..8d6cd5aa3e 100644 --- a/testing/btest/core/leaks/x509_ocsp_verify.zeek +++ b/testing/btest/core/leaks/x509_ocsp_verify.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/x509_verify.zeek b/testing/btest/core/leaks/x509_verify.zeek index 7db2581a8b..3989c2b850 100644 --- a/testing/btest/core/leaks/x509_verify.zeek +++ b/testing/btest/core/leaks/x509_verify.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/load-duplicates.zeek b/testing/btest/core/load-duplicates.zeek index 9b3810d40d..846350988e 100644 --- a/testing/btest/core/load-duplicates.zeek +++ b/testing/btest/core/load-duplicates.zeek @@ -1,15 +1,15 @@ -# This tests bro's mechanism to prevent duplicate script loading. +# This tests Zeek's mechanism to prevent duplicate script loading. # # @TEST-EXEC: mkdir -p foo/bar -# @TEST-EXEC: echo "@load bar/test" >loader.bro -# @TEST-EXEC: cp %INPUT foo/bar/test.bro -# @TEST-EXEC: cp %INPUT foo/bar/test2.bro +# @TEST-EXEC: echo "@load bar/test" >loader.zeek +# @TEST-EXEC: cp %INPUT foo/bar/test.zeek +# @TEST-EXEC: cp %INPUT foo/bar/test2.zeek # -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro -# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test2 +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test.zeek +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test.zeek +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader `pwd`/foo/bar/test.zeek +# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test2 global pi = 3.14; diff --git a/testing/btest/core/load-explicit-bro-suffix-fallback.zeek b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek index 689be5bc03..d2ce412209 100644 --- a/testing/btest/core/load-explicit-bro-suffix-fallback.zeek +++ b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # We don't have a foo.bro, but we'll accept foo.zeek. diff --git a/testing/btest/core/load-file-extension.zeek b/testing/btest/core/load-file-extension.zeek index 1b5520c873..3a0f4e64c5 100644 --- a/testing/btest/core/load-file-extension.zeek +++ b/testing/btest/core/load-file-extension.zeek @@ -2,22 +2,22 @@ # # Test that either ".zeek" or ".bro" can be loaded without specifying extension # @TEST-EXEC: cp x/foo.bro . -# @TEST-EXEC: bro -b load_foo > bro_only +# @TEST-EXEC: zeek -b load_foo > bro_only # @TEST-EXEC: btest-diff bro_only # @TEST-EXEC: rm foo.bro # # @TEST-EXEC: cp x/foo.zeek . -# @TEST-EXEC: bro -b load_foo > zeek_only +# @TEST-EXEC: zeek -b load_foo > zeek_only # @TEST-EXEC: btest-diff zeek_only # @TEST-EXEC: rm foo.zeek # # Test that ".zeek" is the preferred file extension, unless ".bro" is specified # @TEST-EXEC: cp x/foo.* . # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > zeek_preferred +# @TEST-EXEC: zeek -b load_foo > zeek_preferred # @TEST-EXEC: btest-diff zeek_preferred # -# @TEST-EXEC: bro -b load_foo_bro > bro_preferred +# @TEST-EXEC: zeek -b load_foo_bro > bro_preferred # @TEST-EXEC: btest-diff bro_preferred # @TEST-EXEC: rm foo* # @@ -25,30 +25,30 @@ # there is no ".zeek" script) # @TEST-EXEC: cp x/foo.bro . # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > bro_preferred_2 +# @TEST-EXEC: zeek -b load_foo > bro_preferred_2 # @TEST-EXEC: btest-diff bro_preferred_2 # @TEST-EXEC: rm foo* # # Test that a script with no file extension can be loaded # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > no_extension +# @TEST-EXEC: zeek -b load_foo > no_extension # @TEST-EXEC: btest-diff no_extension # @TEST-EXEC: rm foo # # Test that a ".zeek" script is preferred over a script package of same name # @TEST-EXEC: cp -r x/foo* . -# @TEST-EXEC: bro -b load_foo > zeek_script_preferred +# @TEST-EXEC: zeek -b load_foo > zeek_script_preferred # @TEST-EXEC: btest-diff zeek_script_preferred # @TEST-EXEC: rm -r foo* # # Test that unrecognized file extensions can be loaded explicitly # @TEST-EXEC: cp x/foo.* . -# @TEST-EXEC: bro -b load_foo_xyz > xyz_preferred +# @TEST-EXEC: zeek -b load_foo_xyz > xyz_preferred # @TEST-EXEC: btest-diff xyz_preferred # @TEST-EXEC: rm foo.* # # @TEST-EXEC: cp x/foo.xyz . -# @TEST-EXEC-FAIL: bro -b load_foo +# @TEST-EXEC-FAIL: zeek -b load_foo # @TEST-EXEC: rm foo.xyz @TEST-START-FILE load_foo diff --git a/testing/btest/core/load-pkg.zeek b/testing/btest/core/load-pkg.zeek index 8c861f7982..b97211a86a 100644 --- a/testing/btest/core/load-pkg.zeek +++ b/testing/btest/core/load-pkg.zeek @@ -1,17 +1,17 @@ # Test that package loading works when a package loader script is present. # # Test that ".zeek" is loaded when there is also a ".bro" -# @TEST-EXEC: bro -b foo >output +# @TEST-EXEC: zeek -b foo >output # @TEST-EXEC: btest-diff output # # Test that ".bro" is loaded when there is no ".zeek" # @TEST-EXEC: rm foo/__load__.zeek -# @TEST-EXEC: bro -b foo >output2 +# @TEST-EXEC: zeek -b foo >output2 # @TEST-EXEC: btest-diff output2 # # Test that package cannot be loaded when no package loader script exists. # @TEST-EXEC: rm foo/__load__.bro -# @TEST-EXEC-FAIL: bro -b foo +# @TEST-EXEC-FAIL: zeek -b foo @TEST-START-FILE foo/__load__.bro @load ./test diff --git a/testing/btest/core/load-prefixes.zeek b/testing/btest/core/load-prefixes.zeek index c91f278a65..0416319827 100644 --- a/testing/btest/core/load-prefixes.zeek +++ b/testing/btest/core/load-prefixes.zeek @@ -1,6 +1,6 @@ # A test of prefix-based @load'ing -# @TEST-EXEC: bro addprefixes >output +# @TEST-EXEC: zeek addprefixes >output # @TEST-EXEC: btest-diff output @TEST-START-FILE addprefixes.zeek diff --git a/testing/btest/core/load-relative.zeek b/testing/btest/core/load-relative.zeek index 439563c201..8e1e6f8a06 100644 --- a/testing/btest/core/load-relative.zeek +++ b/testing/btest/core/load-relative.zeek @@ -1,6 +1,6 @@ # A test of relative-path-based @load'ing -# @TEST-EXEC: bro -b foo/foo >output +# @TEST-EXEC: zeek -b foo/foo >output # @TEST-EXEC: btest-diff output @TEST-START-FILE foo/foo.zeek diff --git a/testing/btest/core/load-unload.zeek b/testing/btest/core/load-unload.zeek index 6b2614a50c..6199f12e8b 100644 --- a/testing/btest/core/load-unload.zeek +++ b/testing/btest/core/load-unload.zeek @@ -1,13 +1,13 @@ # This tests the @unload directive # # Test that @unload works with ".bro" when there is no ".zeek" script -# @TEST-EXEC: bro -b unloadbro misc/loaded-scripts dontloadmebro > output +# @TEST-EXEC: zeek -b unloadbro misc/loaded-scripts dontloadmebro > output # @TEST-EXEC: btest-diff output # @TEST-EXEC: grep dontloadmebro loaded_scripts.log && exit 1 || exit 0 # # Test that @unload looks for ".zeek" first (assuming no file extension is # specified in the @unload) -# @TEST-EXEC: bro -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 +# @TEST-EXEC: zeek -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 # @TEST-EXEC: btest-diff output2 # @TEST-EXEC: grep dontloadme.bro loaded_scripts.log diff --git a/testing/btest/core/mobile-ipv6-home-addr.test b/testing/btest/core/mobile-ipv6-home-addr.test index e171a07afb..9be171074a 100644 --- a/testing/btest/core/mobile-ipv6-home-addr.test +++ b/testing/btest/core/mobile-ipv6-home-addr.test @@ -1,5 +1,6 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the orig of the connection is the Home Address, but the diff --git a/testing/btest/core/mobile-ipv6-routing.test b/testing/btest/core/mobile-ipv6-routing.test index ea99a70706..cca944f9c4 100644 --- a/testing/btest/core/mobile-ipv6-routing.test +++ b/testing/btest/core/mobile-ipv6-routing.test @@ -1,5 +1,6 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the responder of the connection is the final routing diff --git a/testing/btest/core/mobility-checksums.test b/testing/btest/core/mobility-checksums.test index 42877b63d4..d680fdf406 100644 --- a/testing/btest/core/mobility-checksums.test +++ b/testing/btest/core/mobility-checksums.test @@ -1,15 +1,16 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -r $TRACES/chksums/mip6-bad-mh-chksum.pcap +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# +# @TEST-EXEC: zeek -r $TRACES/chksums/mip6-bad-mh-chksum.pcap # @TEST-EXEC: mv weird.log bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out # @TEST-EXEC: rm weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/mip6-good-mh-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/mip6-good-mh-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log # @TEST-EXEC: btest-diff bad.out diff --git a/testing/btest/core/mobility_msg.test b/testing/btest/core/mobility_msg.test index 1fde084dc2..89538fc667 100644 --- a/testing/btest/core/mobility_msg.test +++ b/testing/btest/core/mobility_msg.test @@ -1,12 +1,13 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_bu.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_cot.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_coti.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_hot.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_hoti.trace %INPUT >>output +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_bu.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_cot.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_coti.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_hot.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_hoti.trace %INPUT >>output # @TEST-EXEC: btest-diff output event mobile_ipv6_message(p: pkt_hdr) diff --git a/testing/btest/core/mpls-in-vlan.zeek b/testing/btest/core/mpls-in-vlan.zeek index f57c1862ce..9048c34c17 100644 --- a/testing/btest/core/mpls-in-vlan.zeek +++ b/testing/btest/core/mpls-in-vlan.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/mpls-in-vlan.trace +# @TEST-EXEC: zeek -C -r $TRACES/mpls-in-vlan.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/negative-time.test b/testing/btest/core/negative-time.test index 5717df835c..cd1ac20240 100644 --- a/testing/btest/core/negative-time.test +++ b/testing/btest/core/negative-time.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/negative-time.pcap base/frameworks/notice +# @TEST-EXEC: zeek -b -C -r $TRACES/negative-time.pcap base/frameworks/notice # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/nflog.zeek b/testing/btest/core/nflog.zeek index 39186bbbea..e3bb62e4a5 100644 --- a/testing/btest/core/nflog.zeek +++ b/testing/btest/core/nflog.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/nflog-http.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/nflog-http.pcap %INPUT # @TEST-EXEC: btest-diff http.log @load base/protocols/http diff --git a/testing/btest/core/nop.zeek b/testing/btest/core/nop.zeek index e42b5a7821..e0f6f70323 100644 --- a/testing/btest/core/nop.zeek +++ b/testing/btest/core/nop.zeek @@ -1,4 +1,4 @@ -# Bro shouldn't crash when doing nothing, nor outputting anything. +# Zeek shouldn't crash when doing nothing, nor outputting anything. # -# @TEST-EXEC: cat /dev/null | bro >output 2>&1 +# @TEST-EXEC: cat /dev/null | zeek >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/old_comm_usage.zeek b/testing/btest/core/old_comm_usage.zeek deleted file mode 100644 index 8f4e3854aa..0000000000 --- a/testing/btest/core/old_comm_usage.zeek +++ /dev/null @@ -1,7 +0,0 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out - -event zeek_init() - { - terminate_communication(); - } diff --git a/testing/btest/core/option-errors.zeek b/testing/btest/core/option-errors.zeek index 6a9a8f1db6..b08ba17864 100644 --- a/testing/btest/core/option-errors.zeek +++ b/testing/btest/core/option-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro %INPUT +# @TEST-EXEC-FAIL: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr option testbool; diff --git a/testing/btest/core/option-priorities.zeek b/testing/btest/core/option-priorities.zeek index 088d82ea9f..cfc78aafe7 100644 --- a/testing/btest/core/option-priorities.zeek +++ b/testing/btest/core/option-priorities.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout export { diff --git a/testing/btest/core/option-redef.zeek b/testing/btest/core/option-redef.zeek index 30d381306a..e47bd7344e 100644 --- a/testing/btest/core/option-redef.zeek +++ b/testing/btest/core/option-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout # options are allowed to be redef-able. diff --git a/testing/btest/core/option-runtime-errors.zeek b/testing/btest/core/option-runtime-errors.zeek index 8ae4b9ca40..ef512c6a8e 100644 --- a/testing/btest/core/option-runtime-errors.zeek +++ b/testing/btest/core/option-runtime-errors.zeek @@ -1,8 +1,9 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr -# Errors that happen during runtime. At least at the moment we are not checking these early enough -# that Bro will bail out during startup. Perhaps we want to change this later. +# Errors that happen during runtime. At least at the moment we are not +# checking these early enough that Zeek will bail out during startup. Perhaps +# we want to change this later. option A = 5; Option::set("B", 6); diff --git a/testing/btest/core/pcap/dumper.zeek b/testing/btest/core/pcap/dumper.zeek index 0f2bdb072e..4602022b45 100644 --- a/testing/btest/core/pcap/dumper.zeek +++ b/testing/btest/core/pcap/dumper.zeek @@ -1,5 +1,5 @@ # @TEST-REQUIRES: which hexdump -# @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace -w dump +# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace -w dump # @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1 # @TEST-EXEC: hexdump -C dump >2 # @TEST-EXEC: diff 1 2 >output || true diff --git a/testing/btest/core/pcap/dynamic-filter.zeek b/testing/btest/core/pcap/dynamic-filter.zeek index caebaf0558..11edf87644 100644 --- a/testing/btest/core/pcap/dynamic-filter.zeek +++ b/testing/btest/core/pcap/dynamic-filter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/pcap/filter-error.zeek b/testing/btest/core/pcap/filter-error.zeek index b83b8879a0..81f4c24cf9 100644 --- a/testing/btest/core/pcap/filter-error.zeek +++ b/testing/btest/core/pcap/filter-error.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/workshop_2011_browse.trace -f "kaputt" >>output 2>&1 +# @TEST-EXEC-FAIL: zeek -r $TRACES/workshop_2011_browse.trace -f "kaputt" >>output 2>&1 # @TEST-EXEC-FAIL: test -e conn.log # @TEST-EXEC: echo ---- >>output -# @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace %INPUT >>output 2>&1 # @TEST-EXEC: test -e conn.log # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/core/pcap/input-error.zeek b/testing/btest/core/pcap/input-error.zeek index 5e469e08e8..8a67293a8b 100644 --- a/testing/btest/core/pcap/input-error.zeek +++ b/testing/btest/core/pcap/input-error.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC-FAIL: bro -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 +# @TEST-EXEC-FAIL: zeek -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 # @TEST-EXEC: cat output | sed 's/(.*)//g' >output2 -# @TEST-EXEC-FAIL: bro -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 +# @TEST-EXEC-FAIL: zeek -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 # @TEST-EXEC: btest-diff output2 redef enum PcapFilterID += { A }; diff --git a/testing/btest/core/pcap/pseudo-realtime.zeek b/testing/btest/core/pcap/pseudo-realtime.zeek index c51b5cc32b..994fb42a65 100644 --- a/testing/btest/core/pcap/pseudo-realtime.zeek +++ b/testing/btest/core/pcap/pseudo-realtime.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output # @TEST-EXEC: btest-diff output global init = F; diff --git a/testing/btest/core/pcap/read-trace-with-filter.zeek b/testing/btest/core/pcap/read-trace-with-filter.zeek index 5878bada64..ba9db2c2a4 100644 --- a/testing/btest/core/pcap/read-trace-with-filter.zeek +++ b/testing/btest/core/pcap/read-trace-with-filter.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace -f "port 50000" +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace -f "port 50000" # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff packet_filter.log diff --git a/testing/btest/core/pppoe-over-qinq.zeek b/testing/btest/core/pppoe-over-qinq.zeek index cdfd4607ae..54cdcba1f7 100644 --- a/testing/btest/core/pppoe-over-qinq.zeek +++ b/testing/btest/core/pppoe-over-qinq.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/pppoe-over-qinq.pcap +# @TEST-EXEC: zeek -C -r $TRACES/pppoe-over-qinq.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/pppoe.test b/testing/btest/core/pppoe.test index 35be84d657..74e3678858 100644 --- a/testing/btest/core/pppoe.test +++ b/testing/btest/core/pppoe.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/pppoe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pppoe.trace %INPUT # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/print-bpf-filters.zeek b/testing/btest/core/print-bpf-filters.zeek index 6e4a4d5c30..fd86ce4f04 100644 --- a/testing/btest/core/print-bpf-filters.zeek +++ b/testing/btest/core/print-bpf-filters.zeek @@ -1,15 +1,15 @@ -# @TEST-EXEC: bro -r $TRACES/empty.trace >output +# @TEST-EXEC: zeek -r $TRACES/empty.trace >output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro -r $TRACES/empty.trace -f "port 42" >>output +# @TEST-EXEC: zeek -r $TRACES/empty.trace -f "port 42" >>output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro -r $TRACES/mixed-vlan-mpls.trace PacketFilter::restricted_filter="vlan" >>output +# @TEST-EXEC: zeek -r $TRACES/mixed-vlan-mpls.trace PacketFilter::restricted_filter="vlan" >>output # @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log # # The order in the output of enable_auto_protocol_capture_filters isn't # stable, for reasons not clear. We canonify it first. -# @TEST-EXEC: bro -r $TRACES/empty.trace PacketFilter::enable_auto_protocol_capture_filters=T -# @TEST-EXEC: cat packet_filter.log | bro-cut filter | sed 's#[()]##g' | tr ' ' '\n' | sort | uniq -c | awk '{print $1, $2}' >output2 +# @TEST-EXEC: zeek -r $TRACES/empty.trace PacketFilter::enable_auto_protocol_capture_filters=T +# @TEST-EXEC: cat packet_filter.log | zeek-cut filter | sed 's#[()]##g' | tr ' ' '\n' | sort | uniq -c | awk '{print $1, $2}' >output2 # @TEST-EXEC: btest-diff output2 diff --git a/testing/btest/core/q-in-q.zeek b/testing/btest/core/q-in-q.zeek index 7444e7b458..e864fdf3b5 100644 --- a/testing/btest/core/q-in-q.zeek +++ b/testing/btest/core/q-in-q.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/q-in-q.trace +# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/radiotap.zeek b/testing/btest/core/radiotap.zeek index 27513990f0..48886297ff 100644 --- a/testing/btest/core/radiotap.zeek +++ b/testing/btest/core/radiotap.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/radiotap.pcap +# @TEST-EXEC: zeek -C -r $TRACES/radiotap.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/raw_packet.zeek b/testing/btest/core/raw_packet.zeek index cb1ee94b0f..15fa7d133b 100644 --- a/testing/btest/core/raw_packet.zeek +++ b/testing/btest/core/raw_packet.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b -r $TRACES/raw_packets.trace %INPUT >output -# @TEST-EXEC: bro -b -r $TRACES/icmp_dot1q.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/raw_packets.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/icmp_dot1q.trace %INPUT >>output # @TEST-EXEC: btest-diff output event raw_packet(p: raw_pkt_hdr) diff --git a/testing/btest/core/reassembly.zeek b/testing/btest/core/reassembly.zeek index 53489008de..db14364331 100644 --- a/testing/btest/core/reassembly.zeek +++ b/testing/btest/core/reassembly.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/core/recursive-event.zeek b/testing/btest/core/recursive-event.zeek index 63cb05eb6f..f82b4ed58b 100644 --- a/testing/btest/core/recursive-event.zeek +++ b/testing/btest/core/recursive-event.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output +# @TEST-EXEC: zeek %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output # @TEST-EXEC: btest-diff output # In old version, the event would keep triggering endlessely, with the network -# time not moving forward and Bro not terminating. +# time not moving forward and Zeek not terminating. # # Note that the output will not be 20 because we still execute two rounds # of events every time we drain and also at startup several (currently 3) diff --git a/testing/btest/core/reporter-error-in-handler.zeek b/testing/btest/core/reporter-error-in-handler.zeek index fc0517ab2a..e7de8a1a75 100644 --- a/testing/btest/core/reporter-error-in-handler.zeek +++ b/testing/btest/core/reporter-error-in-handler.zeek @@ -2,7 +2,7 @@ # This test procudes a recursive error: the error handler is itself broken. Rather # than looping indefinitly, the error inside the handler should reported to stderr. # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global a: table[count] of count; diff --git a/testing/btest/core/reporter-fmt-strings.zeek b/testing/btest/core/reporter-fmt-strings.zeek index 09c03cf721..087b0e2244 100644 --- a/testing/btest/core/reporter-fmt-strings.zeek +++ b/testing/btest/core/reporter-fmt-strings.zeek @@ -1,7 +1,7 @@ # The format string below should end up as a literal part of the reporter's # error message to stderr and shouldn't be replaced internally. # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event zeek_init() diff --git a/testing/btest/core/reporter-parse-error.zeek b/testing/btest/core/reporter-parse-error.zeek index d57917ff26..dfd9ed6d02 100644 --- a/testing/btest/core/reporter-parse-error.zeek +++ b/testing/btest/core/reporter-parse-error.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event zeek_init() diff --git a/testing/btest/core/reporter-runtime-error.zeek b/testing/btest/core/reporter-runtime-error.zeek index 9caeddb258..63e0437e26 100644 --- a/testing/btest/core/reporter-runtime-error.zeek +++ b/testing/btest/core/reporter-runtime-error.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global a: table[count] of count; diff --git a/testing/btest/core/reporter-shutdown-order-errors.zeek b/testing/btest/core/reporter-shutdown-order-errors.zeek index 6289d47c96..f1478124b8 100644 --- a/testing/btest/core/reporter-shutdown-order-errors.zeek +++ b/testing/btest/core/reporter-shutdown-order-errors.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: touch reporter.log && chmod -w reporter.log -# @TEST-EXEC: bro %INPUT >out 2>&1 +# @TEST-EXEC: zeek %INPUT >out 2>&1 -# Output doesn't really matter, but we just want to know that Bro shutdowns +# Output doesn't really matter, but we just want to know that Zeek shutdowns # without crashing in such scenarios (reporter log not writable # and also reporter errors being emitting during shutdown). diff --git a/testing/btest/core/reporter-type-mismatch.zeek b/testing/btest/core/reporter-type-mismatch.zeek index 1a375ea84b..0fc8d78f6f 100644 --- a/testing/btest/core/reporter-type-mismatch.zeek +++ b/testing/btest/core/reporter-type-mismatch.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event foo(a: string) diff --git a/testing/btest/core/reporter-weird-sampling-disable.zeek b/testing/btest/core/reporter-weird-sampling-disable.zeek index 014e287dab..63b4503004 100644 --- a/testing/btest/core/reporter-weird-sampling-disable.zeek +++ b/testing/btest/core/reporter-weird-sampling-disable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output redef Weird::sampling_threshold = 1; diff --git a/testing/btest/core/reporter-weird-sampling.zeek b/testing/btest/core/reporter-weird-sampling.zeek index d9d99681c4..c3a83a2c8f 100644 --- a/testing/btest/core/reporter-weird-sampling.zeek +++ b/testing/btest/core/reporter-weird-sampling.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output redef Weird::sampling_duration = 5sec; diff --git a/testing/btest/core/reporter.zeek b/testing/btest/core/reporter.zeek index bc79ca73d8..8591096c2b 100644 --- a/testing/btest/core/reporter.zeek +++ b/testing/btest/core/reporter.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff logger-test.log diff --git a/testing/btest/core/tcp/fin-retransmit.zeek b/testing/btest/core/tcp/fin-retransmit.zeek index 42bf062f5a..a24d253583 100644 --- a/testing/btest/core/tcp/fin-retransmit.zeek +++ b/testing/btest/core/tcp/fin-retransmit.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/fin_retransmission.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/fin_retransmission.pcap %INPUT >out # @TEST-EXEC: btest-diff out event connection_state_remove(c: connection) diff --git a/testing/btest/core/tcp/large-file-reassembly.zeek b/testing/btest/core/tcp/large-file-reassembly.zeek index 655d030d96..ed5d283561 100644 --- a/testing/btest/core/tcp/large-file-reassembly.zeek +++ b/testing/btest/core/tcp/large-file-reassembly.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/bigtransfer.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/ftp/bigtransfer.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff files.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/miss-end-data.zeek b/testing/btest/core/tcp/miss-end-data.zeek index 6cee7577d9..6c802810f1 100644 --- a/testing/btest/core/tcp/miss-end-data.zeek +++ b/testing/btest/core/tcp/miss-end-data.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tcp/miss_end_data.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tcp/miss_end_data.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/missing-syn.zeek b/testing/btest/core/tcp/missing-syn.zeek index f34767eee8..3450941584 100644 --- a/testing/btest/core/tcp/missing-syn.zeek +++ b/testing/btest/core/tcp/missing-syn.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/quantum-insert.zeek b/testing/btest/core/tcp/quantum-insert.zeek index 8b4738c9e1..4e94f488c3 100644 --- a/testing/btest/core/tcp/quantum-insert.zeek +++ b/testing/btest/core/tcp/quantum-insert.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/qi_internet_SYNACK_curl_jsonip.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tcp/qi_internet_SYNACK_curl_jsonip.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # Quantum Insert like attack, overlapping TCP packet with different content diff --git a/testing/btest/core/tcp/rst-after-syn.zeek b/testing/btest/core/tcp/rst-after-syn.zeek index 38976909d7..97075993d9 100644 --- a/testing/btest/core/tcp/rst-after-syn.zeek +++ b/testing/btest/core/tcp/rst-after-syn.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/rst-inject-rae.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tcp/rst-inject-rae.trace %INPUT # @TEST-EXEC: btest-diff .stdout # Mostly just checking that c$resp$size isn't huge due to the injected diff --git a/testing/btest/core/tcp/rxmit-history.zeek b/testing/btest/core/tcp/rxmit-history.zeek index 6413d66041..b63e357633 100644 --- a/testing/btest/core/tcp/rxmit-history.zeek +++ b/testing/btest/core/tcp/rxmit-history.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/retransmit-fast009.trace %INPUT && mv conn.log conn-1.log -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT && mv conn.log conn-2.log +# @TEST-EXEC: zeek -C -r $TRACES/tcp/retransmit-fast009.trace %INPUT && mv conn.log conn-1.log +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT && mv conn.log conn-2.log # @TEST-EXEC: btest-diff conn-1.log # @TEST-EXEC: btest-diff conn-2.log diff --git a/testing/btest/core/tcp/truncated-header.zeek b/testing/btest/core/tcp/truncated-header.zeek index f3ae369b2e..145f415754 100644 --- a/testing/btest/core/tcp/truncated-header.zeek +++ b/testing/btest/core/tcp/truncated-header.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/truncated-header.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/truncated-header.pcap %INPUT >out # @TEST-EXEC: btest-diff out event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string) { - # Just having this handler used to crash Bro on this trace. - print network_time(), c$id; + # Just having this handler used to crash Zeek on this trace. + print network_time(), c$id; } diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test index d819ca1f88..b602f13585 100644 --- a/testing/btest/core/truncation.test +++ b/testing/btest/core/truncation.test @@ -1,43 +1,43 @@ # Truncated IP packet's should not be analyzed, and generate truncated_IP weird -# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip4-trunc.pcap # @TEST-EXEC: mv weird.log output -# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-trunc.pcap # @TEST-EXEC: cat weird.log >> output -# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-ext-trunc.pcap # @TEST-EXEC: cat weird.log >> output # If an ICMP packet's payload is truncated due to too small snaplen, -# the checksum calculation is bypassed (and Bro doesn't crash, of course). +# the checksum calculation is bypassed (and Zeek doesn't crash, of course). # @TEST-EXEC: rm -f weird.log -# @TEST-EXEC: bro -r $TRACES/trunc/icmp-payload-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-payload-trunc.pcap # @TEST-EXEC: test ! -e weird.log # If an ICMP packet has the ICMP header truncated due to too small snaplen, # an internally_truncated_header weird gets generated. -# @TEST-EXEC: bro -r $TRACES/trunc/icmp-header-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-header-trunc.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packets where the captured length is less than the length required # for the packet header should also raise a Weird -# @TEST-EXEC: bro -r $TRACES/trunc/trunc-hdr.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/trunc-hdr.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length -# @TEST-EXEC: bro -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the captured length is big enough for the ip header # struct, but not large enough to capture the full header length (with options) -# @TEST-EXEC: bro -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length inside several tunnels -# @TEST-EXEC: bro -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/tunnels/ayiya.test b/testing/btest/core/tunnels/ayiya.test index 043e06c621..d7a79e6eb2 100644 --- a/testing/btest/core/tunnels/ayiya.test +++ b/testing/btest/core/tunnels/ayiya.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/ayiya3.trace +# @TEST-EXEC: zeek -r $TRACES/tunnels/ayiya3.trace # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/core/tunnels/false-teredo.zeek b/testing/btest/core/tunnels/false-teredo.zeek index 5622e05204..818b543d95 100644 --- a/testing/btest/core/tunnels/false-teredo.zeek +++ b/testing/btest/core/tunnels/false-teredo.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/false-teredo.pcap %INPUT >output # @TEST-EXEC: test ! -e weird.log # @TEST-EXEC: test ! -e dpd.log diff --git a/testing/btest/core/tunnels/gre-in-gre.test b/testing/btest/core/tunnels/gre-in-gre.test index ce85f54dbb..39a7bd774b 100644 --- a/testing/btest/core/tunnels/gre-in-gre.test +++ b/testing/btest/core/tunnels/gre-in-gre.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-within-gre.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-within-gre.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gre-pptp.test b/testing/btest/core/tunnels/gre-pptp.test index a5fa8c0d19..892f105fb2 100644 --- a/testing/btest/core/tunnels/gre-pptp.test +++ b/testing/btest/core/tunnels/gre-pptp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-pptp.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-pptp.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/tunnels/gre.test b/testing/btest/core/tunnels/gre.test index 0ce9a0c8b8..395bcd38bd 100644 --- a/testing/btest/core/tunnels/gre.test +++ b/testing/btest/core/tunnels/gre.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-sample.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-sample.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test index 136853c463..aedd6781dd 100644 --- a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test +++ b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/ext_header.test b/testing/btest/core/tunnels/gtp/ext_header.test index 6316acb184..251d8fb9d6 100644 --- a/testing/btest/core/tunnels/gtp/ext_header.test +++ b/testing/btest/core/tunnels/gtp/ext_header.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out # @TEST-EXEC: btest-diff out event gtpv1_message(c: connection, hdr: gtpv1_hdr) diff --git a/testing/btest/core/tunnels/gtp/false_gtp.test b/testing/btest/core/tunnels/gtp/false_gtp.test index 6e84be7323..b38291c8df 100644 --- a/testing/btest/core/tunnels/gtp/false_gtp.test +++ b/testing/btest/core/tunnels/gtp/false_gtp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp3_false_gtp.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp3_false_gtp.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: test ! -e tunnel.log diff --git a/testing/btest/core/tunnels/gtp/inner_ipv6.test b/testing/btest/core/tunnels/gtp/inner_ipv6.test index 97d8562ecc..865401b9df 100644 --- a/testing/btest/core/tunnels/gtp/inner_ipv6.test +++ b/testing/btest/core/tunnels/gtp/inner_ipv6.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/inner_teredo.test b/testing/btest/core/tunnels/gtp/inner_teredo.test index 9161d31229..b6e83a36c3 100644 --- a/testing/btest/core/tunnels/gtp/inner_teredo.test +++ b/testing/btest/core/tunnels/gtp/inner_teredo.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp8_teredo.pcap "Tunnel::delay_teredo_confirmation=F" +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp8_teredo.pcap "Tunnel::delay_teredo_confirmation=F" # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/non_recursive.test b/testing/btest/core/tunnels/gtp/non_recursive.test index 0b03c0d6ae..6f5e6f3c62 100644 --- a/testing/btest/core/tunnels/gtp/non_recursive.test +++ b/testing/btest/core/tunnels/gtp/non_recursive.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp4_udp_2152_inside.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp4_udp_2152_inside.pcap %INPUT >out # @TEST-EXEC: btest-diff out # In telecoms there is never a GTP tunnel within another GTP tunnel. diff --git a/testing/btest/core/tunnels/gtp/not_user_plane_data.test b/testing/btest/core/tunnels/gtp/not_user_plane_data.test index a6a3333360..4edab5ab44 100644 --- a/testing/btest/core/tunnels/gtp/not_user_plane_data.test +++ b/testing/btest/core/tunnels/gtp/not_user_plane_data.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp10_not_0xff.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp10_not_0xff.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: test ! -e tunnel.log diff --git a/testing/btest/core/tunnels/gtp/opt_header.test b/testing/btest/core/tunnels/gtp/opt_header.test index 32329c7ca8..c1f3d89e03 100644 --- a/testing/btest/core/tunnels/gtp/opt_header.test +++ b/testing/btest/core/tunnels/gtp/opt_header.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/outer_ip_frag.test b/testing/btest/core/tunnels/gtp/outer_ip_frag.test index b2badb9c1b..310c377eed 100644 --- a/testing/btest/core/tunnels/gtp/outer_ip_frag.test +++ b/testing/btest/core/tunnels/gtp/outer_ip_frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp1_gn_normal_incl_fragmentation.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp1_gn_normal_incl_fragmentation.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test index 7405c8d019..06912c1f9d 100644 --- a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test +++ b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp_control_prime.pcap -r $TRACES/tunnels/gtp/gtp_create_pdp_ctx.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_control_prime.pcap -r $TRACES/tunnels/gtp/gtp_create_pdp_ctx.pcap %INPUT >out # @TEST-EXEC: btest-diff out event gtpv1_message(c: connection, hdr: gtpv1_hdr) diff --git a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test index e1b3d4ba20..0fe72b9ad8 100644 --- a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test +++ b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap # @TEST-EXEC: btest-diff dpd.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/ip-in-ip-version.zeek b/testing/btest/core/tunnels/ip-in-ip-version.zeek index 35d633c8fe..49e8a5a3d0 100644 --- a/testing/btest/core/tunnels/ip-in-ip-version.zeek +++ b/testing/btest/core/tunnels/ip-in-ip-version.zeek @@ -1,14 +1,12 @@ # Trace in we have mpls->ip6->ip6->ip4 where the ip4 packet # has an invalid IP version. -# @TEST-EXEC: bro -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap # @TEST-EXEC: mv weird.log output # Trace in which we have mpls->ip6->ip6 where the ip6 packet # has an invalid IP version. -# @TEST-EXEC: bro -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output -@load base/frameworks/notice/weird.bro - diff --git a/testing/btest/core/tunnels/ip-in-ip.test b/testing/btest/core/tunnels/ip-in-ip.test index 38f4610445..f003865b2e 100644 --- a/testing/btest/core/tunnels/ip-in-ip.test +++ b/testing/btest/core/tunnels/ip-in-ip.test @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in4.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/4in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/4in4.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/4in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/4in4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/tunnels/ip-tunnel-uid.test b/testing/btest/core/tunnels/ip-tunnel-uid.test index f86fd126c9..1f50d4baea 100644 --- a/testing/btest/core/tunnels/ip-tunnel-uid.test +++ b/testing/btest/core/tunnels/ip-tunnel-uid.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tunnels/ping6-in-ipv4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/ping6-in-ipv4.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/tunnels/teredo-known-services.test b/testing/btest/core/tunnels/teredo-known-services.test index db42996eb2..dc5aad52fd 100644 --- a/testing/btest/core/tunnels/teredo-known-services.test +++ b/testing/btest/core/tunnels/teredo-known-services.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" +# @TEST-EXEC: zeek -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" # @TEST-EXEC: test ! -e known_services.log # The first case using Tunnel::delay_teredo_confirmation=T doesn't produce diff --git a/testing/btest/core/tunnels/teredo.zeek b/testing/btest/core/tunnels/teredo.zeek index c457decd98..0a884bc027 100644 --- a/testing/btest/core/tunnels/teredo.zeek +++ b/testing/btest/core/tunnels/teredo.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/Teredo.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/Teredo.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tunnels/teredo_bubble_with_payload.test b/testing/btest/core/tunnels/teredo_bubble_with_payload.test index f45d8ca585..ef72ddf519 100644 --- a/testing/btest/core/tunnels/teredo_bubble_with_payload.test +++ b/testing/btest/core/tunnels/teredo_bubble_with_payload.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tunnels/vxlan.zeek b/testing/btest/core/tunnels/vxlan.zeek index 50a7b1a24a..5b1b9defaa 100644 --- a/testing/btest/core/tunnels/vxlan.zeek +++ b/testing/btest/core/tunnels/vxlan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/vxlan.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/vxlan.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/vector-assignment.zeek b/testing/btest/core/vector-assignment.zeek index 9c5cc4e0f6..a66830f713 100644 --- a/testing/btest/core/vector-assignment.zeek +++ b/testing/btest/core/vector-assignment.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # This regression test checks a special case in the vector code. In this case # UnaryExpr will be called with a Type() of any. Tests succeeds if it does not -# crash Bro. +# crash Zeek. type OptionCacheValue: record { val: any; diff --git a/testing/btest/core/vlan-mpls.zeek b/testing/btest/core/vlan-mpls.zeek index b7a7a351cb..9e345b762a 100644 --- a/testing/btest/core/vlan-mpls.zeek +++ b/testing/btest/core/vlan-mpls.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/mixed-vlan-mpls.trace +# @TEST-EXEC: zeek -C -r $TRACES/mixed-vlan-mpls.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/when-interpreter-exceptions.zeek b/testing/btest/core/when-interpreter-exceptions.zeek index 41f2374c2f..1a713fd1af 100644 --- a/testing/btest/core/when-interpreter-exceptions.zeek +++ b/testing/btest/core/when-interpreter-exceptions.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro "bro -b %INPUT >output 2>&1" +# @TEST-EXEC: btest-bg-run zeek "zeek -b %INPUT >output 2>&1" # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-sort" btest-diff bro/output +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-sort" btest-diff zeek/output # interpreter exceptions in "when" blocks shouldn't cause termination diff --git a/testing/btest/core/wlanmon.zeek b/testing/btest/core/wlanmon.zeek index b227baf7eb..e29613ae56 100644 --- a/testing/btest/core/wlanmon.zeek +++ b/testing/btest/core/wlanmon.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/wlanmon.pcap +# @TEST-EXEC: zeek -C -r $TRACES/wlanmon.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/x509-generalizedtime.zeek b/testing/btest/core/x509-generalizedtime.zeek index b69ab31743..14e9edbf24 100644 --- a/testing/btest/core/x509-generalizedtime.zeek +++ b/testing/btest/core/x509-generalizedtime.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) { diff --git a/testing/btest/coverage/bare-load-baseline.test b/testing/btest/coverage/bare-load-baseline.test index 98ce72e4b8..94fdb04b04 100644 --- a/testing/btest/coverage/bare-load-baseline.test +++ b/testing/btest/coverage/bare-load-baseline.test @@ -7,7 +7,7 @@ # prefix to make the test work everywhere. That's what the sed magic # below does. Don't ask. :-) -# @TEST-EXEC: bro -b misc/loaded-scripts +# @TEST-EXEC: zeek -b misc/loaded-scripts # @TEST-EXEC: test -e loaded_scripts.log # @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | awk 'NR>0{print $1}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix # @TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 6f5e6983f6..fa4c15c120 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -1,9 +1,9 @@ -# Makes sure any given bro script in the scripts/ tree can be loaded in +# Makes sure any given zeek script in the scripts/ tree can be loaded in # bare mode without error. # # Commonly, this test may fail if one forgets to @load some base/ scripts -# when writing a new bro scripts. +# when writing a new zeek scripts. # # @TEST-EXEC: test -d $DIST/scripts -# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do bro -b --parse-only $script >>errors 2>&1; done +# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors diff --git a/testing/btest/coverage/broxygen.sh b/testing/btest/coverage/broxygen.sh index 4dd12f27fe..6bc43d9c90 100644 --- a/testing/btest/coverage/broxygen.sh +++ b/testing/btest/coverage/broxygen.sh @@ -1,12 +1,12 @@ # This check piggy-backs on the test-all-policy.zeek test, assuming that every # loadable script is referenced there. The only additional check here is -# that the zeexygen package should even load scripts that are commented -# out in test-all-policy.zeek because the zeexygen package is only loaded +# that the zeekygen package should even load scripts that are commented +# out in test-all-policy.zeek because the zeekygen package is only loaded # when generated documentation and will terminate has soon as zeek_init # is handled, even if a script will e.g. put Zeek into listen mode or otherwise # cause it to not terminate after scripts are parsed. -# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeexygen/__load__.zeek +# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeekygen/__load__.zeek error_count=0 @@ -22,10 +22,10 @@ if [ $# -ne 2 ]; then fi all_loads=$(egrep "#[[:space:]]*@load.*" $1 | sed 's/#[[:space:]]*@load[[:space:]]*//g') -zeexygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') +zeekygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') for f in $all_loads; do - echo "$zeexygen_loads" | grep -q $f || error_msg "$f not loaded in zeexygen/__load__.zeek" + echo "$zeekygen_loads" | grep -q $f || error_msg "$f not loaded in zeekygen/__load__.zeek" done if [ $error_count -gt 0 ]; then diff --git a/testing/btest/coverage/coverage-blacklist.zeek b/testing/btest/coverage/coverage-blacklist.zeek index 30a5f86efa..469a874a69 100644 --- a/testing/btest/coverage/coverage-blacklist.zeek +++ b/testing/btest/coverage/coverage-blacklist.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: BRO_PROFILER_FILE=coverage bro -b %INPUT +# @TEST-EXEC: BRO_PROFILER_FILE=coverage zeek -b %INPUT # @TEST-EXEC: grep %INPUT coverage | sort -k2 >output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/coverage/default-load-baseline.test b/testing/btest/coverage/default-load-baseline.test index 076f26b770..df13444ad7 100644 --- a/testing/btest/coverage/default-load-baseline.test +++ b/testing/btest/coverage/default-load-baseline.test @@ -7,7 +7,7 @@ # prefix to make the test work everywhere. That's what the sed magic # below does. Don't ask. :-) -# @TEST-EXEC: bro misc/loaded-scripts +# @TEST-EXEC: zeek misc/loaded-scripts # @TEST-EXEC: test -e loaded_scripts.log # @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix # @TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix diff --git a/testing/btest/coverage/find-bro-logs.test b/testing/btest/coverage/find-bro-logs.test index ee0e45262b..61d2b13ada 100644 --- a/testing/btest/coverage/find-bro-logs.test +++ b/testing/btest/coverage/find-bro-logs.test @@ -22,7 +22,7 @@ import os, sys scriptdir = sys.argv[1] -# Return a list of all bro script files. +# Return a list of all zeek script files. def find_scripts(): scripts = [] diff --git a/testing/btest/coverage/init-default.test b/testing/btest/coverage/init-default.test index edc0012ef1..f3c1aec31e 100644 --- a/testing/btest/coverage/init-default.test +++ b/testing/btest/coverage/init-default.test @@ -1,16 +1,16 @@ # Makes sure that all base/* scripts are loaded by default via # init-default.zeek; and that all scripts loaded there actually exist. # -# This test will fail if a new bro script is added under the scripts/base/ +# This test will fail if a new zeek script is added under the scripts/base/ # directory and it is not also added as an @load in base/init-default.zeek. -# In some cases, a script in base is loaded based on the bro configuration +# In some cases, a script in base is loaded based on the zeek configuration # (e.g. cluster operation), and in such cases, the missing_loads baseline # can be adjusted to tolerate that. #@TEST-EXEC: test -d $DIST/scripts/base #@TEST-EXEC: test -e $DIST/scripts/base/init-default.zeek #@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.zeek' ) | sort >"all scripts found" -#@TEST-EXEC: bro misc/loaded-scripts +#@TEST-EXEC: zeek misc/loaded-scripts #@TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix #@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.zeek|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp #@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix diff --git a/testing/btest/coverage/sphinx-broxygen-docs.sh b/testing/btest/coverage/sphinx-zeekygen-docs.sh similarity index 85% rename from testing/btest/coverage/sphinx-broxygen-docs.sh rename to testing/btest/coverage/sphinx-zeekygen-docs.sh index d508a8361f..b5e3d7262c 100644 --- a/testing/btest/coverage/sphinx-broxygen-docs.sh +++ b/testing/btest/coverage/sphinx-zeekygen-docs.sh @@ -1,11 +1,11 @@ -# This script checks whether the reST docs generated by zeexygen are stale. +# This script checks whether the reST docs generated by zeekygen are stale. # If this test fails when testing the master branch, then simply run: # -# testing/scripts/gen-zeexygen-docs.sh +# testing/scripts/update-zeekygen-docs.sh # # and then commit the changes. # -# @TEST-EXEC: bash $SCRIPTS/gen-zeexygen-docs.sh ./doc +# @TEST-EXEC: bash $SCRIPTS/update-zeekygen-docs.sh ./doc # @TEST-EXEC: bash %INPUT if [ -n "$TRAVIS_PULL_REQUEST" ]; then @@ -33,7 +33,7 @@ function check_diff echo "If this fails in the master branch or when merging to master," 1>&2 echo "re-run the following command:" 1>&2 echo "" 1>&2 - echo " $SCRIPTS/gen-zeexygen-docs.sh" 1>&2 + echo " $SCRIPTS/update-zeekygen-docs.sh" 1>&2 echo "" 1>&2 echo "Then commit/push the changes in the zeek-docs repo" 1>&2 echo "(the doc/ directory in the zeek repo)." 1>&2 diff --git a/testing/btest/coverage/test-all-policy.test b/testing/btest/coverage/test-all-policy.test index 61e4297f83..46571d967e 100644 --- a/testing/btest/coverage/test-all-policy.test +++ b/testing/btest/coverage/test-all-policy.test @@ -1,9 +1,9 @@ # Makes sure that all policy/* scripts are loaded in # scripts/test-all-policy.zeek and that all scripts loaded there actually exist. # -# This test will fail if new bro scripts are added to the scripts/policy/ +# This test will fail if new zeek scripts are added to the scripts/policy/ # directory. Correcting that just involves updating -# scripts/test-all-policy.zeek to @load the new bro scripts. +# scripts/test-all-policy.zeek to @load the new zeek scripts. @TEST-EXEC: test -e $DIST/scripts/test-all-policy.zeek @TEST-EXEC: test -d $DIST/scripts diff --git a/testing/btest/doc/record-add.zeek b/testing/btest/doc/record-add.zeek index 284ea22959..1c764cae5f 100644 --- a/testing/btest/doc/record-add.zeek +++ b/testing/btest/doc/record-add.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT -# To support documentation of type aliases, Bro clones declared types +# To support documentation of type aliases, Zeek clones declared types # (see add_type() in Var.cc) in order to keep track of type names and aliases. # This test makes sure that the cloning is done in a way that's compatible # with adding fields to a record type -- we want to be sure that cloning diff --git a/testing/btest/doc/record-attr-check.zeek b/testing/btest/doc/record-attr-check.zeek index c7dc74631d..e34b417e57 100644 --- a/testing/btest/doc/record-attr-check.zeek +++ b/testing/btest/doc/record-attr-check.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT type Tag: enum { SOMETHING diff --git a/testing/btest/doc/zeexygen/command_line.zeek b/testing/btest/doc/zeekygen/command_line.zeek similarity index 63% rename from testing/btest/doc/zeexygen/command_line.zeek rename to testing/btest/doc/zeekygen/command_line.zeek index d009667b7e..d8d48e6a44 100644 --- a/testing/btest/doc/zeexygen/command_line.zeek +++ b/testing/btest/doc/zeekygen/command_line.zeek @@ -1,7 +1,7 @@ # Shouldn't emit any warnings about not being able to document something # that's supplied via command line script. -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro %INPUT -e 'redef myvar=10; print myvar' >output 2>&1 +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek %INPUT -e 'redef myvar=10; print myvar' >output 2>&1 # @TEST-EXEC: btest-diff output const myvar = 5 &redef; diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeekygen/comment_retrieval_bifs.zeek similarity index 94% rename from testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek rename to testing/btest/doc/zeekygen/comment_retrieval_bifs.zeek index f3c1be6b14..c3037df891 100644 --- a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek +++ b/testing/btest/doc/zeekygen/comment_retrieval_bifs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b %INPUT >out +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b %INPUT >out # @TEST-EXEC: btest-diff out ##! This is a test script. @@ -17,11 +17,7 @@ global print_lines: function(lines: string, prefix: string &default=""); ## And some more comments on the function implementation. function print_lines(lines: string, prefix: string) { - local v: vector of string; - local line_table = split(lines, /\n/); - - for ( i in line_table ) - v[i] = line_table[i]; + local v = split_string(lines, /\n/); for ( i in v ) print fmt("%s%s", prefix, v[i]); diff --git a/testing/btest/doc/zeexygen/enums.zeek b/testing/btest/doc/zeekygen/enums.zeek similarity index 88% rename from testing/btest/doc/zeexygen/enums.zeek rename to testing/btest/doc/zeekygen/enums.zeek index a385a36a6c..d2141fe28e 100644 --- a/testing/btest/doc/zeexygen/enums.zeek +++ b/testing/btest/doc/zeekygen/enums.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-enums.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier TestEnum* autogen-reST-enums.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/example.zeek b/testing/btest/doc/zeekygen/example.zeek new file mode 100644 index 0000000000..c6aab26555 --- /dev/null +++ b/testing/btest/doc/zeekygen/example.zeek @@ -0,0 +1,8 @@ +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -X zeekygen.config %INPUT +# @TEST-EXEC: btest-diff example.rst + +@TEST-START-FILE zeekygen.config +script zeekygen/example.zeek example.rst +@TEST-END-FILE + +@load zeekygen/example diff --git a/testing/btest/doc/zeexygen/func-params.zeek b/testing/btest/doc/zeekygen/func-params.zeek similarity index 82% rename from testing/btest/doc/zeexygen/func-params.zeek rename to testing/btest/doc/zeekygen/func-params.zeek index 5facba3e05..1363a357dd 100644 --- a/testing/btest/doc/zeexygen/func-params.zeek +++ b/testing/btest/doc/zeekygen/func-params.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-func-params.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier test_func_params* autogen-reST-func-params.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/identifier.zeek b/testing/btest/doc/zeekygen/identifier.zeek new file mode 100644 index 0000000000..eeaf60f04d --- /dev/null +++ b/testing/btest/doc/zeekygen/identifier.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +identifier ZeekygenExample::* test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/package.zeek b/testing/btest/doc/zeekygen/package.zeek new file mode 100644 index 0000000000..9cf86a6749 --- /dev/null +++ b/testing/btest/doc/zeekygen/package.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +package zeekygen test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/package_index.zeek b/testing/btest/doc/zeekygen/package_index.zeek new file mode 100644 index 0000000000..e773d2347d --- /dev/null +++ b/testing/btest/doc/zeekygen/package_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +package_index zeekygen test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeexygen/records.zeek b/testing/btest/doc/zeekygen/records.zeek similarity index 82% rename from testing/btest/doc/zeexygen/records.zeek rename to testing/btest/doc/zeekygen/records.zeek index 0c1f668df9..c43a545b1b 100644 --- a/testing/btest/doc/zeexygen/records.zeek +++ b/testing/btest/doc/zeekygen/records.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-records.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier TestRecord* autogen-reST-records.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/script_index.zeek b/testing/btest/doc/zeekygen/script_index.zeek new file mode 100644 index 0000000000..95b29db781 --- /dev/null +++ b/testing/btest/doc/zeekygen/script_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +script_index zeekygen/* test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/script_summary.zeek b/testing/btest/doc/zeekygen/script_summary.zeek new file mode 100644 index 0000000000..6a8f8b2711 --- /dev/null +++ b/testing/btest/doc/zeekygen/script_summary.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +script_summary zeekygen/example.zeek test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeexygen/type-aliases.zeek b/testing/btest/doc/zeekygen/type-aliases.zeek similarity index 80% rename from testing/btest/doc/zeexygen/type-aliases.zeek rename to testing/btest/doc/zeekygen/type-aliases.zeek index 40a6e24417..54a03a6bd9 100644 --- a/testing/btest/doc/zeexygen/type-aliases.zeek +++ b/testing/btest/doc/zeekygen/type-aliases.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst -@TEST-START-FILE zeexygen.config -identifier ZeexygenTest::* autogen-reST-type-aliases.rst +@TEST-START-FILE zeekygen.config +identifier ZeekygenTest::* autogen-reST-type-aliases.rst @TEST-END-FILE -module ZeexygenTest; +module ZeekygenTest; export { ## This is just an alias for a builtin type ``bool``. diff --git a/testing/btest/doc/zeexygen/vectors.zeek b/testing/btest/doc/zeekygen/vectors.zeek similarity index 81% rename from testing/btest/doc/zeexygen/vectors.zeek rename to testing/btest/doc/zeekygen/vectors.zeek index 8a16a58149..6b9ef21018 100644 --- a/testing/btest/doc/zeexygen/vectors.zeek +++ b/testing/btest/doc/zeekygen/vectors.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-vectors.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier test_vector* autogen-reST-vectors.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/example.zeek b/testing/btest/doc/zeexygen/example.zeek deleted file mode 100644 index 53179dac39..0000000000 --- a/testing/btest/doc/zeexygen/example.zeek +++ /dev/null @@ -1,8 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeexygen.config %INPUT -# @TEST-EXEC: btest-diff example.rst - -@TEST-START-FILE zeexygen.config -script zeexygen/example.zeek example.rst -@TEST-END-FILE - -@load zeexygen/example diff --git a/testing/btest/doc/zeexygen/identifier.zeek b/testing/btest/doc/zeexygen/identifier.zeek deleted file mode 100644 index 38a4f274ad..0000000000 --- a/testing/btest/doc/zeexygen/identifier.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -identifier ZeexygenExample::* test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/package.zeek b/testing/btest/doc/zeexygen/package.zeek deleted file mode 100644 index 7038b5b50a..0000000000 --- a/testing/btest/doc/zeexygen/package.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -package zeexygen test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/package_index.zeek b/testing/btest/doc/zeexygen/package_index.zeek deleted file mode 100644 index 3a0c92ca71..0000000000 --- a/testing/btest/doc/zeexygen/package_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -package_index zeexygen test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_index.zeek b/testing/btest/doc/zeexygen/script_index.zeek deleted file mode 100644 index f92513d632..0000000000 --- a/testing/btest/doc/zeexygen/script_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -script_index zeexygen/* test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_summary.zeek b/testing/btest/doc/zeexygen/script_summary.zeek deleted file mode 100644 index 9378417f08..0000000000 --- a/testing/btest/doc/zeexygen/script_summary.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -script_summary zeexygen/example.zeek test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/language/addr.zeek b/testing/btest/language/addr.zeek index 8829c20da2..dff331c3fd 100644 --- a/testing/btest/language/addr.zeek +++ b/testing/btest/language/addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/any.zeek b/testing/btest/language/any.zeek index 32daa36903..aebab284c2 100644 --- a/testing/btest/language/any.zeek +++ b/testing/btest/language/any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-deprecated.zeek b/testing/btest/language/at-deprecated.zeek index 271a918e5e..a035f6d24e 100644 --- a/testing/btest/language/at-deprecated.zeek +++ b/testing/btest/language/at-deprecated.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b foo +# @TEST-EXEC: zeek -b foo # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr @TEST-START-FILE foo.zeek diff --git a/testing/btest/language/at-dir.zeek b/testing/btest/language/at-dir.zeek index a366285a5b..35f8894caf 100644 --- a/testing/btest/language/at-dir.zeek +++ b/testing/btest/language/at-dir.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -# @TEST-EXEC: bro -b ./pathtest.zeek >out2 +# @TEST-EXEC: zeek -b ./pathtest.zeek >out2 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out2 print @DIR; diff --git a/testing/btest/language/at-filename.zeek b/testing/btest/language/at-filename.zeek index 83e4e968f3..aa8b924b7e 100644 --- a/testing/btest/language/at-filename.zeek +++ b/testing/btest/language/at-filename.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print @FILENAME; diff --git a/testing/btest/language/at-if-event.zeek b/testing/btest/language/at-if-event.zeek index 2ac757810d..bd6112f369 100644 --- a/testing/btest/language/at-if-event.zeek +++ b/testing/btest/language/at-if-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # Check if @if can be used to alternative function/event definitions diff --git a/testing/btest/language/at-if-invalid.zeek b/testing/btest/language/at-if-invalid.zeek index e2e5e2c699..8657e3affb 100644 --- a/testing/btest/language/at-if-invalid.zeek +++ b/testing/btest/language/at-if-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function foo(c: count): bool diff --git a/testing/btest/language/at-if.zeek b/testing/btest/language/at-if.zeek index 1aba7b9ded..e6d7f58cae 100644 --- a/testing/btest/language/at-if.zeek +++ b/testing/btest/language/at-if.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-ifdef.zeek b/testing/btest/language/at-ifdef.zeek index ebc59f7056..cbc26b5cfa 100644 --- a/testing/btest/language/at-ifdef.zeek +++ b/testing/btest/language/at-ifdef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-ifndef.zeek b/testing/btest/language/at-ifndef.zeek index 6e4df4dd86..069b51bddc 100644 --- a/testing/btest/language/at-ifndef.zeek +++ b/testing/btest/language/at-ifndef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-load.zeek b/testing/btest/language/at-load.zeek index ae14eba436..45df73b05c 100644 --- a/testing/btest/language/at-load.zeek +++ b/testing/btest/language/at-load.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # In this script, we try to access each object defined in a "@load"ed script @@ -18,7 +18,7 @@ event zeek_init() # In this script, we define some objects to be used in another script -# Note: this script is not listed on the bro command-line (instead, it +# Note: this script is not listed on the zeek command-line (instead, it # is "@load"ed from the other script) global test_case: function(msg: string, expect: bool); diff --git a/testing/btest/language/attr-default-coercion.zeek b/testing/btest/language/attr-default-coercion.zeek index 8304169cfb..01adee04e4 100644 --- a/testing/btest/language/attr-default-coercion.zeek +++ b/testing/btest/language/attr-default-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type my_table: table[string] of double; diff --git a/testing/btest/language/attr-default-global-set-error.zeek b/testing/btest/language/attr-default-global-set-error.zeek index 8ee80bccb2..515c71fc24 100644 --- a/testing/btest/language/attr-default-global-set-error.zeek +++ b/testing/btest/language/attr-default-global-set-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global ss: set[string] &default=0; diff --git a/testing/btest/language/bool.zeek b/testing/btest/language/bool.zeek index be54a442d9..e19f5a3714 100644 --- a/testing/btest/language/bool.zeek +++ b/testing/btest/language/bool.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/common-mistakes.zeek b/testing/btest/language/common-mistakes.zeek index 4e9e017fda..b829b5315b 100644 --- a/testing/btest/language/common-mistakes.zeek +++ b/testing/btest/language/common-mistakes.zeek @@ -2,13 +2,13 @@ # handled internally by way of throwing an exception to unwind out # of the current event handler body. -# @TEST-EXEC: bro -b 1.zeek >1.out 2>&1 +# @TEST-EXEC: zeek -b 1.zeek >1.out 2>&1 # @TEST-EXEC: btest-diff 1.out -# @TEST-EXEC: bro -b 2.zeek >2.out 2>&1 +# @TEST-EXEC: zeek -b 2.zeek >2.out 2>&1 # @TEST-EXEC: btest-diff 2.out -# @TEST-EXEC: bro -b 3.zeek >3.out 2>&1 +# @TEST-EXEC: zeek -b 3.zeek >3.out 2>&1 # @TEST-EXEC: btest-diff 3.out @TEST-START-FILE 1.zeek diff --git a/testing/btest/language/conditional-expression.zeek b/testing/btest/language/conditional-expression.zeek index 4938b87b4d..43c5d12a83 100644 --- a/testing/btest/language/conditional-expression.zeek +++ b/testing/btest/language/conditional-expression.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/const.zeek b/testing/btest/language/const.zeek index 6d7b3fe527..38aada2029 100644 --- a/testing/btest/language/const.zeek +++ b/testing/btest/language/const.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -b valid.zeek 2>valid.stderr 1>valid.stdout +# @TEST-EXEC: zeek -b valid.zeek 2>valid.stderr 1>valid.stdout # @TEST-EXEC: btest-diff valid.stderr # @TEST-EXEC: btest-diff valid.stdout -# @TEST-EXEC-FAIL: bro -b invalid.zeek 2>invalid.stderr 1>invalid.stdout +# @TEST-EXEC-FAIL: zeek -b invalid.zeek 2>invalid.stderr 1>invalid.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.stderr # @TEST-EXEC: btest-diff invalid.stdout diff --git a/testing/btest/language/container-ctor-scope.zeek b/testing/btest/language/container-ctor-scope.zeek index fd1939a459..f4f2da92ac 100644 --- a/testing/btest/language/container-ctor-scope.zeek +++ b/testing/btest/language/container-ctor-scope.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # All various container contructors should work at both global and local scope. diff --git a/testing/btest/language/copy.zeek b/testing/btest/language/copy.zeek index e3d6b80d5b..9ac1e577ea 100644 --- a/testing/btest/language/copy.zeek +++ b/testing/btest/language/copy.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/count.zeek b/testing/btest/language/count.zeek index 6e5dca8bc2..a2d3fb0cc2 100644 --- a/testing/btest/language/count.zeek +++ b/testing/btest/language/count.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/cross-product-init.zeek b/testing/btest/language/cross-product-init.zeek index 8cb9c48367..f5027cfd3c 100644 --- a/testing/btest/language/cross-product-init.zeek +++ b/testing/btest/language/cross-product-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output global my_subs = { 1.2.3.4/19, 5.6.7.8/21 }; diff --git a/testing/btest/language/default-params.zeek b/testing/btest/language/default-params.zeek index c11adbf3b5..c07bdee207 100644 --- a/testing/btest/language/default-params.zeek +++ b/testing/btest/language/default-params.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out ### functions diff --git a/testing/btest/language/delete-field-set.zeek b/testing/btest/language/delete-field-set.zeek index 1f1c5b0c27..8f1482c6c2 100644 --- a/testing/btest/language/delete-field-set.zeek +++ b/testing/btest/language/delete-field-set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type FooBar: record { diff --git a/testing/btest/language/delete-field.zeek b/testing/btest/language/delete-field.zeek index 99136ff2b9..0e5d4e3809 100644 --- a/testing/btest/language/delete-field.zeek +++ b/testing/btest/language/delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/deprecated.zeek b/testing/btest/language/deprecated.zeek index 9ac6996145..6e10d7d744 100644 --- a/testing/btest/language/deprecated.zeek +++ b/testing/btest/language/deprecated.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type blah: string &deprecated; diff --git a/testing/btest/language/double.zeek b/testing/btest/language/double.zeek index f1338ca16d..56ce711da2 100644 --- a/testing/btest/language/double.zeek +++ b/testing/btest/language/double.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/enum-desc.zeek b/testing/btest/language/enum-desc.zeek index 86466e2fc2..c296b76a13 100644 --- a/testing/btest/language/enum-desc.zeek +++ b/testing/btest/language/enum-desc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type test_enum1: enum { ONE }; diff --git a/testing/btest/language/enum-scope.zeek b/testing/btest/language/enum-scope.zeek index 82e7c7fd7c..8c2e20c9b2 100644 --- a/testing/btest/language/enum-scope.zeek +++ b/testing/btest/language/enum-scope.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type foo: enum { a, b } &redef; diff --git a/testing/btest/language/enum.zeek b/testing/btest/language/enum.zeek index c4aa2d71a1..71c354971f 100644 --- a/testing/btest/language/enum.zeek +++ b/testing/btest/language/enum.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/eof-parse-errors.zeek b/testing/btest/language/eof-parse-errors.zeek index 3b6ba8faf5..54fe96df19 100644 --- a/testing/btest/language/eof-parse-errors.zeek +++ b/testing/btest/language/eof-parse-errors.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC-FAIL: bro -b a.zeek >output1 2>&1 -# @TEST-EXEC-FAIL: bro -b a.zeek b.zeek >output2 2>&1 +# @TEST-EXEC-FAIL: zeek -b a.zeek >output1 2>&1 +# @TEST-EXEC-FAIL: zeek -b a.zeek b.zeek >output2 2>&1 # @TEST-EXEC: btest-diff output1 # @TEST-EXEC: btest-diff output2 diff --git a/testing/btest/language/event-local-var.zeek b/testing/btest/language/event-local-var.zeek index 337cd37bac..4d7364cc39 100644 --- a/testing/btest/language/event-local-var.zeek +++ b/testing/btest/language/event-local-var.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT 2> out +# @TEST-EXEC-FAIL: zeek -b %INPUT 2> out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out diff --git a/testing/btest/language/event.zeek b/testing/btest/language/event.zeek index 664bff49ef..39bb36c192 100644 --- a/testing/btest/language/event.zeek +++ b/testing/btest/language/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/expire-expr-error.zeek b/testing/btest/language/expire-expr-error.zeek index b2ac4d7c55..5e6f0b4e6f 100644 --- a/testing/btest/language/expire-expr-error.zeek +++ b/testing/btest/language/expire-expr-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cp .stderr output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/language/expire-func-undef.zeek b/testing/btest/language/expire-func-undef.zeek index 2da735a9be..9198edc6c4 100644 --- a/testing/btest/language/expire-func-undef.zeek +++ b/testing/btest/language/expire-func-undef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rotation.trace -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -r $TRACES/rotation.trace -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output module segfault; diff --git a/testing/btest/language/expire-redef.zeek b/testing/btest/language/expire-redef.zeek index 552e26cce0..3958ef8342 100644 --- a/testing/btest/language/expire-redef.zeek +++ b/testing/btest/language/expire-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output redef exit_only_after_terminate = T; diff --git a/testing/btest/language/expire-type-error.zeek b/testing/btest/language/expire-type-error.zeek index d6d807e22f..2424ca0394 100644 --- a/testing/btest/language/expire-type-error.zeek +++ b/testing/btest/language/expire-type-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global data: table[int] of string &write_expire="kaputt"; diff --git a/testing/btest/language/expire_func.test b/testing/btest/language/expire_func.test index c66a901a4f..016ebe9d88 100644 --- a/testing/btest/language/expire_func.test +++ b/testing/btest/language/expire_func.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output function inform_me(s: set[string], idx: string): interval diff --git a/testing/btest/language/expire_func_mod.zeek b/testing/btest/language/expire_func_mod.zeek index 8b14dad74c..4e64edc968 100644 --- a/testing/btest/language/expire_func_mod.zeek +++ b/testing/btest/language/expire_func_mod.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out module Test; diff --git a/testing/btest/language/expire_multiple.test b/testing/btest/language/expire_multiple.test index 1e4aaa0975..38c552a0e1 100644 --- a/testing/btest/language/expire_multiple.test +++ b/testing/btest/language/expire_multiple.test @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global s: set[string] &create_expire=1secs &read_expire=1secs; diff --git a/testing/btest/language/expire_subnet.test b/testing/btest/language/expire_subnet.test index f0bf388ad0..9b95f39763 100644 --- a/testing/btest/language/expire_subnet.test +++ b/testing/btest/language/expire_subnet.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output redef table_expire_interval = 1sec; diff --git a/testing/btest/language/file.zeek b/testing/btest/language/file.zeek index 80d10a4d1f..a3691b87da 100644 --- a/testing/btest/language/file.zeek +++ b/testing/btest/language/file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/language/for.zeek b/testing/btest/language/for.zeek index acf9612927..6918e78818 100644 --- a/testing/btest/language/for.zeek +++ b/testing/btest/language/for.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) @@ -53,5 +53,5 @@ event zeek_init() test_case("keys that are tuples", s1 == "1 2 hi"); - # Tests for key value for loop are in key-value-for.bro + # Note: Tests for key value "for" loop are in key-value-for.zeek } diff --git a/testing/btest/language/func-assignment.zeek b/testing/btest/language/func-assignment.zeek index 724eac38ae..febf57e61c 100644 --- a/testing/btest/language/func-assignment.zeek +++ b/testing/btest/language/func-assignment.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function double_string(s: string): string diff --git a/testing/btest/language/function.zeek b/testing/btest/language/function.zeek index db2ac675b0..ff967b897f 100644 --- a/testing/btest/language/function.zeek +++ b/testing/btest/language/function.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/hook.zeek b/testing/btest/language/hook.zeek index c14e153577..01b43e5807 100644 --- a/testing/btest/language/hook.zeek +++ b/testing/btest/language/hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type rec: record { diff --git a/testing/btest/language/hook_calls.zeek b/testing/btest/language/hook_calls.zeek index d465510a34..eee92f1e2a 100644 --- a/testing/btest/language/hook_calls.zeek +++ b/testing/btest/language/hook_calls.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b valid.zeek >valid.out +# @TEST-EXEC: zeek -b valid.zeek >valid.out # @TEST-EXEC: btest-diff valid.out -# @TEST-EXEC-FAIL: bro -b invalid.zeek > invalid.out 2>&1 +# @TEST-EXEC-FAIL: zeek -b invalid.zeek > invalid.out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.out # hook functions must be called using the "hook" keyword as an operator... diff --git a/testing/btest/language/if.zeek b/testing/btest/language/if.zeek index 9f3be4dd1b..1f6f1116e1 100644 --- a/testing/btest/language/if.zeek +++ b/testing/btest/language/if.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/incr-vec-expr.test b/testing/btest/language/incr-vec-expr.test index c9945061a2..1bd3e54129 100644 --- a/testing/btest/language/incr-vec-expr.test +++ b/testing/btest/language/incr-vec-expr.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type rec: record { diff --git a/testing/btest/language/index-assignment-invalid.zeek b/testing/btest/language/index-assignment-invalid.zeek index 662b73ff91..a42c81320b 100644 --- a/testing/btest/language/index-assignment-invalid.zeek +++ b/testing/btest/language/index-assignment-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: grep "error" output >output2 # @TEST-EXEC: for i in 1 2 3 4 5; do cat output2 | cut -d'|' -f$i >>out; done # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out diff --git a/testing/btest/language/init-in-anon-function.zeek b/testing/btest/language/init-in-anon-function.zeek index 4da70dd2f4..f5808c1d99 100644 --- a/testing/btest/language/init-in-anon-function.zeek +++ b/testing/btest/language/init-in-anon-function.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r ${TRACES}/wikipedia.trace %INPUT >out +# @TEST-EXEC: zeek -r ${TRACES}/wikipedia.trace %INPUT >out # @TEST-EXEC: btest-diff http.log module Foo; diff --git a/testing/btest/language/int.zeek b/testing/btest/language/int.zeek index d4314c8367..c9344dd007 100644 --- a/testing/btest/language/int.zeek +++ b/testing/btest/language/int.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/interval.zeek b/testing/btest/language/interval.zeek index c8b975e637..994eb4c769 100644 --- a/testing/btest/language/interval.zeek +++ b/testing/btest/language/interval.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/invalid_index.zeek b/testing/btest/language/invalid_index.zeek index 399865ba23..80f294c68b 100644 --- a/testing/btest/language/invalid_index.zeek +++ b/testing/btest/language/invalid_index.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global foo: vector of count = { 42 }; diff --git a/testing/btest/language/ipv6-literals.zeek b/testing/btest/language/ipv6-literals.zeek index bf888b29e1..e64185d92a 100644 --- a/testing/btest/language/ipv6-literals.zeek +++ b/testing/btest/language/ipv6-literals.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output local v: vector of addr = vector(); diff --git a/testing/btest/language/key-value-for.zeek b/testing/btest/language/key-value-for.zeek index 396c1d0bab..6d3dfc5f7f 100644 --- a/testing/btest/language/key-value-for.zeek +++ b/testing/btest/language/key-value-for.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/module.zeek b/testing/btest/language/module.zeek index 7f2512741f..e714ff22c2 100644 --- a/testing/btest/language/module.zeek +++ b/testing/btest/language/module.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT secondtestfile >out +# @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out # In this source file, we define a module and export some objects diff --git a/testing/btest/language/named-record-ctors.zeek b/testing/btest/language/named-record-ctors.zeek index 40a79d86b3..af2b175266 100644 --- a/testing/btest/language/named-record-ctors.zeek +++ b/testing/btest/language/named-record-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out @load frameworks/software/vulnerable diff --git a/testing/btest/language/named-set-ctors.zeek b/testing/btest/language/named-set-ctors.zeek index 083937c42e..707c8f6fe5 100644 --- a/testing/btest/language/named-set-ctors.zeek +++ b/testing/btest/language/named-set-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/named-table-ctors.zeek b/testing/btest/language/named-table-ctors.zeek index 45d0974832..957ea351da 100644 --- a/testing/btest/language/named-table-ctors.zeek +++ b/testing/btest/language/named-table-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/named-vector-ctors.zeek b/testing/btest/language/named-vector-ctors.zeek index 1e0e1e9e55..775422810b 100644 --- a/testing/btest/language/named-vector-ctors.zeek +++ b/testing/btest/language/named-vector-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/nested-sets.zeek b/testing/btest/language/nested-sets.zeek index e33e1ac842..8c4f987075 100644 --- a/testing/btest/language/nested-sets.zeek +++ b/testing/btest/language/nested-sets.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: for i in `seq 21`; do echo 0 >> random.seed; done -# @TEST-EXEC: test `bro -b -G random.seed %INPUT` = "pass" +# @TEST-EXEC: test `zeek -b -G random.seed %INPUT` = "pass" type r: record { b: set[count]; diff --git a/testing/btest/language/next-test.zeek b/testing/btest/language/next-test.zeek index 83523dd59b..3746c4cb09 100644 --- a/testing/btest/language/next-test.zeek +++ b/testing/btest/language/next-test.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # This script tests "next" being called during the last iteration of a diff --git a/testing/btest/language/no-module.zeek b/testing/btest/language/no-module.zeek index 4d1372f10c..f78c9da6c0 100644 --- a/testing/btest/language/no-module.zeek +++ b/testing/btest/language/no-module.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b %INPUT secondtestfile >out +# @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out -# This is the same test as "module.bro", but here we omit the module definition +# This is the same test as "module.zeek", but here we omit the module definition global num: count = 123; diff --git a/testing/btest/language/null-statement.zeek b/testing/btest/language/null-statement.zeek index 69861ce96e..72ceedf293 100644 --- a/testing/btest/language/null-statement.zeek +++ b/testing/btest/language/null-statement.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/outer_param_binding.zeek b/testing/btest/language/outer_param_binding.zeek index a197cb87fb..d3587a7cce 100644 --- a/testing/btest/language/outer_param_binding.zeek +++ b/testing/btest/language/outer_param_binding.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type Foo: record { diff --git a/testing/btest/language/pattern.zeek b/testing/btest/language/pattern.zeek index ae9cb15bf7..05a84e713c 100644 --- a/testing/btest/language/pattern.zeek +++ b/testing/btest/language/pattern.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/port.zeek b/testing/btest/language/port.zeek index 81d7704c14..03a6617eed 100644 --- a/testing/btest/language/port.zeek +++ b/testing/btest/language/port.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/precedence.zeek b/testing/btest/language/precedence.zeek index 9d74c67262..1af4bb6569 100644 --- a/testing/btest/language/precedence.zeek +++ b/testing/btest/language/precedence.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } # This is an incomplete set of tests to demonstrate the order of precedence -# of bro script operators +# of zeek script operators event zeek_init() { diff --git a/testing/btest/language/raw_output_attr.test b/testing/btest/language/raw_output_attr.test index 3af94dc727..ccf616405e 100644 --- a/testing/btest/language/raw_output_attr.test +++ b/testing/btest/language/raw_output_attr.test @@ -1,7 +1,7 @@ # Files with the &raw_output attribute shouldn't interpret NUL characters # in strings that are `print`ed to it. -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: tr '\000' 'X' output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cmp myfile hookfile diff --git a/testing/btest/language/rec-comp-init.zeek b/testing/btest/language/rec-comp-init.zeek index c65ef69097..022f9fd50e 100644 --- a/testing/btest/language/rec-comp-init.zeek +++ b/testing/btest/language/rec-comp-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Make sure composit types in records are initialized. diff --git a/testing/btest/language/rec-nested-opt.zeek b/testing/btest/language/rec-nested-opt.zeek index 3b4a478f6b..be03a4532c 100644 --- a/testing/btest/language/rec-nested-opt.zeek +++ b/testing/btest/language/rec-nested-opt.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type Version: record { diff --git a/testing/btest/language/rec-of-tbl.zeek b/testing/btest/language/rec-of-tbl.zeek index 8d2c9ab0e0..6285680c47 100644 --- a/testing/btest/language/rec-of-tbl.zeek +++ b/testing/btest/language/rec-of-tbl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type x: record { diff --git a/testing/btest/language/rec-table-default.zeek b/testing/btest/language/rec-table-default.zeek index 27e0043dc3..3f14e3ab59 100644 --- a/testing/btest/language/rec-table-default.zeek +++ b/testing/btest/language/rec-table-default.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/record-bad-ctor.zeek b/testing/btest/language/record-bad-ctor.zeek index 6b7ae4ff19..40bafa47de 100644 --- a/testing/btest/language/record-bad-ctor.zeek +++ b/testing/btest/language/record-bad-ctor.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -# At least shouldn't crash Bro, just report the invalid record ctor. +# At least shouldn't crash Zeek, just report the invalid record ctor. global asdfasdf; const blah = [$ports=asdfasdf]; diff --git a/testing/btest/language/record-bad-ctor2.zeek b/testing/btest/language/record-bad-ctor2.zeek index 7941c38860..02f4f472d6 100644 --- a/testing/btest/language/record-bad-ctor2.zeek +++ b/testing/btest/language/record-bad-ctor2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # Record ctor's expression list shouldn't accept "expressions that diff --git a/testing/btest/language/record-ceorce-orphan.zeek b/testing/btest/language/record-ceorce-orphan.zeek index d72f447a12..8279da4afb 100644 --- a/testing/btest/language/record-ceorce-orphan.zeek +++ b/testing/btest/language/record-ceorce-orphan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type myrec: record { diff --git a/testing/btest/language/record-coerce-clash.zeek b/testing/btest/language/record-coerce-clash.zeek index 5dab9ded8a..3b4dcb393e 100644 --- a/testing/btest/language/record-coerce-clash.zeek +++ b/testing/btest/language/record-coerce-clash.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # Record coercion attempt should report mismatched field types. global wrong = "80/tcp"; diff --git a/testing/btest/language/record-default-coercion.zeek b/testing/btest/language/record-default-coercion.zeek index 9d8babf571..83e48044a3 100644 --- a/testing/btest/language/record-default-coercion.zeek +++ b/testing/btest/language/record-default-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRecord: record { diff --git a/testing/btest/language/record-default-set-mismatch.zeek b/testing/btest/language/record-default-set-mismatch.zeek index fcf10c1281..8de2459ebd 100644 --- a/testing/btest/language/record-default-set-mismatch.zeek +++ b/testing/btest/language/record-default-set-mismatch.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT 2>out +# @TEST-EXEC-FAIL: zeek -b %INPUT 2>out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type Foo: record { diff --git a/testing/btest/language/record-extension.zeek b/testing/btest/language/record-extension.zeek index 02b4c3bbe7..6dbf2be290 100644 --- a/testing/btest/language/record-extension.zeek +++ b/testing/btest/language/record-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Foo: record { diff --git a/testing/btest/language/record-function-recursion.zeek b/testing/btest/language/record-function-recursion.zeek index d6a1587962..e5168a6e3e 100644 --- a/testing/btest/language/record-function-recursion.zeek +++ b/testing/btest/language/record-function-recursion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT 2>&1 >out +# @TEST-EXEC: zeek -b %INPUT 2>&1 >out # @TEST-EXEC: btest-diff out type Outer: record { diff --git a/testing/btest/language/record-index-complex-fields.zeek b/testing/btest/language/record-index-complex-fields.zeek index ae45648728..eedf777ff6 100644 --- a/testing/btest/language/record-index-complex-fields.zeek +++ b/testing/btest/language/record-index-complex-fields.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # This test checks whether records with complex fields (tables, sets, vectors) diff --git a/testing/btest/language/record-recursive-coercion.zeek b/testing/btest/language/record-recursive-coercion.zeek index 4d17c0dee3..614bd3d92c 100644 --- a/testing/btest/language/record-recursive-coercion.zeek +++ b/testing/btest/language/record-recursive-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Version: record { diff --git a/testing/btest/language/record-redef-after-init.zeek b/testing/btest/language/record-redef-after-init.zeek index 693d8bac76..2ec28c1367 100644 --- a/testing/btest/language/record-redef-after-init.zeek +++ b/testing/btest/language/record-redef-after-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type myrec: record { diff --git a/testing/btest/language/record-ref-assign.zeek b/testing/btest/language/record-ref-assign.zeek index a9539ab716..993d7223e3 100644 --- a/testing/btest/language/record-ref-assign.zeek +++ b/testing/btest/language/record-ref-assign.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type State: record { diff --git a/testing/btest/language/record-type-checking.zeek b/testing/btest/language/record-type-checking.zeek index 5e50a4d8bc..b341414564 100644 --- a/testing/btest/language/record-type-checking.zeek +++ b/testing/btest/language/record-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyRec: record { diff --git a/testing/btest/language/redef-same-prefixtable-idx.zeek b/testing/btest/language/redef-same-prefixtable-idx.zeek index e0e16060f4..c96af48f3e 100644 --- a/testing/btest/language/redef-same-prefixtable-idx.zeek +++ b/testing/btest/language/redef-same-prefixtable-idx.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out const my_table: table[subnet] of subnet &redef; diff --git a/testing/btest/language/redef-vector.zeek b/testing/btest/language/redef-vector.zeek index 26dc2109ba..bf35467424 100644 --- a/testing/btest/language/redef-vector.zeek +++ b/testing/btest/language/redef-vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out const foo: vector of string &redef; diff --git a/testing/btest/language/returnwhen.zeek b/testing/btest/language/returnwhen.zeek index c3d5f17661..8eddd4a30b 100644 --- a/testing/btest/language/returnwhen.zeek +++ b/testing/btest/language/returnwhen.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout redef exit_only_after_terminate = T; diff --git a/testing/btest/language/set-opt-record-index.zeek b/testing/btest/language/set-opt-record-index.zeek index f22c144595..0015c20621 100644 --- a/testing/btest/language/set-opt-record-index.zeek +++ b/testing/btest/language/set-opt-record-index.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Make sure a set can be indexed with a record that has optional fields diff --git a/testing/btest/language/set-type-checking.zeek b/testing/btest/language/set-type-checking.zeek index 3518b8a02d..49674ce870 100644 --- a/testing/btest/language/set-type-checking.zeek +++ b/testing/btest/language/set-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MySet: set[port]; diff --git a/testing/btest/language/set.zeek b/testing/btest/language/set.zeek index 53cf400795..1c3ab85ef2 100644 --- a/testing/btest/language/set.zeek +++ b/testing/btest/language/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/short-circuit.zeek b/testing/btest/language/short-circuit.zeek index 70928f6441..45d1046ab3 100644 --- a/testing/btest/language/short-circuit.zeek +++ b/testing/btest/language/short-circuit.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/sizeof.zeek b/testing/btest/language/sizeof.zeek index 396984780a..fc510afb70 100644 --- a/testing/btest/language/sizeof.zeek +++ b/testing/btest/language/sizeof.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Demo policy for the sizeof operator "|x|". diff --git a/testing/btest/language/smith-waterman-test.zeek b/testing/btest/language/smith-waterman-test.zeek index 2113d88e24..1eff86ef83 100644 --- a/testing/btest/language/smith-waterman-test.zeek +++ b/testing/btest/language/smith-waterman-test.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output global params: sw_params = [ $min_strlen = 2, $sw_variant = 0 ]; diff --git a/testing/btest/language/string-indexing.zeek b/testing/btest/language/string-indexing.zeek index e109eeba80..6cce3ab713 100644 --- a/testing/btest/language/string-indexing.zeek +++ b/testing/btest/language/string-indexing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out local word = "HelpA"; diff --git a/testing/btest/language/string.zeek b/testing/btest/language/string.zeek index 936ac3e493..8f9350a16d 100644 --- a/testing/btest/language/string.zeek +++ b/testing/btest/language/string.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/strings.zeek b/testing/btest/language/strings.zeek index 992fb2c5b3..a5d8cbf69b 100644 --- a/testing/btest/language/strings.zeek +++ b/testing/btest/language/strings.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Demo policy for string functions diff --git a/testing/btest/language/subnet-errors.zeek b/testing/btest/language/subnet-errors.zeek index 499a6fb552..875817c433 100644 --- a/testing/btest/language/subnet-errors.zeek +++ b/testing/btest/language/subnet-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/language/subnet.zeek b/testing/btest/language/subnet.zeek index 32cf11701e..db61460df9 100644 --- a/testing/btest/language/subnet.zeek +++ b/testing/btest/language/subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/switch-error-mixed.zeek b/testing/btest/language/switch-error-mixed.zeek index 78c7a2091f..4eb68f38d7 100644 --- a/testing/btest/language/switch-error-mixed.zeek +++ b/testing/btest/language/switch-error-mixed.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: count): string diff --git a/testing/btest/language/switch-incomplete.zeek b/testing/btest/language/switch-incomplete.zeek index dedf529ccb..62f55f63d2 100644 --- a/testing/btest/language/switch-incomplete.zeek +++ b/testing/btest/language/switch-incomplete.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/language/switch-statement.zeek b/testing/btest/language/switch-statement.zeek index 1035cb4b2e..2f4bf56118 100644 --- a/testing/btest/language/switch-statement.zeek +++ b/testing/btest/language/switch-statement.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyEnum: enum { diff --git a/testing/btest/language/switch-types-error-duplicate.zeek b/testing/btest/language/switch-types-error-duplicate.zeek index 846d228be3..3b40e2fcfe 100644 --- a/testing/btest/language/switch-types-error-duplicate.zeek +++ b/testing/btest/language/switch-types-error-duplicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: any): string diff --git a/testing/btest/language/switch-types-error-unsupported.zeek b/testing/btest/language/switch-types-error-unsupported.zeek index d8b8d039df..3045336f22 100644 --- a/testing/btest/language/switch-types-error-unsupported.zeek +++ b/testing/btest/language/switch-types-error-unsupported.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: string): string diff --git a/testing/btest/language/switch-types-vars.zeek b/testing/btest/language/switch-types-vars.zeek index 3e33e1c17f..c92a16e5e6 100644 --- a/testing/btest/language/switch-types-vars.zeek +++ b/testing/btest/language/switch-types-vars.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function switch_one(v: any) diff --git a/testing/btest/language/switch-types.zeek b/testing/btest/language/switch-types.zeek index 2ebddea6f0..031a311774 100644 --- a/testing/btest/language/switch-types.zeek +++ b/testing/btest/language/switch-types.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function switch_one(v: any): string diff --git a/testing/btest/language/table-default-record.zeek b/testing/btest/language/table-default-record.zeek index 3894f3ac09..c7f561d19f 100644 --- a/testing/btest/language/table-default-record.zeek +++ b/testing/btest/language/table-default-record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type Foo: record { diff --git a/testing/btest/language/table-init-attrs.zeek b/testing/btest/language/table-init-attrs.zeek index 9d3403642a..5f1e742479 100644 --- a/testing/btest/language/table-init-attrs.zeek +++ b/testing/btest/language/table-init-attrs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # set()/table() constructors are allowed to have attributes. When initializing diff --git a/testing/btest/language/table-init-container-ctors.zeek b/testing/btest/language/table-init-container-ctors.zeek index 1f9e18d848..6302ca83e1 100644 --- a/testing/btest/language/table-init-container-ctors.zeek +++ b/testing/btest/language/table-init-container-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # The various container constructor expressions should work in table diff --git a/testing/btest/language/table-init-record-idx.zeek b/testing/btest/language/table-init-record-idx.zeek index db9716dc42..e3c1c4823c 100644 --- a/testing/btest/language/table-init-record-idx.zeek +++ b/testing/btest/language/table-init-record-idx.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # Record constructors should work in table initializers diff --git a/testing/btest/language/table-init.zeek b/testing/btest/language/table-init.zeek index cc94589974..0a2514e0b9 100644 --- a/testing/btest/language/table-init.zeek +++ b/testing/btest/language/table-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global global_table: table[count] of string = { diff --git a/testing/btest/language/table-redef.zeek b/testing/btest/language/table-redef.zeek index 290610499f..51c4360044 100644 --- a/testing/btest/language/table-redef.zeek +++ b/testing/btest/language/table-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out const foo: table[string] of double &redef; diff --git a/testing/btest/language/table-type-checking.zeek b/testing/btest/language/table-type-checking.zeek index 639a2d021d..faefaf3a60 100644 --- a/testing/btest/language/table-type-checking.zeek +++ b/testing/btest/language/table-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyTable: table[port] of count; diff --git a/testing/btest/language/table.zeek b/testing/btest/language/table.zeek index 98f7daa8e3..cb26b5c17b 100644 --- a/testing/btest/language/table.zeek +++ b/testing/btest/language/table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/ternary-record-mismatch.zeek b/testing/btest/language/ternary-record-mismatch.zeek index 3c0c4ab95e..1b9796a799 100644 --- a/testing/btest/language/ternary-record-mismatch.zeek +++ b/testing/btest/language/ternary-record-mismatch.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath" btest-diff out type MyRecord: record { diff --git a/testing/btest/language/time.zeek b/testing/btest/language/time.zeek index e8b71219ca..685b011217 100644 --- a/testing/btest/language/time.zeek +++ b/testing/btest/language/time.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/timeout.zeek b/testing/btest/language/timeout.zeek index 47906b35fb..120ec845ab 100644 --- a/testing/btest/language/timeout.zeek +++ b/testing/btest/language/timeout.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DNS_FAKE && bro -b %INPUT >out +# @TEST-EXEC: unset BRO_DNS_FAKE && zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/type-cast-any.zeek b/testing/btest/language/type-cast-any.zeek index ad18a28646..f79e8abcce 100644 --- a/testing/btest/language/type-cast-any.zeek +++ b/testing/btest/language/type-cast-any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-error-dynamic.zeek b/testing/btest/language/type-cast-error-dynamic.zeek index 21f51bc8d8..1edf9e3d2a 100644 --- a/testing/btest/language/type-cast-error-dynamic.zeek +++ b/testing/btest/language/type-cast-error-dynamic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-error-static.zeek b/testing/btest/language/type-cast-error-static.zeek index 3d1afbe095..05ab92e09e 100644 --- a/testing/btest/language/type-cast-error-static.zeek +++ b/testing/btest/language/type-cast-error-static.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-same.zeek b/testing/btest/language/type-cast-same.zeek index 58e98bb0c0..226eb05b17 100644 --- a/testing/btest/language/type-cast-same.zeek +++ b/testing/btest/language/type-cast-same.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-check-any.zeek b/testing/btest/language/type-check-any.zeek index 1b681a3420..95047c8de1 100644 --- a/testing/btest/language/type-check-any.zeek +++ b/testing/btest/language/type-check-any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-check-vector.zeek b/testing/btest/language/type-check-vector.zeek index b92c654fb6..b7ea42241e 100644 --- a/testing/btest/language/type-check-vector.zeek +++ b/testing/btest/language/type-check-vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type myvec: vector of any; diff --git a/testing/btest/language/type-type-error.zeek b/testing/btest/language/type-type-error.zeek index 2f3e3913ef..586b181ec5 100644 --- a/testing/btest/language/type-type-error.zeek +++ b/testing/btest/language/type-type-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT +# @TEST-EXEC-FAIL: zeek -b %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr type r: record { diff --git a/testing/btest/language/undefined-delete-field.zeek b/testing/btest/language/undefined-delete-field.zeek index a45e093527..f4ecfdb106 100644 --- a/testing/btest/language/undefined-delete-field.zeek +++ b/testing/btest/language/undefined-delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 || echo $? >>output +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 || echo $? >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type MyRecordType: record diff --git a/testing/btest/language/uninitialized-local.zeek b/testing/btest/language/uninitialized-local.zeek index ec4a6e61de..6d8e26be72 100644 --- a/testing/btest/language/uninitialized-local.zeek +++ b/testing/btest/language/uninitialized-local.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event testit() &priority=10 diff --git a/testing/btest/language/uninitialized-local2.zeek b/testing/btest/language/uninitialized-local2.zeek index ed4045a1a3..4b8f0c8275 100644 --- a/testing/btest/language/uninitialized-local2.zeek +++ b/testing/btest/language/uninitialized-local2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event test() diff --git a/testing/btest/language/vector-any-append.zeek b/testing/btest/language/vector-any-append.zeek index d501af6b15..599859b1d8 100644 --- a/testing/btest/language/vector-any-append.zeek +++ b/testing/btest/language/vector-any-append.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function assign(v: vector of any) diff --git a/testing/btest/language/vector-coerce-expr.zeek b/testing/btest/language/vector-coerce-expr.zeek index 97f9617665..7fa4affe9c 100644 --- a/testing/btest/language/vector-coerce-expr.zeek +++ b/testing/btest/language/vector-coerce-expr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/vector-in-operator.zeek b/testing/btest/language/vector-in-operator.zeek index 5936145363..ceea232f0e 100644 --- a/testing/btest/language/vector-in-operator.zeek +++ b/testing/btest/language/vector-in-operator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out local ten = "0123456789"; diff --git a/testing/btest/language/vector-list-init-records.zeek b/testing/btest/language/vector-list-init-records.zeek index b1eee0ac92..d7aad468a2 100644 --- a/testing/btest/language/vector-list-init-records.zeek +++ b/testing/btest/language/vector-list-init-records.zeek @@ -1,7 +1,7 @@ # Initializing a vector with a list of records should promote elements as # necessary to match the vector's yield type. -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Foo: record { diff --git a/testing/btest/language/vector-type-checking.zeek b/testing/btest/language/vector-type-checking.zeek index c0003503a4..bdea76c4cd 100644 --- a/testing/btest/language/vector-type-checking.zeek +++ b/testing/btest/language/vector-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyVec: vector of count; diff --git a/testing/btest/language/vector-unspecified.zeek b/testing/btest/language/vector-unspecified.zeek index b91f910504..d0898b5d42 100644 --- a/testing/btest/language/vector-unspecified.zeek +++ b/testing/btest/language/vector-unspecified.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Test assignment behavior of unspecified vectors diff --git a/testing/btest/language/vector.zeek b/testing/btest/language/vector.zeek index 36ff7c0267..0564e52e4f 100644 --- a/testing/btest/language/vector.zeek +++ b/testing/btest/language/vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/when-unitialized-rhs.zeek b/testing/btest/language/when-unitialized-rhs.zeek index 196834c2ae..62464004f2 100644 --- a/testing/btest/language/when-unitialized-rhs.zeek +++ b/testing/btest/language/when-unitialized-rhs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global crashMe: function(): string; diff --git a/testing/btest/language/when.zeek b/testing/btest/language/when.zeek index 36914ce993..de710aa736 100644 --- a/testing/btest/language/when.zeek +++ b/testing/btest/language/when.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run test1 bro %INPUT +# @TEST-EXEC: btest-bg-run test1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: mv test1/.stdout out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/while.zeek b/testing/btest/language/while.zeek index d6588589f7..3e12c81514 100644 --- a/testing/btest/language/while.zeek +++ b/testing/btest/language/while.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_noop() diff --git a/testing/btest/language/wrong-delete-field.zeek b/testing/btest/language/wrong-delete-field.zeek index 63573faf8a..c393f66c16 100644 --- a/testing/btest/language/wrong-delete-field.zeek +++ b/testing/btest/language/wrong-delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/wrong-record-extension.zeek b/testing/btest/language/wrong-record-extension.zeek index a8ef6a64e9..72b66c4ee3 100644 --- a/testing/btest/language/wrong-record-extension.zeek +++ b/testing/btest/language/wrong-record-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output.tmp 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output.tmp 2>&1 # @TEST-EXEC: sed 's#^.*:##g' output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/language/zeek_init.zeek b/testing/btest/language/zeek_init.zeek index 27f82d626c..c1ca3ba65c 100644 --- a/testing/btest/language/zeek_init.zeek +++ b/testing/btest/language/zeek_init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/zeek_script_loaded.zeek b/testing/btest/language/zeek_script_loaded.zeek index 41f43409e6..9011790e93 100644 --- a/testing/btest/language/zeek_script_loaded.zeek +++ b/testing/btest/language/zeek_script_loaded.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_script_loaded(path: string, level: count) &priority=10 diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index f3a60d20b7..d7cf3fd7b0 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -1,10 +1,10 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} --install-root=`pwd`/test-install # @TEST-EXEC: make # @TEST-EXEC: make install -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro -NN Demo::Foo >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install zeek -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output mkdir -p scripts/Demo/Foo/base/ diff --git a/testing/btest/plugins/bifs-and-scripts.sh b/testing/btest/plugins/bifs-and-scripts.sh index 6cc1ca61f5..3cbe9c52d1 100644 --- a/testing/btest/plugins/bifs-and-scripts.sh +++ b/testing/btest/plugins/bifs-and-scripts.sh @@ -1,25 +1,25 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output -# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` bro -b Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` zeek -b Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b ./activate.zeek -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b ./activate.zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b Demo::Foo Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b Demo::Foo Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output diff --git a/testing/btest/plugins/file.zeek b/testing/btest/plugins/file.zeek index 29724aa8a4..1f87103472 100644 --- a/testing/btest/plugins/file.zeek +++ b/testing/btest/plugins/file.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/file-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/ftp/retr.trace %INPUT >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/ftp/retr.trace %INPUT >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output event file_new(f: fa_file) diff --git a/testing/btest/plugins/hooks.zeek b/testing/btest/plugins/hooks.zeek index d2d3d754d9..11ca139002 100644 --- a/testing/btest/plugins/hooks.zeek +++ b/testing/btest/plugins/hooks.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Hooks +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Hooks # @TEST-EXEC: cp -r %DIR/hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` bro -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output @unload base/misc/version diff --git a/testing/btest/plugins/init-plugin.zeek b/testing/btest/plugins/init-plugin.zeek index a4ebf7b00c..9099e02585 100644 --- a/testing/btest/plugins/init-plugin.zeek +++ b/testing/btest/plugins/init-plugin.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output diff --git a/testing/btest/plugins/logging-hooks.zeek b/testing/btest/plugins/logging-hooks.zeek index fa6a936d11..a901f14f70 100644 --- a/testing/btest/plugins/logging-hooks.zeek +++ b/testing/btest/plugins/logging-hooks.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Log Hooks +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Log Hooks # @TEST-EXEC: cp -r %DIR/logging-hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` bro -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff ssh.log diff --git a/testing/btest/plugins/pktdumper.zeek b/testing/btest/plugins/pktdumper.zeek index d9bd91a5a6..8595c8a278 100644 --- a/testing/btest/plugins/pktdumper.zeek +++ b/testing/btest/plugins/pktdumper.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktdumper-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace -w foo::XXX %INPUT FilteredTraceDetection::enable=F >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace -w foo::XXX %INPUT FilteredTraceDetection::enable=F >>output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/pktsrc.zeek b/testing/btest/plugins/pktsrc.zeek index a13596e245..ac88b95162 100644 --- a/testing/btest/plugins/pktsrc.zeek +++ b/testing/btest/plugins/pktsrc.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktsrc-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r foo::XXX %INPUT FilteredTraceDetection::enable=F >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r foo::XXX %INPUT FilteredTraceDetection::enable=F >>output # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/plugins/plugin-nopatchversion.zeek b/testing/btest/plugins/plugin-nopatchversion.zeek index 2279efde6a..19b3fdac62 100644 --- a/testing/btest/plugins/plugin-nopatchversion.zeek +++ b/testing/btest/plugins/plugin-nopatchversion.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Testing NoPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::NoPatchVersion >> output +# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::NoPatchVersion >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/plugin-withpatchversion.zeek b/testing/btest/plugins/plugin-withpatchversion.zeek index 4d86f09719..29c5cb7907 100644 --- a/testing/btest/plugins/plugin-withpatchversion.zeek +++ b/testing/btest/plugins/plugin-withpatchversion.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Testing WithPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::WithPatchVersion >> output +# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::WithPatchVersion >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/protocol.zeek b/testing/btest/plugins/protocol.zeek index 8a6c2a6399..b0d6f89e88 100644 --- a/testing/btest/plugins/protocol.zeek +++ b/testing/btest/plugins/protocol.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/protocol-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace %INPUT >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace %INPUT >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output event foo_message(c: connection, data: string) diff --git a/testing/btest/plugins/reader.zeek b/testing/btest/plugins/reader.zeek index 8f9cf0c97f..0b0b2c4916 100644 --- a/testing/btest/plugins/reader.zeek +++ b/testing/btest/plugins/reader.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/reader-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` btest-bg-run bro bro %INPUT +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` btest-bg-run zeek zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff out diff --git a/testing/btest/plugins/reporter-hook.zeek b/testing/btest/plugins/reporter-hook.zeek index 6ac3683b2b..1987b4e22b 100644 --- a/testing/btest/plugins/reporter-hook.zeek +++ b/testing/btest/plugins/reporter-hook.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Reporter Hook +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Reporter Hook # @TEST-EXEC: cp -r %DIR/reporter-hook-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` bro -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/plugins/writer.zeek b/testing/btest/plugins/writer.zeek index 732d726fd7..62224ece33 100644 --- a/testing/btest/plugins/writer.zeek +++ b/testing/btest/plugins/writer.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/writer-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/socks.trace Log::default_writer=Log::WRITER_FOO %INPUT | sort >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/socks.trace Log::default_writer=Log::WRITER_FOO %INPUT | sort >>output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/files/data_event/basic.zeek b/testing/btest/scripts/base/files/data_event/basic.zeek index 2877155ebb..a5026c287c 100644 --- a/testing/btest/scripts/base/files/data_event/basic.zeek +++ b/testing/btest/scripts/base/files/data_event/basic.zeek @@ -1,6 +1,6 @@ # Just a very basic test to check if ANALYZER_DATA_EVENT works. # Also check if "in" works with binary data. -# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/files/entropy/basic.test b/testing/btest/scripts/base/files/entropy/basic.test index 2b867eb8cb..fda15d9724 100644 --- a/testing/btest/scripts/base/files/entropy/basic.test +++ b/testing/btest/scripts/base/files/entropy/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/files/extract/limit.zeek b/testing/btest/scripts/base/files/extract/limit.zeek index 2a88a0886d..e676d0ebe0 100644 --- a/testing/btest/scripts/base/files/extract/limit.zeek +++ b/testing/btest/scripts/base/files/extract/limit.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1 # @TEST-EXEC: btest-diff extract_files/1 # @TEST-EXEC: btest-diff 1.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T # @TEST-EXEC: btest-diff extract_files/2 # @TEST-EXEC: btest-diff 2.out # @TEST-EXEC: btest-diff files.log -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T # @TEST-EXEC: btest-diff extract_files/3 # @TEST-EXEC: btest-diff 3.out diff --git a/testing/btest/scripts/base/files/pe/basic.test b/testing/btest/scripts/base/files/pe/basic.test index 4ca9ceecef..99778b7943 100644 --- a/testing/btest/scripts/base/files/pe/basic.test +++ b/testing/btest/scripts/base/files/pe/basic.test @@ -1,5 +1,5 @@ # This tests the PE analyzer against a PCAP of 4 PE files being downloaded via FTP. # The files are a mix of DLL/EXEs, signed/unsigned, and 32/64-bit files. -# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff pe.log diff --git a/testing/btest/scripts/base/files/unified2/alert.zeek b/testing/btest/scripts/base/files/unified2/alert.zeek index eca1ca036c..ae1b472ea5 100644 --- a/testing/btest/scripts/base/files/unified2/alert.zeek +++ b/testing/btest/scripts/base/files/unified2/alert.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2 +# @TEST-EXEC: zeek -b %INPUT Unified2::watch_file=$FILES/unified2.u2 # @TEST-EXEC: btest-diff unified2.log @TEST-START-FILE sid_msg.map diff --git a/testing/btest/scripts/base/files/x509/1999.test b/testing/btest/scripts/base/files/x509/1999.test index 7c1ab7971f..10c041db4f 100644 --- a/testing/btest/scripts/base/files/x509/1999.test +++ b/testing/btest/scripts/base/files/x509/1999.test @@ -1,5 +1,5 @@ # Test that the timestamp of a pre-y-2000 certificate is correctly parsed -# @TEST-EXEC: bro -r $TRACES/tls/telesec.pcap +# @TEST-EXEC: zeek -r $TRACES/tls/telesec.pcap # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test index 7ca60faf96..b50d9e2697 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/certificate-with-sct.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/certificate-with-sct.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test index a136e42b74..9755f4f2f0 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek index 237c19299e..5b98ea0f6d 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek @@ -1,7 +1,7 @@ # -# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq dns -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh +# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq dns +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh # redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH }; diff --git a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek index 24820f1954..edd2a77361 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT -# @TEST-EXEC: cat conn.log | bro-cut service | grep -q dns +# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q dns # redef Analyzer::disable_all = T; diff --git a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek index 0b0b4a4e21..8d3f92534b 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek @@ -1,9 +1,9 @@ # -# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; -# @TEST-EXEC: cat conn.log | bro-cut service | grep -q ssh +# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q ssh # -# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh +# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh event zeek_init() { diff --git a/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek index 114ea73673..07a84629fc 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | sort >output +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | sort >output # @TEST-EXEC: btest-diff output global x = 0; diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek index f2c56a4dcc..f4d45597ad 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek index d2ca2a50f1..cd314b65a6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek index b47d7ab55d..32f12d40a6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek @@ -4,11 +4,11 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek index 97d961e34d..59c0193ab6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 bro %INPUT -# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 bro %INPUT -# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff logger-1/test.log # @TEST-EXEC: btest-diff logger-2/test.log diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek index 5f11122413..22a8ee8a38 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek @@ -5,12 +5,12 @@ # @TEST-PORT: BROKER_PORT5 # @TEST-PORT: BROKER_PORT6 # -# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. bro %INPUT +# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff logger-1/.stdout # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek index 2f69eba0ad..7e10ea14c1 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek @@ -4,11 +4,11 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek index 94a78e5304..36447f17e5 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek index a0b98aeb39..4c3fdc438b 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/basic.zeek b/testing/btest/scripts/base/frameworks/config/basic.zeek index f5a02983fd..0195388792 100644 --- a/testing/btest/scripts/base/frameworks/config/basic.zeek +++ b/testing/btest/scripts/base/frameworks/config/basic.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/config.log +# @TEST-EXEC: btest-diff zeek/.stderr @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek index f61deeea15..4a3c4f180e 100644 --- a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek index 4aa3ad185f..482cd1721b 100644 --- a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek +++ b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek @@ -2,11 +2,11 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: sleep 15 -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/read_config.zeek b/testing/btest/scripts/base/frameworks/config/read_config.zeek index 7d88d20ef1..8ea2e4690e 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config.zeek +++ b/testing/btest/scripts/base/frameworks/config/read_config.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log +# @TEST-EXEC: btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek index 7151e67d42..18b53ce07a 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/several-files.zeek b/testing/btest/scripts/base/frameworks/config/several-files.zeek index c5ad563b4e..cc6d8ce8aa 100644 --- a/testing/btest/scripts/base/frameworks/config/several-files.zeek +++ b/testing/btest/scripts/base/frameworks/config/several-files.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff bro/config.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/updates.zeek b/testing/btest/scripts/base/frameworks/config/updates.zeek index 5a2e051817..09bcc9d198 100644 --- a/testing/btest/scripts/base/frameworks/config/updates.zeek +++ b/testing/btest/scripts/base/frameworks/config/updates.zeek @@ -1,12 +1,12 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile2 configfile -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile3 configfile -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile4 configfile # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log +# @TEST-EXEC: btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/weird.zeek b/testing/btest/scripts/base/frameworks/config/weird.zeek index 749525876d..300bb97101 100644 --- a/testing/btest/scripts/base/frameworks/config/weird.zeek +++ b/testing/btest/scripts/base/frameworks/config/weird.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff config.log diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek index 4921099d7c..0d3e8b960d 100644 --- a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek +++ b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff controllee/.stdout diff --git a/testing/btest/scripts/base/frameworks/control/id_value.zeek b/testing/btest/scripts/base/frameworks/control/id_value.zeek index a557f6487e..1f0072c346 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.zeek +++ b/testing/btest/scripts/base/frameworks/control/id_value.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-diff controller/.stdout diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.zeek b/testing/btest/scripts/base/frameworks/control/shutdown.zeek index a8089bf08a..c785539e8e 100644 --- a/testing/btest/scripts/base/frameworks/control/shutdown.zeek +++ b/testing/btest/scripts/base/frameworks/control/shutdown.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown # @TEST-EXEC: btest-bg-wait 10 diff --git a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek index 919d3b62c6..d5ecb55445 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out redef test_print_file_data_events = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek index 8b61eb45d3..c3a6fe208b 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek index df4573e418..2392c8558d 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek index 2c6f0a3d07..3d2d9b5949 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek index c44b1ec66b..c78bb521a8 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout global cnt: count = 0; global timeout_cnt: count = 0; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek index cfd2e0c67b..e70ea5a553 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: test ! -s Cx92a0ym5R8-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek index 0f7e23ddcf..fdf320cd43 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log @load frameworks/files/hash-all-files diff --git a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek index 7cf0ef239c..583a97481e 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek @@ -1,6 +1,6 @@ # This used to crash the file reassemly code. # -# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000 +# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000 # # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek index a25fde74e5..43a6506f6c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek index d90e08e08b..e62a952410 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out -# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: btest-diff get-gzip.out # @TEST-EXEC: btest-diff 1-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek index 400b787b52..7cc1efda09 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek index bb5ef7f800..c675adbb40 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out # @TEST-EXEC: btest-diff a.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >a.size # @TEST-EXEC: btest-diff a.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out # @TEST-EXEC: btest-diff b.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >b.size # @TEST-EXEC: btest-diff b.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out # @TEST-EXEC: btest-diff c.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >c.size # @TEST-EXEC: btest-diff c.size diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek index cdd69b84a9..acc635ae29 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek index 75efb27781..122c188b6c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek index 9bafa0ca1e..3051459945 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 -# @TEST-EXEC: btest-diff bro/.stdout -# @TEST-EXEC: diff -q bro/FK8WqY1Q9U1rVxnDge-file input.log +# @TEST-EXEC: btest-diff zeek/.stdout +# @TEST-EXEC: diff -q zeek/FK8WqY1Q9U1rVxnDge-file input.log redef exit_only_after_terminate = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek index a1fd1e36d5..4b3e641f34 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek index 597f8a26bb..96c302a31a 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-diff files.log redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek index 9edec8abc1..0fddcc7f98 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile0 # @TEST-EXEC: btest-diff thefile1 diff --git a/testing/btest/scripts/base/frameworks/input/basic.zeek b/testing/btest/scripts/base/frameworks/input/basic.zeek index 02c3b4ff79..e96784fc0d 100644 --- a/testing/btest/scripts/base/frameworks/input/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/bignumber.zeek b/testing/btest/scripts/base/frameworks/input/bignumber.zeek index b5b9d3fcae..dd3a483050 100644 --- a/testing/btest/scripts/base/frameworks/input/bignumber.zeek +++ b/testing/btest/scripts/base/frameworks/input/bignumber.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/binary.zeek b/testing/btest/scripts/base/frameworks/input/binary.zeek index 072db53e11..fa98625997 100644 --- a/testing/btest/scripts/base/frameworks/input/binary.zeek +++ b/testing/btest/scripts/base/frameworks/input/binary.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/config/basic.zeek b/testing/btest/scripts/base/frameworks/input/config/basic.zeek index a0a7df017f..b6f7c2a78a 100644 --- a/testing/btest/scripts/base/frameworks/input/config/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/config/errors.zeek b/testing/btest/scripts/base/frameworks/input/config/errors.zeek index 262b4ff36d..0271dbe711 100644 --- a/testing/btest/scripts/base/frameworks/input/config/errors.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: tail -n +2 .stderr > errout # @TEST-EXEC: btest-diff errout diff --git a/testing/btest/scripts/base/frameworks/input/config/spaces.zeek b/testing/btest/scripts/base/frameworks/input/config/spaces.zeek index 00bc64888e..321deb3fa4 100644 --- a/testing/btest/scripts/base/frameworks/input/config/spaces.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/spaces.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/default.zeek b/testing/btest/scripts/base/frameworks/input/default.zeek index 3c9880696d..a3e65e74e0 100644 --- a/testing/btest/scripts/base/frameworks/input/default.zeek +++ b/testing/btest/scripts/base/frameworks/input/default.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek index b43044b963..810aa96c6a 100644 --- a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek +++ b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/emptyvals.zeek b/testing/btest/scripts/base/frameworks/input/emptyvals.zeek index 6e45f56e8d..b495832d6d 100644 --- a/testing/btest/scripts/base/frameworks/input/emptyvals.zeek +++ b/testing/btest/scripts/base/frameworks/input/emptyvals.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/errors.zeek b/testing/btest/scripts/base/frameworks/input/errors.zeek index 296c43f450..4c9c6f8ec2 100644 --- a/testing/btest/scripts/base/frameworks/input/errors.zeek +++ b/testing/btest/scripts/base/frameworks/input/errors.zeek @@ -1,6 +1,6 @@ # Test different kinds of errors of the input framework # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stderr # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/event.zeek b/testing/btest/scripts/base/frameworks/input/event.zeek index 1ac4e38af5..f23d9cf52d 100644 --- a/testing/btest/scripts/base/frameworks/input/event.zeek +++ b/testing/btest/scripts/base/frameworks/input/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek b/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek index 2a2e2b1e63..86ace59204 100644 --- a/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek b/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek index 4acaa63ee6..16a3cda1de 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/invalidset.zeek b/testing/btest/scripts/base/frameworks/input/invalidset.zeek index d1ca5e3262..67aff58254 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidset.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidset.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/invalidtext.zeek b/testing/btest/scripts/base/frameworks/input/invalidtext.zeek index 3a30da30c8..2c2809861a 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidtext.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidtext.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/missing-enum.zeek b/testing/btest/scripts/base/frameworks/input/missing-enum.zeek index abdc608447..9c5850cfac 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-enum.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-enum.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/.stderr -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stderr +# @TEST-EXEC: btest-diff zeek/.stdout @TEST-START-FILE input.log #fields e i diff --git a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek index 0fed78d120..5d87c6d786 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek @@ -3,15 +3,15 @@ # It does a second test at the same time which configures the old # failing behavior. -# @TEST-EXEC: btest-bg-run bro bro %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/init 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/init 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv does-exist.dat does-not-exist.dat -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv does-not-exist.dat does-not-exist-again.dat # @TEST-EXEC: echo "3 streaming still works" >> does-not-exist-again.dat # @TEST-EXEC: btest-bg-wait 5 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stderr +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stderr @TEST-START-FILE does-exist.dat #separator \x09 diff --git a/testing/btest/scripts/base/frameworks/input/missing-file.zeek b/testing/btest/scripts/base/frameworks/input/missing-file.zeek index 90fbeb175e..f1d4a203e2 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-file.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/.stderr redef exit_only_after_terminate = T; redef InputAscii::fail_on_file_problem = T; diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek index 723227a1c3..925ec13f82 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek b/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek index 33da194d84..a55ddd318a 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/optional.zeek b/testing/btest/scripts/base/frameworks/input/optional.zeek index 9b9d569ffe..acea18810e 100644 --- a/testing/btest/scripts/base/frameworks/input/optional.zeek +++ b/testing/btest/scripts/base/frameworks/input/optional.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek index 784be4ca06..8e0b6b39b3 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek @@ -2,14 +2,14 @@ # variables to verify that an absolute path prefix gets added correctly # to relative/path-less input sources. # -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.bro +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.zeek # @TEST-EXEC: mkdir -p subdir # # Note, in the following we'd ideally use %DIR to express the # additional path, but there's currently a problem in btest with using # %DIR after TEST-START-NEXT. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE subdir/input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek index 747c3d46dd..e8b5a4af78 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek @@ -2,8 +2,8 @@ # variables to verify that setting these prefixes has no effect when # an input file uses an absolute-path source. # -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.bro -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.zeek +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek index 02a6e7e104..4557d631d3 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek @@ -1,7 +1,7 @@ # These tests verify that when setting neither InputAscii::path_prefix # nor InputBinary::path_prefix, Zeek correctly locates local input files. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek index 2f24131b6f..0c4d7af64b 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek @@ -3,7 +3,7 @@ # from the current working directory. # # @TEST-EXEC: mkdir -p alternative -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE alternative/input.data diff --git a/testing/btest/scripts/base/frameworks/input/port-embedded.zeek b/testing/btest/scripts/base/frameworks/input/port-embedded.zeek index 32feb47c34..ef4b0a0651 100644 --- a/testing/btest/scripts/base/frameworks/input/port-embedded.zeek +++ b/testing/btest/scripts/base/frameworks/input/port-embedded.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/.stdout -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/.stdout +# @TEST-EXEC: btest-diff zeek/.stderr @TEST-START-FILE input.log #fields i p diff --git a/testing/btest/scripts/base/frameworks/input/port.zeek b/testing/btest/scripts/base/frameworks/input/port.zeek index d0bb823b74..b7a4b78913 100644 --- a/testing/btest/scripts/base/frameworks/input/port.zeek +++ b/testing/btest/scripts/base/frameworks/input/port.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek b/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek index f8e7f8fdf3..25c818dae7 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # -# only difference from predicate.bro is, that this one uses a stream source. +# only difference from predicate.zeek is, that this one uses a stream source. # the reason is, that the code-paths are quite different, because then the # ascii reader uses the put and not the sendevent interface diff --git a/testing/btest/scripts/base/frameworks/input/predicate.zeek b/testing/btest/scripts/base/frameworks/input/predicate.zeek index 171e1d42de..61f1a5cf16 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek b/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek index 80e8c6aac8..5de9f7bcc8 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek index 53708b4fdd..9f3d66df80 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input5.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek index 6d4147ad06..79d38fab0d 100644 --- a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/basic.zeek b/testing/btest/scripts/base/frameworks/input/raw/basic.zeek index cb9e0269ea..af246fdfcb 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/execute.zeek b/testing/btest/scripts/base/frameworks/input/raw/execute.zeek index 018b62d75b..672d8131d1 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/execute.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/execute.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek b/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek index 1c24c3ab8a..0beb8bca20 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff test.txt # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek b/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek index ded6588269..73aec5cab7 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/long.zeek b/testing/btest/scripts/base/frameworks/input/raw/long.zeek index 40f84c8597..bab9e388e5 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/long.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/long.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: dd if=/dev/zero of=input.log bs=8193 count=1 -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # diff --git a/testing/btest/scripts/base/frameworks/input/raw/offset.zeek b/testing/btest/scripts/base/frameworks/input/raw/offset.zeek index 0fdb6d65e9..87aa36fc8b 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/offset.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/offset.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: cp input.log input2.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: echo "hi" >> input2.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek index ae977b4b2d..f187187f68 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek b/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek index b62b135e43..a108ddbc4a 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: mkdir mydir && touch mydir/a && touch mydir/b && touch mydir/c -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek b/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek index 923428717f..741b3f92d6 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/repeat.zeek b/testing/btest/scripts/base/frameworks/input/repeat.zeek index 86245ef9f0..db9a6018d0 100644 --- a/testing/btest/scripts/base/frameworks/input/repeat.zeek +++ b/testing/btest/scripts/base/frameworks/input/repeat.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/reread.zeek b/testing/btest/scripts/base/frameworks/input/reread.zeek index e34ae0a5ae..ca98c9f214 100644 --- a/testing/btest/scripts/base/frameworks/input/reread.zeek +++ b/testing/btest/scripts/base/frameworks/input/reread.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input5.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/set.zeek b/testing/btest/scripts/base/frameworks/input/set.zeek index 52c0b8feef..0d1021adae 100644 --- a/testing/btest/scripts/base/frameworks/input/set.zeek +++ b/testing/btest/scripts/base/frameworks/input/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/setseparator.zeek b/testing/btest/scripts/base/frameworks/input/setseparator.zeek index 3e052c4b44..fc876e8a6d 100644 --- a/testing/btest/scripts/base/frameworks/input/setseparator.zeek +++ b/testing/btest/scripts/base/frameworks/input/setseparator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek b/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek index 801a3229c5..b68e4b53d0 100644 --- a/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek +++ b/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek index fdb946e02c..d7c66f67ee 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek index 7a46160dc0..b6c2b46bbb 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek @@ -4,7 +4,7 @@ # # @TEST-GROUP: sqlite # -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: sed '1d' .stderr | sort > cmpfile # @TEST-EXEC: btest-diff cmpfile diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek index ddf4a844bb..ec0e9bd428 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat port.sql | sqlite3 port.sqlite -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek index 894db886b5..6da0bef528 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek @@ -4,7 +4,7 @@ # # @TEST-GROUP: sqlite # -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/stream.zeek b/testing/btest/scripts/base/frameworks/input/stream.zeek index 20f1b682fa..b9064ef46b 100644 --- a/testing/btest/scripts/base/frameworks/input/stream.zeek +++ b/testing/btest/scripts/base/frameworks/input/stream.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek b/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek index fdcef27d68..9f303fbb5a 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek +++ b/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/subrecord.zeek b/testing/btest/scripts/base/frameworks/input/subrecord.zeek index 797768a7a7..c01ce24158 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/subrecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/tableevent.zeek b/testing/btest/scripts/base/frameworks/input/tableevent.zeek index 370265508d..680a412c27 100644 --- a/testing/btest/scripts/base/frameworks/input/tableevent.zeek +++ b/testing/btest/scripts/base/frameworks/input/tableevent.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/twotables.zeek b/testing/btest/scripts/base/frameworks/input/twotables.zeek index 12d5394a54..6ff57f9666 100644 --- a/testing/btest/scripts/base/frameworks/input/twotables.zeek +++ b/testing/btest/scripts/base/frameworks/input/twotables.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff event.out diff --git a/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek b/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek index 3090cf10c9..e4e93f7164 100644 --- a/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek +++ b/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/windows.zeek b/testing/btest/scripts/base/frameworks/input/windows.zeek index 8addf0c6ad..2615acb197 100644 --- a/testing/btest/scripts/base/frameworks/input/windows.zeek +++ b/testing/btest/scripts/base/frameworks/input/windows.zeek @@ -1,6 +1,6 @@ # Test windows linebreaks -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek index 98fc45c29d..79dbc7e035 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek index ecec5a0831..0b0872c704 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek index a3a45cd1c0..8f493947fa 100644 --- a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 21 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek index 81353ce7fc..3c5db1147e 100644 --- a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.desc meta.url diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek index bea8abfd88..f0f5e59511 100644 --- a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.desc meta.url diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek index 9c46dd7c93..ab6399f45b 100644 --- a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek +++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek index e637ebb3c5..0438fd4f4e 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek @@ -5,8 +5,8 @@ # /foo/bar/intel). # # @TEST-EXEC: mkdir -p intel -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/intel|" >input.bro -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b input.bro >output +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/intel|" >input.zeek +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE intel/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek index 1e7050aee9..d80d784044 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek @@ -3,7 +3,7 @@ # prepended first, then the input framework one. # # @TEST-EXEC: mkdir -p input/intel -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input/intel/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek index 2e602752f1..b3bc9f052f 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek @@ -4,7 +4,7 @@ # Input::REREAD ingestion mode.) # # @TEST-EXEC: mkdir -p alternative -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE alternative/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek index 7d02a0ac6a..298fcaee2c 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek @@ -1,7 +1,7 @@ # This test verifies that when setting neither InputAscii::path_prefix # nor Intel::path_prefix, Zeek correctly locates local intel files. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE test.data diff --git a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek index 0914ece60d..d8078db0cc 100644 --- a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log diff --git a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek index 16ec0df4a4..4e2ed8fcf5 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 13 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek index 7bc071c17a..3dfcb9e334 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: cat broproc/reporter.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/reporter.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek index 5cace1741e..75a272773d 100644 --- a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: cp intel1.dat intel.dat -# @TEST-EXEC: btest-bg-run broproc bro %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp intel2.dat intel.dat -# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp intel3.dat intel.dat # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/notice.log >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/notice.log >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel1.dat diff --git a/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek index d342186ca3..a5aed0c018 100644 --- a/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek +++ b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh-new-default.log # @TEST-EXEC: test '!' -e ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek index 1df620e19b..74d3ea9267 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek index 65bffda485..676f69600f 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek @@ -1,8 +1,8 @@ # @TEST-DOC: Test that the ASCII writer logs values of type "double" correctly. # -# @TEST-EXEC: bro -b %INPUT test-json.zeek +# @TEST-EXEC: zeek -b %INPUT test-json.zeek # @TEST-EXEC: mv test.log json.log -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log # @TEST-EXEC: btest-diff json.log # diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek index bb38f988ae..515bd9aab3 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log # @TEST-EXEC: btest-diff ssh-filtered.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek index d7e7739547..5535f83276 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff test.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek index 0145c52243..2c66593250 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log redef LogAscii::empty_field = "EMPTY"; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek index c42a92fdac..3c1cb2cd10 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek index 9df48edbb6..f64f00f857 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek @@ -1,4 +1,4 @@ # -# @TEST-EXEC: bro -C -r $TRACES/www-odd-url.trace +# @TEST-EXEC: zeek -C -r $TRACES/www-odd-url.trace # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek index 03139bf2b8..5170718d9e 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek index 9fa6555391..85c309ca98 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | egrep -v '#open|#close' >ssh.log.tmp && mv ssh.log.tmp ssh.log # @TEST-EXEC: btest-diff ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek index 3e73b56500..874715dce7 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek @@ -1,6 +1,6 @@ # Test that log rotation works with compressed logs. # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: gunzip test.*.log.gz # diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek index 74573fe3d4..c240df96e5 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: gunzip ssh.log.gz # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh-uncompressed.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek index bfe998a78e..6055989e70 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek index 364de2fe4c..ec86557c4a 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testing.log @load tuning/json-logs diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek index 8985715d1d..ab88225d97 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek index 33de6e720a..caaf123633 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek index b72f077c81..11a69a0086 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log redef LogAscii::output_to_stdout = F; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek index 2e786f4927..ab7269c16c 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek index c29b291003..67d407bb91 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log # @TEST-EXEC: btest-diff ssh-filtered.log diff --git a/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek index 7aece07642..203f5a5343 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek +++ b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/attr.zeek b/testing/btest/scripts/base/frameworks/logging/attr.zeek index 84287cc280..f0e65aa818 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr.zeek +++ b/testing/btest/scripts/base/frameworks/logging/attr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek index e3b2aa2b93..da6f9f0dd5 100644 --- a/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek +++ b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test '!' -e ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/empty-event.zeek b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek index e7928de5c7..404b35cec8 100644 --- a/testing/btest/scripts/base/frameworks/logging/empty-event.zeek +++ b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek index 95d02068d8..6da68c66fa 100644 --- a/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek +++ b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/env-ext.test b/testing/btest/scripts/base/frameworks/logging/env-ext.test index e9f690caa4..1d77cab0d0 100644 --- a/testing/btest/scripts/base/frameworks/logging/env-ext.test +++ b/testing/btest/scripts/base/frameworks/logging/env-ext.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: BRO_LOG_SUFFIX=txt bro -r $TRACES/wikipedia.trace +# @TEST-EXEC: BRO_LOG_SUFFIX=txt zeek -r $TRACES/wikipedia.trace # @TEST-EXEC: test -f conn.txt diff --git a/testing/btest/scripts/base/frameworks/logging/events.zeek b/testing/btest/scripts/base/frameworks/logging/events.zeek index d1cf0fba7e..321a702002 100644 --- a/testing/btest/scripts/base/frameworks/logging/events.zeek +++ b/testing/btest/scripts/base/frameworks/logging/events.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/exclude.zeek b/testing/btest/scripts/base/frameworks/logging/exclude.zeek index b776cf91a4..0f1e1b72d1 100644 --- a/testing/btest/scripts/base/frameworks/logging/exclude.zeek +++ b/testing/btest/scripts/base/frameworks/logging/exclude.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek index 1beaa72024..6e66d56bb5 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: grep qux manager-1/reporter.log | sed 's#line ..#line XX#g' > manager-reporter.log # @TEST-EXEC: grep qux manager-1/reporter-2.log | sed 's#line ..*#line XX#g' >> manager-reporter.log diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek index 39fe6c566a..14103cf816 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/http.log diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek index 7c1b448fee..5ac8e9220b 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek index b06cec2f54..87a2caecbc 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek index 9b37a893bf..50d6f90515 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek index 8a9f3ed5f2..ccf40899c8 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC-FAIL: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek index 609df1b467..a53c202387 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek index e480180a0d..54af73374e 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek index e51bcd6580..60ebb5a1a4 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/auth_change_session_keys.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/auth_change_session_keys.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # The other tests of Log::default_field_name_map used to not catch an invalid diff --git a/testing/btest/scripts/base/frameworks/logging/file.zeek b/testing/btest/scripts/base/frameworks/logging/file.zeek index 011c9bbe82..6aa07f1699 100644 --- a/testing/btest/scripts/base/frameworks/logging/file.zeek +++ b/testing/btest/scripts/base/frameworks/logging/file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/include.zeek b/testing/btest/scripts/base/frameworks/logging/include.zeek index 7179c54338..31f905d172 100644 --- a/testing/btest/scripts/base/frameworks/logging/include.zeek +++ b/testing/btest/scripts/base/frameworks/logging/include.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/no-local.zeek b/testing/btest/scripts/base/frameworks/logging/no-local.zeek index 9418afea14..38e395afac 100644 --- a/testing/btest/scripts/base/frameworks/logging/no-local.zeek +++ b/testing/btest/scripts/base/frameworks/logging/no-local.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test '!' -e ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/none-debug.zeek b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek index 9a9f73d8f9..43b1daa187 100644 --- a/testing/btest/scripts/base/frameworks/logging/none-debug.zeek +++ b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output redef Log::default_writer = Log::WRITER_NONE; diff --git a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek index ebb514042e..7b256da666 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek +++ b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff local.log # @TEST-EXEC: btest-diff remote.log # diff --git a/testing/btest/scripts/base/frameworks/logging/path-func.zeek b/testing/btest/scripts/base/frameworks/logging/path-func.zeek index fa52cccc48..80cb5e7918 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func.zeek +++ b/testing/btest/scripts/base/frameworks/logging/path-func.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: ( ls static-*; cat static-* ) >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/frameworks/logging/pred.zeek b/testing/btest/scripts/base/frameworks/logging/pred.zeek index c6f85183b4..aa89fdf504 100644 --- a/testing/btest/scripts/base/frameworks/logging/pred.zeek +++ b/testing/btest/scripts/base/frameworks/logging/pred.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.success.log # @TEST-EXEC: btest-diff test.failure.log diff --git a/testing/btest/scripts/base/frameworks/logging/remove.zeek b/testing/btest/scripts/base/frameworks/logging/remove.zeek index 2247648e7c..c4a626610e 100644 --- a/testing/btest/scripts/base/frameworks/logging/remove.zeek +++ b/testing/btest/scripts/base/frameworks/logging/remove.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -B logging %INPUT +# @TEST-EXEC: zeek -b -B logging %INPUT # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh.failure.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek index 89264fa6e5..4e6e38ebe9 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp # @TEST-EXEC: cat out.tmp pp.log | sort >out # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | $SCRIPTS/diff-remove-timestamps | uniq >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.zeek b/testing/btest/scripts/base/frameworks/logging/rotate.zeek index 2a988a88f0..235bc3829f 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1 -# @TEST-EXEC: grep "test" bro.out | sort >out +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >zeek.out 2>&1 +# @TEST-EXEC: grep "test" zeek.out | sort >out # @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek index 9d58ef11c2..03936bbe17 100644 --- a/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek +++ b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek index 3c72b7a833..a67b260241 100644 --- a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek +++ b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek @@ -1,7 +1,7 @@ # This tests the order in which the unrolling and field name # renaming occurs. -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek index d453804858..ea52826a13 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek @@ -4,7 +4,7 @@ # @TEST-GROUP: sqlite # # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stderr # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek index 8612cd5765..17779a6312 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek @@ -6,7 +6,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: btest-diff ssh.select # diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek index 7f9ea2d870..e717954a61 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from sshtwo' >> ssh.select # @TEST-EXEC: btest-diff ssh.select diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek index e878ec32d3..783fd2603b 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek @@ -3,7 +3,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: btest-diff ssh.select # diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek index e45c42d7e2..8ffc867b92 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek @@ -3,7 +3,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE # @TEST-EXEC: sqlite3 conn.sqlite 'select * from conn order by ts' | sort -n > conn.select # @TEST-EXEC: sqlite3 http.sqlite 'select * from http order by ts' | sort -n > http.select # @TEST-EXEC: btest-diff conn.select diff --git a/testing/btest/scripts/base/frameworks/logging/stdout.zeek b/testing/btest/scripts/base/frameworks/logging/stdout.zeek index bce55fd0ca..39db1d1e51 100644 --- a/testing/btest/scripts/base/frameworks/logging/stdout.zeek +++ b/testing/btest/scripts/base/frameworks/logging/stdout.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: test '!' -e ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/test-logging.zeek b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek index f7d07e843a..3e0db68c79 100644 --- a/testing/btest/scripts/base/frameworks/logging/test-logging.zeek +++ b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/types.zeek b/testing/btest/scripts/base/frameworks/logging/types.zeek index 9d208335ad..fc10e88bcc 100644 --- a/testing/btest/scripts/base/frameworks/logging/types.zeek +++ b/testing/btest/scripts/base/frameworks/logging/types.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/unset-record.zeek b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek index 00f97ffc1a..529e474381 100644 --- a/testing/btest/scripts/base/frameworks/logging/unset-record.zeek +++ b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testing.log redef enum Log::ID += { TESTING }; diff --git a/testing/btest/scripts/base/frameworks/logging/vec.zeek b/testing/btest/scripts/base/frameworks/logging/vec.zeek index 6809e132bc..5e73357947 100644 --- a/testing/btest/scripts/base/frameworks/logging/vec.zeek +++ b/testing/btest/scripts/base/frameworks/logging/vec.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek index 916e5a6775..60984f1fc7 100644 --- a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek +++ b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff reporter.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff http-2.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek index 5561b3b674..7addee4bf7 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek index 94fda84c64..5603219093 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek index 3f3ecb5e60..067193de8c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek @@ -2,12 +2,12 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat worker-1/.pid) 10 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek index 1efe420d73..b7510e4c2c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_shunt.log # @TEST-EXEC: btest-diff netcontrol_drop.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek index bf8957e4ff..c1d0f961a4 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek index dd5e71f1fe..ea99e13329 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol_catch_release.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek index 29c56c2535..30740dbf00 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_catch_release.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek index 29cb439a64..935142b33c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # Verify the state of internal tables after rules have been deleted... diff --git a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek index c64bd9e16b..a5e03add55 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek index e7bb61cc04..09694cc1f8 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff out @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek index 02056a1e0a..e12599db83 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek index d56c8e2468..4fc05d4f45 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek index 36c06fcc3d..04cd1302b3 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek index 46a1193a21..ac8a3f5c0a 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek index 9356253c98..71ef2b3efe 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek b/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek index e308205ffc..bc7de9dd3a 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/notice/cluster.zeek b/testing/btest/scripts/base/frameworks/notice/cluster.zeek index cda5fc857e..dadf5409ab 100644 --- a/testing/btest/scripts/base/frameworks/notice/cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log diff --git a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test index d5d3f4c3fa..7daffc2ea0 100644 --- a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test +++ b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test @@ -1,10 +1,10 @@ # This test checks that the default notice policy ordering does not # change from run to run. -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.1 -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.2 -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.3 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.2 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.3 diff --git a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek index 0970ec0c76..373d773bd2 100644 --- a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek +++ b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/web.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/web.trace %INPUT # @TEST-EXEC: btest-diff alarm-mail.txt hook Notice::policy(n: Notice::Info) &priority=1 diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek index 73cd65cfe9..cf99a0dbd9 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek b/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek index 5eeab5bff2..a281fd1b7c 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # The "Test_Notice" should be logged twice # @TEST-EXEC: test `grep Test_Notice notice.log | wc -l` -eq 2 diff --git a/testing/btest/scripts/base/frameworks/notice/suppression.zeek b/testing/btest/scripts/base/frameworks/notice/suppression.zeek index d91aa17a2e..f284bb4600 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff notice.log @load base/frameworks/notice diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index 3cce7bda1e..b84a337b9f 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out @@ -33,7 +33,6 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) event OpenFlow::controller_activated(name: string, controller: OpenFlow::Controller) { - continue_processing(); OpenFlow::flow_clear(of_controller); OpenFlow::flow_mod(of_controller, [], [$cookie=OpenFlow::generate_cookie(1), $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]); } @@ -55,14 +54,28 @@ event connection_established(c: connection) OpenFlow::flow_mod(of_controller, match_rev, flow_mod); } +global msg_count: count = 0; + +function got_message() + { + ++msg_count; + + if ( msg_count == 2 ) + continue_processing(); + else if ( msg_count == 6 ) + terminate(); + } + event OpenFlow::flow_mod_success(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string) { print "Flow_mod_success"; + got_message(); } event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string) { print "Flow_mod_failure"; + got_message(); } @TEST-END-FILE @@ -73,13 +86,6 @@ event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_ redef exit_only_after_terminate = T; -global msg_count: count = 0; - -event die() - { - terminate(); - } - event zeek_init() { Broker::subscribe("bro/openflow"); @@ -96,28 +102,16 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) terminate(); } -function got_message() - { - ++msg_count; - - if ( msg_count >= 4 ) - { - schedule 2sec { die() }; - } - } - event OpenFlow::broker_flow_mod(name: string, dpid: count, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod) { print "got flow_mod", dpid, match, flow_mod; Broker::publish("bro/openflow", OpenFlow::flow_mod_success, name, match, flow_mod, ""); Broker::publish("bro/openflow", OpenFlow::flow_mod_failure, name, match, flow_mod, ""); - got_message(); } event OpenFlow::broker_flow_clear(name: string, dpid: count) { print "flow_clear", dpid; - got_message(); } @TEST-END-FILE diff --git a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek index 5aa615f691..3604c95eec 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff openflow.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek index c6a9e90cb4..5aa40ed181 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/openflow.log diff --git a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek index 9df9822450..8f1dc35fce 100644 --- a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test index a3e2a54c57..537b210128 100644 --- a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test +++ b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test @@ -1,2 +1,2 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/web.trace -f "bad filter" +# @TEST-EXEC-FAIL: zeek -r $TRACES/web.trace -f "bad filter" # @TEST-EXEC: test -s .stderr diff --git a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek index bf449e886d..1395f20807 100644 --- a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log @@ -7,7 +7,14 @@ redef Reporter::errors_to_stderr = F; global test: table[count] of string = {}; -event zeek_init() +event my_event() { print test[3]; } + +event zeek_init() + { + # Errors within zeek_init are always printed to stderr, so check whether + # an error that happens later is suppressed. + schedule 0.2sec { my_event() }; + } diff --git a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek index 6b878ceef5..5c3793b435 100644 --- a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek index fd43145826..ecf36ca8dc 100644 --- a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek +++ b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff output module Software; diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek index 726aa09416..c54aa1b128 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek index 1362c739cf..3b454ebaa4 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run standalone bro %INPUT +# @TEST-EXEC: btest-bg-run standalone zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff standalone/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek index 04cdcca725..98240f3e10 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek index 4482b43524..7bbe1860a9 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 25 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek index 3ab0492f29..6218d85573 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek index 99658ad7d0..4faedd9bac 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout redef exit_only_after_terminate=T; diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek index 44dcd3abd4..a254c86ec0 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek index 30e80b1b49..7d63c2e946 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() &priority=5 diff --git a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek index f751a85e98..93ae99e0ef 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT | sort >output +# @TEST-EXEC: zeek %INPUT | sort >output # @TEST-EXEC: btest-diff output redef enum Notice::Type += { diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek index e32e417cc5..c5eaca9917 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek index 0b7ae1ea2f..a30d3ce4c8 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() &priority=5 diff --git a/testing/btest/scripts/base/misc/find-filtered-trace.test b/testing/btest/scripts/base/misc/find-filtered-trace.test index e6c61c2bd2..a63e0c7a2b 100644 --- a/testing/btest/scripts/base/misc/find-filtered-trace.test +++ b/testing/btest/scripts/base/misc/find-filtered-trace.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/bro.org-filtered.pcap >out1 2>&1 -# @TEST-EXEC: bro -r $TRACES/http/bro.org-filtered.pcap "FilteredTraceDetection::enable=F" >out2 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap >out1 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap "FilteredTraceDetection::enable=F" >out2 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/misc/version.zeek b/testing/btest/scripts/base/misc/version.zeek index bceade0abb..9826c69d58 100644 --- a/testing/btest/scripts/base/misc/version.zeek +++ b/testing/btest/scripts/base/misc/version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath" btest-diff .stderr @@ -21,7 +21,7 @@ print Version::parse("12.5"); print Version::parse("1.12-beta-drunk"); print Version::parse("JustARandomString"); -# check that current running version of Bro parses without error +# check that current running version of Zeek parses without error Version::parse(bro_version()); @TEST-START-NEXT diff --git a/testing/btest/scripts/base/protocols/arp/bad.test b/testing/btest/scripts/base/protocols/arp/bad.test index efe9b1d15a..fb3444f105 100644 --- a/testing/btest/scripts/base/protocols/arp/bad.test +++ b/testing/btest/scripts/base/protocols/arp/bad.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-leak.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-leak.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/basic.test b/testing/btest/scripts/base/protocols/arp/basic.test index 9ef1404567..c8dbc58cff 100644 --- a/testing/btest/scripts/base/protocols/arp/basic.test +++ b/testing/btest/scripts/base/protocols/arp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/radiotap.test b/testing/btest/scripts/base/protocols/arp/radiotap.test index 95ce471532..59f69aca13 100644 --- a/testing/btest/scripts/base/protocols/arp/radiotap.test +++ b/testing/btest/scripts/base/protocols/arp/radiotap.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has-radiotap.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has-radiotap.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/wlanmon.test b/testing/btest/scripts/base/protocols/arp/wlanmon.test index 7f909eac4f..6516d424e9 100644 --- a/testing/btest/scripts/base/protocols/arp/wlanmon.test +++ b/testing/btest/scripts/base/protocols/arp/wlanmon.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has-wlanmon.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has-wlanmon.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test index b53081826c..5bd0044dbc 100644 --- a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test +++ b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" +# @TEST-EXEC: zeek -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat diff --git a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek index 42919f6f13..6278078d49 100644 --- a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek +++ b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event new_connection_contents(c: connection) diff --git a/testing/btest/scripts/base/protocols/conn/polling.test b/testing/btest/scripts/base/protocols/conn/polling.test index f855326e77..4b009bacaa 100644 --- a/testing/btest/scripts/base/protocols/conn/polling.test +++ b/testing/btest/scripts/base/protocols/conn/polling.test @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT >out1 +# @TEST-EXEC: zeek -b -r $TRACES/http/100-continue.trace %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2 +# @TEST-EXEC: zeek -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2 # @TEST-EXEC: btest-diff out2 @load base/protocols/conn diff --git a/testing/btest/scripts/base/protocols/conn/threshold.zeek b/testing/btest/scripts/base/protocols/conn/threshold.zeek index 13daa8fff0..4ab01b4dbf 100644 --- a/testing/btest/scripts/base/protocols/conn/threshold.zeek +++ b/testing/btest/scripts/base/protocols/conn/threshold.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_established(c: connection) diff --git a/testing/btest/scripts/base/protocols/dce-rpc/context.zeek b/testing/btest/scripts/base/protocols/dce-rpc/context.zeek index cb0d93383b..f49649848b 100644 --- a/testing/btest/scripts/base/protocols/dce-rpc/context.zeek +++ b/testing/btest/scripts/base/protocols/dce-rpc/context.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT >out +# @TEST-EXEC: zeek -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff dce_rpc.log diff --git a/testing/btest/scripts/base/protocols/dce-rpc/mapi.test b/testing/btest/scripts/base/protocols/dce-rpc/mapi.test index 97431bb005..ba29d31540 100644 --- a/testing/btest/scripts/base/protocols/dce-rpc/mapi.test +++ b/testing/btest/scripts/base/protocols/dce-rpc/mapi.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/dce-rpc/mapi.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/mapi.pcap %INPUT # @TEST-EXEC: btest-diff dce_rpc.log # @TEST-EXEC: btest-diff ntlm.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest index 8f192b7aa4..8f32736572 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest index 752ab91780..0c902911a2 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest index 1952682e61..1833bd70ab 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest index 3bd37a996b..f5fc6be660 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/inform.test b/testing/btest/scripts/base/protocols/dhcp/inform.test index 652fd1ae45..7a6fa78eaa 100644 --- a/testing/btest/scripts/base/protocols/dhcp/inform.test +++ b/testing/btest/scripts/base/protocols/dhcp/inform.test @@ -1,5 +1,5 @@ # DHCPINFORM leases are special-cased in the code. # This tests that those leases are correctly logged. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_inform.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_inform.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek index e551bbf7d6..dd2fe42007 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek index 489be56505..3fd98f90a9 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek index 9155ea0174..9fa7cff416 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek index 87140ec1fe..279ce73fc5 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek index 8ca9e3107d..a7bf5a6c51 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek index 868ce39cc0..c55ad9eaf5 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek index 340e2b3132..c474cc5594 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek index f88c262d54..7f0e2437af 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek index 9119c33a97..44fcd570c1 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek index 07479c92a2..2efaa4f5d7 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek index cf64179dfe..9f817b5bc1 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek index c6deb5eb69..8c1aa79dba 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek index f88e04f37a..60eeb30480 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek index 86b99a11c7..cb0e0560d3 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/events.zeek b/testing/btest/scripts/base/protocols/dnp3/events.zeek index c5a853be61..ec871b0932 100644 --- a/testing/btest/scripts/base/protocols/dnp3/events.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dns/caa.zeek b/testing/btest/scripts/base/protocols/dns/caa.zeek index 9a0f4701de..4c3b5af22d 100644 --- a/testing/btest/scripts/base/protocols/dns/caa.zeek +++ b/testing/btest/scripts/base/protocols/dns/caa.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-caa.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-caa.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event dns_CAA_reply(c: connection, msg: dns_msg, ans: dns_answer, flags: count, tag: string, value: string) diff --git a/testing/btest/scripts/base/protocols/dns/dns-key.zeek b/testing/btest/scripts/base/protocols/dns/dns-key.zeek index 4880ad3530..7ab37cb015 100644 --- a/testing/btest/scripts/base/protocols/dns/dns-key.zeek +++ b/testing/btest/scripts/base/protocols/dns/dns-key.zeek @@ -1,4 +1,4 @@ # Making sure DNSKEY gets logged as such. # -# @TEST-EXEC: bro -r $TRACES/dnssec/dnskey2.pcap +# @TEST-EXEC: zeek -r $TRACES/dnssec/dnskey2.pcap # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/dnskey.zeek b/testing/btest/scripts/base/protocols/dns/dnskey.zeek index 9297dc696a..b790b832cf 100644 --- a/testing/btest/scripts/base/protocols/dns/dnskey.zeek +++ b/testing/btest/scripts/base/protocols/dns/dnskey.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/ds.zeek b/testing/btest/scripts/base/protocols/dns/ds.zeek index ecb90514cd..4c1a75562f 100644 --- a/testing/btest/scripts/base/protocols/dns/ds.zeek +++ b/testing/btest/scripts/base/protocols/dns/ds.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/ds.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/ds.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek index e13b3b4807..91f37fa723 100644 --- a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek +++ b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace +# @TEST-EXEC: zeek -r $TRACES/dns-two-responses.trace # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/flip.zeek b/testing/btest/scripts/base/protocols/dns/flip.zeek index 66987ee27d..92058c6c49 100644 --- a/testing/btest/scripts/base/protocols/dns/flip.zeek +++ b/testing/btest/scripts/base/protocols/dns/flip.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/dns53.pcap +# @TEST-EXEC: zeek -r $TRACES/dns53.pcap # @TEST-EXEC: btest-diff dns.log # If the DNS reply is seen first, should be able to correctly set orig/resp. diff --git a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek index ee6a76e978..90ed2275b0 100644 --- a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek +++ b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-huge-ttl.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-huge-ttl.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) diff --git a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek index 4a15792702..55ea225106 100644 --- a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek +++ b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-txt-multiple.trace +# @TEST-EXEC: zeek -r $TRACES/dns-txt-multiple.trace # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/nsec.zeek b/testing/btest/scripts/base/protocols/dns/nsec.zeek index 8d9b1c91a7..006e24057b 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/nsec3.zeek b/testing/btest/scripts/base/protocols/dns/nsec3.zeek index 0710be8fea..ce77ae857d 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec3.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/rrsig.zeek b/testing/btest/scripts/base/protocols/dns/rrsig.zeek index 32b958a789..68f6a46e0a 100644 --- a/testing/btest/scripts/base/protocols/dns/rrsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/rrsig.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/tsig.zeek b/testing/btest/scripts/base/protocols/dns/tsig.zeek index 79de4cf9f1..7df31eb9c4 100644 --- a/testing/btest/scripts/base/protocols/dns/tsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/tsig.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-tsig.trace %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/dns-tsig.trace %INPUT >out # @TEST-EXEC: btest-diff out redef dns_skip_all_addl = F; diff --git a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek index 54f7d7b7d3..aff38b4402 100644 --- a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek +++ b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-zero-RRs.trace +# @TEST-EXEC: zeek -r $TRACES/dns-zero-RRs.trace # @TEST-EXEC: btest-diff dns.log \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek index c3c5de778a..79b41fa28d 100644 --- a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek +++ b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log # @TEST-EXEC: btest-diff output.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek index 4791d31460..42e90301b4 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek @@ -1,5 +1,5 @@ # This tests extracting the server reported file size # from FTP sessions. # -# @TEST-EXEC: bro -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap +# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek index cb58d4af8a..f12ef0d109 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv4. # -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek index 87dfa7e052..bb8bf9ca1b 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv6. # -# @TEST-EXEC: bro -r $TRACES/ftp/ipv6.trace +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/gridftp.test b/testing/btest/scripts/base/protocols/ftp/gridftp.test index 18b3bd956b..3981adc5ae 100644 --- a/testing/btest/scripts/base/protocols/ftp/gridftp.test +++ b/testing/btest/scripts/base/protocols/ftp/gridftp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/globus-url-copy.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/globus-url-copy.trace %INPUT # @TEST-EXEC: btest-diff notice.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/http/100-continue.zeek b/testing/btest/scripts/base/protocols/http/100-continue.zeek index ed9e4970fe..110c6c2f4c 100644 --- a/testing/btest/scripts/base/protocols/http/100-continue.zeek +++ b/testing/btest/scripts/base/protocols/http/100-continue.zeek @@ -3,7 +3,7 @@ # a given request. The http scripts should also be able log such replies # in a way that correlates the final response with the request. # -# @TEST-EXEC: bro -r $TRACES/http/100-continue.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/100-continue.trace %INPUT # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek index b6aabb0de5..e8ec4ff491 100644 --- a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek +++ b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek @@ -1,7 +1,7 @@ # This tests that the HTTP analyzer does not generate a dpd error as a # result of seeing an upgraded connection. # -# @TEST-EXEC: bro -r $TRACES/http/websocket.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/websocket.pcap %INPUT # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek index 74ce213505..f499543327 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-gap-skip.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap-skip.trace %INPUT # In this trace, we should be able to determine that a gap lies # entirely within the body of an entity that specifies Content-Range, diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek index a62e8aa362..d992ef4d38 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-gap.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap.trace %INPUT # @TEST-EXEC: btest-diff extract_files/thefile event file_new(f: fa_file) diff --git a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek index c95816b29f..e10e504635 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-less-than-len.pcap +# @TEST-EXEC: zeek -r $TRACES/http/content-range-less-than-len.pcap # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/entity-gap.zeek b/testing/btest/scripts/base/protocols/http/entity-gap.zeek index 95d3e52759..6f82801d2d 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/entity_gap.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/entity_gap.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 diff --git a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek index c9ade93b72..e8703efc85 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/entity_gap2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/entity_gap2.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 diff --git a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek index 5993b18ed1..30bb628958 100644 --- a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek +++ b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/fake-content-length.pcap +# @TEST-EXEC: zeek -r $TRACES/http/fake-content-length.pcap # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek index f95196e8bd..dbd4747598 100644 --- a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek +++ b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek index 84172878f6..6c2cbcc815 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek @@ -1,7 +1,7 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly # when the server include a header line into its response. # -# @TEST-EXEC: bro -C -r $TRACES/http/connect-with-header.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/http/connect-with-header.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/http/http-connect.zeek b/testing/btest/scripts/base/protocols/http/http-connect.zeek index df6f3268b4..39cf3f3271 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly. # -# @TEST-EXEC: bro -r $TRACES/http/connect-with-smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/connect-with-smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff smtp.log diff --git a/testing/btest/scripts/base/protocols/http/http-filename.zeek b/testing/btest/scripts/base/protocols/http/http-filename.zeek index b20bbddafe..b3528191c0 100644 --- a/testing/btest/scripts/base/protocols/http/http-filename.zeek +++ b/testing/btest/scripts/base/protocols/http/http-filename.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles filenames over HTTP correctly. # -# @TEST-EXEC: bro -r $TRACES/http/http-filename.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/http-filename.pcap %INPUT # @TEST-EXEC: btest-diff http.log # The base analysis scripts are loaded by default. diff --git a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek index c9ba7afba3..60d5095d97 100644 --- a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek +++ b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek @@ -2,7 +2,7 @@ # it gets confused whether it's in a header or not; it shouldn't report # the http_no_crlf_in_header_list wierd. # -# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace %INPUT # @TEST-EXEC: test ! -f weird.log # The base analysis scripts are loaded by default. diff --git a/testing/btest/scripts/base/protocols/http/http-methods.zeek b/testing/btest/scripts/base/protocols/http/http-methods.zeek index 5ab89bbe4d..810868184f 100644 --- a/testing/btest/scripts/base/protocols/http/http-methods.zeek +++ b/testing/btest/scripts/base/protocols/http/http-methods.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles strange HTTP methods properly. # -# @TEST-EXEC: bro -r $TRACES/http/methods.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/methods.trace %INPUT # @TEST-EXEC: btest-diff weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek index afb1a7f33e..d1451276fe 100644 --- a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek +++ b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output +# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace %INPUT > output # @TEST-EXEC: btest-diff http.log # mime type is irrelevant to this test, so filter it out diff --git a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek index 25923f70da..9c993c7e7f 100644 --- a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek +++ b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek @@ -2,5 +2,5 @@ # include an appropriate ZLIB header on deflated # content. # -# @TEST-EXEC: bro -r $TRACES/http/missing-zlib-header.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/missing-zlib-header.pcap %INPUT # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek index a919a844b2..93f12e13d7 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: cat extract_files/http-item-* | sort > extractions diff --git a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek index 7c0690babd..21980ae7e0 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace # @TEST-EXEC: btest-diff http.log -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT >out-limited +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT >out-limited # @TEST-EXEC: mv http.log http-limited.log # @TEST-EXEC: btest-diff http-limited.log # @TEST-EXEC: btest-diff out-limited -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT ignore_http_file_limit=T >out-limit-ignored +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT ignore_http_file_limit=T >out-limit-ignored # @TEST-EXEC: mv http.log http-limit-ignored.log # @TEST-EXEC: btest-diff http-limit-ignored.log # @TEST-EXEC: btest-diff out-limit-ignored diff --git a/testing/btest/scripts/base/protocols/http/no-uri.zeek b/testing/btest/scripts/base/protocols/http/no-uri.zeek index 9793b93c58..dc0a3f313d 100644 --- a/testing/btest/scripts/base/protocols/http/no-uri.zeek +++ b/testing/btest/scripts/base/protocols/http/no-uri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/no-uri.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/no-uri.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/no-version.zeek b/testing/btest/scripts/base/protocols/http/no-version.zeek index 3e861534bd..d926cb565e 100644 --- a/testing/btest/scripts/base/protocols/http/no-version.zeek +++ b/testing/btest/scripts/base/protocols/http/no-version.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/no-version.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/no-version.pcap %INPUT # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek index a41dbab294..9bfd21d46f 100644 --- a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek +++ b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/percent-end-of-line.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/percent-end-of-line.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/x-gzip.zeek b/testing/btest/scripts/base/protocols/http/x-gzip.zeek index a73fc5f71f..75cd505490 100644 --- a/testing/btest/scripts/base/protocols/http/x-gzip.zeek +++ b/testing/btest/scripts/base/protocols/http/x-gzip.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/x-gzip.pcap +# @TEST-EXEC: zeek -r $TRACES/http/x-gzip.pcap # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek index ccf397617e..1e7ba1f5eb 100644 --- a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek +++ b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek @@ -3,7 +3,7 @@ # files when there isn't actually any body there and shouldn't # create a file. # -# @TEST-EXEC: bro -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT # There shouldn't be a files log (no files!) # @TEST-EXEC: test ! -f files.log diff --git a/testing/btest/scripts/base/protocols/imap/capabilities.test b/testing/btest/scripts/base/protocols/imap/capabilities.test index 06bdb56b7d..81fb802275 100644 --- a/testing/btest/scripts/base/protocols/imap/capabilities.test +++ b/testing/btest/scripts/base/protocols/imap/capabilities.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/imap/starttls.test b/testing/btest/scripts/base/protocols/imap/starttls.test index 444c27688a..2d20622b15 100644 --- a/testing/btest/scripts/base/protocols/imap/starttls.test +++ b/testing/btest/scripts/base/protocols/imap/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/irc/basic.test b/testing/btest/scripts/base/protocols/irc/basic.test index d4fb893e2c..bf3141896b 100644 --- a/testing/btest/scripts/base/protocols/irc/basic.test +++ b/testing/btest/scripts/base/protocols/irc/basic.test @@ -1,7 +1,7 @@ # This tests that basic IRC commands (NICK, USER, JOIN, DCC SEND) # are logged for a client. -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff irc.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/scripts/base/protocols/irc/events.test b/testing/btest/scripts/base/protocols/irc/events.test index c5220b247b..3e187d9da9 100644 --- a/testing/btest/scripts/base/protocols/irc/events.test +++ b/testing/btest/scripts/base/protocols/irc/events.test @@ -1,8 +1,8 @@ # Test IRC events -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT -# @TEST-EXEC: bro -r $TRACES/irc-basic.trace %INPUT -# @TEST-EXEC: bro -r $TRACES/irc-whitespace.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-basic.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-whitespace.trace %INPUT # @TEST-EXEC: btest-diff .stdout event irc_privmsg_message(c: connection, is_orig: bool, source: string, target: string, message: string) diff --git a/testing/btest/scripts/base/protocols/irc/longline.test b/testing/btest/scripts/base/protocols/irc/longline.test index 0573494844..fec493d086 100644 --- a/testing/btest/scripts/base/protocols/irc/longline.test +++ b/testing/btest/scripts/base/protocols/irc/longline.test @@ -1,6 +1,6 @@ # This tests that an excessively long line is truncated by the contentline # analyzer -# @TEST-EXEC: bro -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/irc/names-weird.zeek b/testing/btest/scripts/base/protocols/irc/names-weird.zeek index 33124416f6..2d0ff001b2 100644 --- a/testing/btest/scripts/base/protocols/irc/names-weird.zeek +++ b/testing/btest/scripts/base/protocols/irc/names-weird.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/irc-353.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/irc-353.pcap %INPUT # @TEST-EXEC: btest-diff weird.log event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) diff --git a/testing/btest/scripts/base/protocols/irc/starttls.test b/testing/btest/scripts/base/protocols/irc/starttls.test index c110a77c39..9a0ec689ad 100644 --- a/testing/btest/scripts/base/protocols/irc/starttls.test +++ b/testing/btest/scripts/base/protocols/irc/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/krb/kinit.test b/testing/btest/scripts/base/protocols/krb/kinit.test index d9e4097361..16c8773a5b 100644 --- a/testing/btest/scripts/base/protocols/krb/kinit.test +++ b/testing/btest/scripts/base/protocols/krb/kinit.test @@ -1,6 +1,6 @@ # This test exercises many of the Linux kinit options against a KDC -# @TEST-EXEC: bro -b -r $TRACES/krb/kinit.trace %INPUT > output +# @TEST-EXEC: zeek -b -r $TRACES/krb/kinit.trace %INPUT > output # @TEST-EXEC: btest-diff kerberos.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb.test b/testing/btest/scripts/base/protocols/krb/smb2_krb.test index 32c2a6e58d..a5ffd20ebc 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test @@ -2,10 +2,10 @@ # Kerberos analyzer can open the AD ticket in the Negociate # Protocol Request and find the user. # -# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab -# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT # @TEST-EXEC: btest-diff .stdout redef KRB::keytab = "smb2_krb.keytab"; diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test index d08543a0fb..557b0128b5 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test @@ -1,10 +1,10 @@ # This test verifies that without a keytab file no entries are # created and no errors happen. # -# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab -# @TEST-EXEC: bro -C -r $TRACES/krb/smb2_krb.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/krb/smb2_krb.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test index 95e5660812..b8ad67945c 100644 --- a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test +++ b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test @@ -3,7 +3,7 @@ # SMB authentication event and therfore relies on the SMB # analyzer as well. -# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log # @TEST-EXEC: btest-diff-rst scripts.base.protocols.krb diff --git a/testing/btest/scripts/base/protocols/krb/tgs.test b/testing/btest/scripts/base/protocols/krb/tgs.test index bbf99762f6..8041a12804 100644 --- a/testing/btest/scripts/base/protocols/krb/tgs.test +++ b/testing/btest/scripts/base/protocols/krb/tgs.test @@ -1,6 +1,6 @@ # This test exercises a Kerberos authentication to a Kerberized SSH server -# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/krb/auth.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log @load base/protocols/krb diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek index acbf9aef8c..1cecf4c541 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek index 84ee314907..0e21021d6e 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/events.zeek b/testing/btest/scripts/base/protocols/modbus/events.zeek index 55a3f3cb04..4b55828565 100644 --- a/testing/btest/scripts/base/protocols/modbus/events.zeek +++ b/testing/btest/scripts/base/protocols/modbus/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/exception_handling.test b/testing/btest/scripts/base/protocols/modbus/exception_handling.test index 8a4fadcbeb..b249fd33b0 100644 --- a/testing/btest/scripts/base/protocols/modbus/exception_handling.test +++ b/testing/btest/scripts/base/protocols/modbus/exception_handling.test @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-72.trace +# @TEST-EXEC: zeek -r $TRACES/modbus/fuzz-72.trace # @TEST-EXEC: btest-diff modbus.log # The pcap has a flow with some fuzzed modbus traffic in it that should cause # the binpac-generated analyzer code to throw a binpac::ExceptionOutOfBound. # This should be correctly caught as a type of binpac::Exception and the # binpac::ModbusTCP::Exception type that's defined as part of the analyzer -# shouldn't interfere with that handling and definitely shouldn't crash bro. +# shouldn't interfere with that handling and definitely shouldn't crash Zeek. diff --git a/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek b/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek index 17371f3788..0659614bd8 100644 --- a/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek +++ b/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek @@ -11,4 +11,4 @@ # as that can cause reading from a location that exceeds the end of the # data buffer. -# @TEST-EXEC: bro -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap +# @TEST-EXEC: zeek -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap diff --git a/testing/btest/scripts/base/protocols/modbus/policy.zeek b/testing/btest/scripts/base/protocols/modbus/policy.zeek index 5dab1d09f8..ae4923ee77 100644 --- a/testing/btest/scripts/base/protocols/modbus/policy.zeek +++ b/testing/btest/scripts/base/protocols/modbus/policy.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/modbus/modbus.trace %INPUT # @TEST-EXEC: btest-diff modbus.log # @TEST-EXEC: btest-diff modbus_register_change.log # @TEST-EXEC: btest-diff known_modbus.log diff --git a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek index 1641860228..1fc482ee95 100644 --- a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek +++ b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-1011.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/modbus/fuzz-1011.trace %INPUT >output # @TEST-EXEC: btest-diff modbus.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/mount/basic.test b/testing/btest/scripts/base/protocols/mount/basic.test index bd6fd5d5db..65a1adffd4 100644 --- a/testing/btest/scripts/base/protocols/mount/basic.test +++ b/testing/btest/scripts/base/protocols/mount/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/mount/mount_base.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mount/mount_base.pcap %INPUT # @TEST-EXEC: btest-diff .stdout global mount_ports: set[port] = { 635/tcp, 635/udp, 20048/tcp, 20048/udp } &redef; diff --git a/testing/btest/scripts/base/protocols/mysql/auth.test b/testing/btest/scripts/base/protocols/mysql/auth.test index 6c764e496f..78c1ca0f19 100644 --- a/testing/btest/scripts/base/protocols/mysql/auth.test +++ b/testing/btest/scripts/base/protocols/mysql/auth.test @@ -1,6 +1,6 @@ # This tests that successful/unsuccesful auth attempts get logged correctly -# @TEST-EXEC: bro -b -r $TRACES/mysql/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mysql/auth.trace %INPUT # @TEST-EXEC: btest-diff mysql.log @load base/protocols/mysql \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/mysql/encrypted.test b/testing/btest/scripts/base/protocols/mysql/encrypted.test index e41c93186f..d6bfb0a271 100644 --- a/testing/btest/scripts/base/protocols/mysql/encrypted.test +++ b/testing/btest/scripts/base/protocols/mysql/encrypted.test @@ -1,8 +1,9 @@ -# This tests how Bro deals with encrypted connections. Right now, it doesn't log them as it -# can't parse much of value. We're testing for an empty mysql.log file. +# This tests how Zeek deals with encrypted connections. Right now, it +# doesn't log them as it can't parse much of value. We're testing for an +# empty mysql.log file. # @TEST-EXEC: touch mysql.log -# @TEST-EXEC: bro -b -r $TRACES/mysql/encrypted.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mysql/encrypted.trace %INPUT # @TEST-EXEC: btest-diff mysql.log -@load base/protocols/mysql \ No newline at end of file +@load base/protocols/mysql diff --git a/testing/btest/scripts/base/protocols/mysql/wireshark.test b/testing/btest/scripts/base/protocols/mysql/wireshark.test index 55fe5be16c..64c8eb7ffa 100644 --- a/testing/btest/scripts/base/protocols/mysql/wireshark.test +++ b/testing/btest/scripts/base/protocols/mysql/wireshark.test @@ -1,6 +1,6 @@ # This tests a PCAP with a few MySQL commands from the Wireshark samples. -# @TEST-EXEC: bro -b -r $TRACES/mysql/mysql.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/mysql/mysql.trace %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff mysql.log diff --git a/testing/btest/scripts/base/protocols/ncp/event.zeek b/testing/btest/scripts/base/protocols/ncp/event.zeek index 2333544b05..58ac47c8e8 100644 --- a/testing/btest/scripts/base/protocols/ncp/event.zeek +++ b/testing/btest/scripts/base/protocols/ncp/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT >out +# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek index cc4a5799f2..c18f322892 100644 --- a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek +++ b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out +# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/nfs/basic.test b/testing/btest/scripts/base/protocols/nfs/basic.test index 9b7ae91910..e4dab09ed6 100755 --- a/testing/btest/scripts/base/protocols/nfs/basic.test +++ b/testing/btest/scripts/base/protocols/nfs/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/nfs/nfs_base.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/nfs/nfs_base.pcap %INPUT # @TEST-EXEC: btest-diff .stdout global nfs_ports: set[port] = { 2049/tcp, 2049/udp } &redef; diff --git a/testing/btest/scripts/base/protocols/pop3/starttls.zeek b/testing/btest/scripts/base/protocols/pop3/starttls.zeek index d2bfee6449..cf5371d284 100644 --- a/testing/btest/scripts/base/protocols/pop3/starttls.zeek +++ b/testing/btest/scripts/base/protocols/pop3/starttls.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/radius/auth.test b/testing/btest/scripts/base/protocols/radius/auth.test index 9ec63dec0a..bcddeffd57 100644 --- a/testing/btest/scripts/base/protocols/radius/auth.test +++ b/testing/btest/scripts/base/protocols/radius/auth.test @@ -1,6 +1,6 @@ # This tests that a RADIUS authentication gets logged correctly -# @TEST-EXEC: bro -b -r $TRACES/radius/radius.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/radius/radius.trace %INPUT # @TEST-EXEC: btest-diff radius.log @load base/protocols/radius \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test b/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test index 473e492355..6456e58fe2 100644 --- a/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test +++ b/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test @@ -1,6 +1,6 @@ # Test a more complicated radius session with multiple attempts -# @TEST-EXEC: bro -b -C -r $TRACES/radius/radius_localhost.pcapng %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/radius/radius_localhost.pcapng %INPUT # @TEST-EXEC: btest-diff radius.log @load base/protocols/radius diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek index 99305087ba..7558506c8f 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log @load base/protocols/rdp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek index 1be2bd7e8e..47f154eef3 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek index 2fed0d7d19..56747a915b 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-x509.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-x509.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-remove-x509-key-info" btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test index e4510f35fb..2fc8129c67 100644 --- a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test +++ b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/rfb/vncmac.pcap +# @TEST-EXEC: zeek -C -r $TRACES/rfb/vncmac.pcap # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test index c9dd37f1c1..027a70e955 100644 --- a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test +++ b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/rfb/vnc-mac-to-linux.pcap +# @TEST-EXEC: zeek -C -r $TRACES/rfb/vnc-mac-to-linux.pcap # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/sip/wireshark.test b/testing/btest/scripts/base/protocols/sip/wireshark.test index 8c4611c880..12ebe6b664 100644 --- a/testing/btest/scripts/base/protocols/sip/wireshark.test +++ b/testing/btest/scripts/base/protocols/sip/wireshark.test @@ -1,6 +1,6 @@ # This tests a PCAP with a few SIP commands from the Wireshark samples. -# @TEST-EXEC: bro -b -r $TRACES/sip/wireshark.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/sip/wireshark.trace %INPUT # @TEST-EXEC: btest-diff sip.log @load base/protocols/sip \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test index d65ee81c41..330e95eace 100644 --- a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test +++ b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT # @TEST-EXEC: [ ! -f dce_rpc.log ] @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/raw-ntlm.test b/testing/btest/scripts/base/protocols/smb/raw-ntlm.test index 9cf9aa35c4..4518368972 100644 --- a/testing/btest/scripts/base/protocols/smb/raw-ntlm.test +++ b/testing/btest/scripts/base/protocols/smb/raw-ntlm.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/raw_ntlm_in_smb.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/raw_ntlm_in_smb.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/ntlm diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test index 52f05c57b4..8a6a775005 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT # @TEST-EXEC: btest-diff dce_rpc.log @load base/protocols/dce-rpc diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test index 1573eb93b8..d6b5d0766d 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test index 6e826445e9..5016c828b5 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_response.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_response.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test index e186ee7b22..797fe01b6d 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_secondary_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_secondary_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test index d216d41c32..40fe08a2a4 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction2_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction2_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test index e8c462dd0d..1e7ba8665f 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction2_secondary_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction2_secondary_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1.test b/testing/btest/scripts/base/protocols/smb/smb1.test index 61727754dc..89ac10eecb 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1.test +++ b/testing/btest/scripts/base/protocols/smb/smb1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/smb/smb1.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smb/smb1.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek index 0d59e7a495..ed18bb0715 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek +++ b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log # @TEST-EXEC: btest-diff files.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test index f926628f03..c737b43991 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test +++ b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb2.test b/testing/btest/scripts/base/protocols/smb/smb2.test index c4c6e78224..f69972f8ba 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2.test +++ b/testing/btest/scripts/base/protocols/smb/smb2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smb/smb2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smb/smb2.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log # @TEST-EXEC: btest-diff smb_mapping.log # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/protocols/smb/smb3.test b/testing/btest/scripts/base/protocols/smb/smb3.test index f762ea10f3..aeab67d27c 100644 --- a/testing/btest/scripts/base/protocols/smb/smb3.test +++ b/testing/btest/scripts/base/protocols/smb/smb3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smb/smb3.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smb/smb3.pcap %INPUT # @TEST-EXEC: btest-diff smb_mapping.log # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log diff --git a/testing/btest/scripts/base/protocols/smb/smb311.test b/testing/btest/scripts/base/protocols/smb/smb311.test index 22f232c14a..c988355742 100644 --- a/testing/btest/scripts/base/protocols/smb/smb311.test +++ b/testing/btest/scripts/base/protocols/smb/smb311.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/smb/smb311.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/smb311.pcap %INPUT # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/smtp/attachment.test b/testing/btest/scripts/base/protocols/smtp/attachment.test index 49602f00c1..ddbdae0d64 100644 --- a/testing/btest/scripts/base/protocols/smtp/attachment.test +++ b/testing/btest/scripts/base/protocols/smtp/attachment.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff smtp.log # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/protocols/smtp/basic.test b/testing/btest/scripts/base/protocols/smtp/basic.test index 6be512a255..41a9290f13 100644 --- a/testing/btest/scripts/base/protocols/smtp/basic.test +++ b/testing/btest/scripts/base/protocols/smtp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/one-side.test b/testing/btest/scripts/base/protocols/smtp/one-side.test index cffbe1d173..9c9e036a8c 100644 --- a/testing/btest/scripts/base/protocols/smtp/one-side.test +++ b/testing/btest/scripts/base/protocols/smtp/one-side.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smtp-one-side-only.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smtp-one-side-only.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/starttls.test b/testing/btest/scripts/base/protocols/smtp/starttls.test index e3a114f572..865497f022 100644 --- a/testing/btest/scripts/base/protocols/smtp/starttls.test +++ b/testing/btest/scripts/base/protocols/smtp/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/smtp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/smtp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff smtp.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek index 5c21cf7be3..16203c597e 100644 --- a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek +++ b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/snmp diff --git a/testing/btest/scripts/base/protocols/snmp/v1.zeek b/testing/btest/scripts/base/protocols/snmp/v1.zeek index 09f86a28e4..6513d94177 100644 --- a/testing/btest/scripts/base/protocols/snmp/v1.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v1.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.zeek >out4 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.zeek >out4 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v2.zeek b/testing/btest/scripts/base/protocols/snmp/v2.zeek index 58491d33b2..015d6446da 100644 --- a/testing/btest/scripts/base/protocols/snmp/v2.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v2.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v3.zeek b/testing/btest/scripts/base/protocols/snmp/v3.zeek index 4d72b6476d..7d4cb53e72 100644 --- a/testing/btest/scripts/base/protocols/snmp/v3.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 # @TEST-EXEC: btest-diff out1 diff --git a/testing/btest/scripts/base/protocols/socks/socks-auth.zeek b/testing/btest/scripts/base/protocols/socks/socks-auth.zeek index d58e1b5801..eabd4a6420 100644 --- a/testing/btest/scripts/base/protocols/socks/socks-auth.zeek +++ b/testing/btest/scripts/base/protocols/socks/socks-auth.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks-auth.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks-auth.pcap %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace1.test b/testing/btest/scripts/base/protocols/socks/trace1.test index fb1d9ebaf2..900a962fef 100644 --- a/testing/btest/scripts/base/protocols/socks/trace1.test +++ b/testing/btest/scripts/base/protocols/socks/trace1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks.trace %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace2.test b/testing/btest/scripts/base/protocols/socks/trace2.test index 5e3a449120..c9defb5f34 100644 --- a/testing/btest/scripts/base/protocols/socks/trace2.test +++ b/testing/btest/scripts/base/protocols/socks/trace2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks-with-ssl.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks-with-ssl.trace %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace3.test b/testing/btest/scripts/base/protocols/socks/trace3.test index c3b3b091eb..c83ad4fa87 100644 --- a/testing/btest/scripts/base/protocols/socks/trace3.test +++ b/testing/btest/scripts/base/protocols/socks/trace3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/socks.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/socks.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log @load base/protocols/socks diff --git a/testing/btest/scripts/base/protocols/ssh/basic.test b/testing/btest/scripts/base/protocols/ssh/basic.test index 84b38a1f32..162ab9dd1f 100644 --- a/testing/btest/scripts/base/protocols/ssh/basic.test +++ b/testing/btest/scripts/base/protocols/ssh/basic.test @@ -1,6 +1,6 @@ # This tests some SSH connections and the output log. -# @TEST-EXEC: bro -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.trace %INPUT # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test b/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test index 64641fe4af..ca13bda6ef 100644 --- a/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test +++ b/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test @@ -1,6 +1,6 @@ # This tests a successful login with pubkey using curve25519 as the KEX algorithm -# @TEST-EXEC: bro -b -r $TRACES/ssh/ssh_kex_curve25519.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/ssh/ssh_kex_curve25519.pcap %INPUT # @TEST-EXEC: btest-diff ssh.log @load base/protocols/ssh \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test index abaa48fd35..e87a246957 100644 --- a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test +++ b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output +# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output # @TEST-EXEC: btest-diff output event ssh_auth_attempted(c: connection, authenticated: bool) diff --git a/testing/btest/scripts/base/protocols/ssl/basic.test b/testing/btest/scripts/base/protocols/ssl/basic.test index 51eacfd572..918ecd55b7 100644 --- a/testing/btest/scripts/base/protocols/ssl/basic.test +++ b/testing/btest/scripts/base/protocols/ssl/basic.test @@ -1,6 +1,6 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/common_name.test b/testing/btest/scripts/base/protocols/ssl/common_name.test index fa14e19045..32565b2ea7 100644 --- a/testing/btest/scripts/base/protocols/ssl/common_name.test +++ b/testing/btest/scripts/base/protocols/ssl/common_name.test @@ -1,7 +1,7 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT -# @TEST-EXEC: bro -C -r $TRACES/tls/cert-no-cn.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/cert-no-cn.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) diff --git a/testing/btest/scripts/base/protocols/ssl/comp_methods.test b/testing/btest/scripts/base/protocols/ssl/comp_methods.test index fa24d4b47b..ae6b43e179 100644 --- a/testing/btest/scripts/base/protocols/ssl/comp_methods.test +++ b/testing/btest/scripts/base/protocols/ssl/comp_methods.test @@ -1,6 +1,6 @@ # This tests that the values sent for compression methods are correct. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index 878d2a3064..ce405cb405 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -1,6 +1,6 @@ -# This tests if Bro does not crash when exposed to CVE-2015-3194 +# This tests if Zeek does not crash when exposed to CVE-2015-3194 -# @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/protocols/ssl/dhe.test b/testing/btest/scripts/base/protocols/ssl/dhe.test index f41cb70fab..df22cea9cc 100644 --- a/testing/btest/scripts/base/protocols/ssl/dhe.test +++ b/testing/btest/scripts/base/protocols/ssl/dhe.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test index 20b6ab6b74..f7f76a6e1a 100644 --- a/testing/btest/scripts/base/protocols/ssl/dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dpd.test @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/ssl-v2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-early-alert.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test index e8731bb1be..88667fca18 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test @@ -1,6 +1,6 @@ # This tests checks that non-dtls connections to which we attach don't trigger tons of errors. -# @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/dns-txt-multiple.trace %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test index d2437aac8b..b86ff75ee4 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/webrtc-stun.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/webrtc-stun.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: touch dpd.log # @TEST-EXEC: btest-diff dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls.test index a1b2c74dd8..2f31758cbf 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls.test @@ -1,9 +1,9 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cp ssl.log ssl1_2.log # @TEST-EXEC: cp x509.log x5091_2.log # @TEST-EXEC: btest-diff ssl1_2.log diff --git a/testing/btest/scripts/base/protocols/ssl/ecdhe.test b/testing/btest/scripts/base/protocols/ssl/ecdhe.test index bd1bd2cb96..e200619013 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdhe.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdhe.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/ssl/ecdsa.test b/testing/btest/scripts/base/protocols/ssl/ecdsa.test index a2db7c2cb5..2ace638a41 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdsa.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdsa.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/ssl/fragment.test b/testing/btest/scripts/base/protocols/ssl/fragment.test index b01a78a07a..2ea87d8291 100644 --- a/testing/btest/scripts/base/protocols/ssl/fragment.test +++ b/testing/btest/scripts/base/protocols/ssl/fragment.test @@ -1,6 +1,6 @@ # Test a heavily fragmented tls connection -# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | bro -r - %INPUT +# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | zeek -r - %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/handshake-events.test b/testing/btest/scripts/base/protocols/ssl/handshake-events.test index f73d268eef..0b45bebc02 100644 --- a/testing/btest/scripts/base/protocols/ssl/handshake-events.test +++ b/testing/btest/scripts/base/protocols/ssl/handshake-events.test @@ -1,6 +1,6 @@ # This tests events not covered by other tests -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/ssl/keyexchange.test b/testing/btest/scripts/base/protocols/ssl/keyexchange.test index 9c65ea5dda..252237f0dd 100644 --- a/testing/btest/scripts/base/protocols/ssl/keyexchange.test +++ b/testing/btest/scripts/base/protocols/ssl/keyexchange.test @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff ssl-all.log diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test index 181ee34909..747c1a667c 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test @@ -1,6 +1,6 @@ # This tests a normal OCSP request sent through HTTP GET -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test index ff493a62a8..348da52f96 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test @@ -1,6 +1,6 @@ # This tests a OCSP request missing response -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load files/x509/log-ocsp diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test index cfa5b99375..1942b57bad 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test @@ -1,6 +1,6 @@ # This tests a pair of normal OCSP request and response -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test index 3b8c4a2d57..871ac59a34 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test @@ -1,6 +1,6 @@ # This tests a normal OCSP response missing request -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test index 3ee0e96776..5f5f1486ea 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test @@ -1,6 +1,6 @@ # This tests OCSP response with revocation -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test index 6424f263f1..3c338933aa 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout redef SSL::root_certs += { diff --git a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test index 7c7dc90e4c..e2201c3218 100644 --- a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT # # The following file contains a tls 1.0 connection with a SCT in a TLS extension. # This is interesting because the digitally-signed struct in TLS 1.0 does not come @@ -7,7 +7,7 @@ # uses in the end. So this one does have a Signature/Hash alg, even if the protocol # itself does not carry it in the same struct. # -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test index a904628acf..077aa15f1a 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test index 74acf3224a..6507e58793 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test index 7f023927ac..b21fc4ee11 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test index 15a737c032..8e2189d9f6 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test index b8f3d42242..f548d81512 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT -# @TEST-EXEC: bro -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test index e074535692..f784ea0af0 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-version.test b/testing/btest/scripts/base/protocols/ssl/tls13-version.test index 9194c861e1..29c6da9261 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-version.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-version.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # Test that we correctly parse the version out of the extension in an 1.3 connection diff --git a/testing/btest/scripts/base/protocols/ssl/tls13.test b/testing/btest/scripts/base/protocols/ssl/tls13.test index 5033b6ea01..5f67e0333e 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13.test @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log # @TEST-EXEC: btest-diff ssl-out.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls1_1.test b/testing/btest/scripts/base/protocols/ssl/tls1_1.test index 885a047ebe..de3ed740b4 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls1_1.test +++ b/testing/btest/scripts/base/protocols/ssl/tls1_1.test @@ -1,6 +1,6 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test index de0dc9e59f..05bac2d21b 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test +++ b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout event x509_extension(f: fa_file, ext: X509::Extension) diff --git a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test index 425afbb2c8..ee7fa103e4 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test +++ b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event x509_extension(f: fa_file, extension: X509::Extension) diff --git a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek index c33eb1638b..0382fa0aaf 100644 --- a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek +++ b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/syslog-missing-pri.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/syslog-missing-pri.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/syslog/trace.test b/testing/btest/scripts/base/protocols/syslog/trace.test index 78b681a9d8..f4dba5c807 100644 --- a/testing/btest/scripts/base/protocols/syslog/trace.test +++ b/testing/btest/scripts/base/protocols/syslog/trace.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/syslog-single-udp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/syslog-single-udp.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/tcp/pending.zeek b/testing/btest/scripts/base/protocols/tcp/pending.zeek index 1a49f5d19b..8695f71b47 100644 --- a/testing/btest/scripts/base/protocols/tcp/pending.zeek +++ b/testing/btest/scripts/base/protocols/tcp/pending.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_pending(c: connection) diff --git a/testing/btest/scripts/base/protocols/xmpp/client-dpd.test b/testing/btest/scripts/base/protocols/xmpp/client-dpd.test index 9c9cc29c8a..544b56a744 100644 --- a/testing/btest/scripts/base/protocols/xmpp/client-dpd.test +++ b/testing/btest/scripts/base/protocols/xmpp/client-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test b/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test index 9483c0cca8..e398aed22e 100644 --- a/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test +++ b/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/xmpp/starttls.test b/testing/btest/scripts/base/protocols/xmpp/starttls.test index f046d49283..7cc4717e31 100644 --- a/testing/btest/scripts/base/protocols/xmpp/starttls.test +++ b/testing/btest/scripts/base/protocols/xmpp/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/utils/active-http.test b/testing/btest/scripts/base/utils/active-http.test index 9f94a14c7f..ff80dc5bf2 100644 --- a/testing/btest/scripts/base/utils/active-http.test +++ b/testing/btest/scripts/base/utils/active-http.test @@ -3,9 +3,9 @@ # # @TEST-EXEC: btest-bg-run httpd python $SCRIPTS/httpd.py --max 2 --addr=127.0.0.1 # @TEST-EXEC: sleep 3 -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: cat bro/.stdout | sort >output +# @TEST-EXEC: cat zeek/.stdout | sort >output # @TEST-EXEC: btest-diff output @load base/utils/active-http diff --git a/testing/btest/scripts/base/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test index 8e5580d3e5..274887fbce 100644 --- a/testing/btest/scripts/base/utils/addrs.test +++ b/testing/btest/scripts/base/utils/addrs.test @@ -1,27 +1,58 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/addrs event zeek_init() { + print "============ test ipv4 regex (good strings)"; local ip = "0.0.0.0"; - - print "============ test ipv4 regex"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + ip = "1.1.1.1"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + ip = "9.9.9.9"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "99.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "09.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "009.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + ip = "255.255.255.255"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + print "============ bad ipv4 decimals"; ip = "255.255.255.256"; - print ip == ipv4_addr_regex; # the regex doesn't check for 0-255 - print is_valid_ip(ip); # but is_valid_ip() will + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "255.255.255.295"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "255.255.255.300"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + print "============ too many ipv4 decimals"; ip = "255.255.255.255.255"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + print "============ typical looking ipv4"; ip = "192.168.1.100"; print ip == ipv4_addr_regex; print is_valid_ip(ip); @@ -97,8 +128,16 @@ event zeek_init() ip = "2001:db8:0:0:0:FFFF:192.168.0.256"; print is_valid_ip(ip); + # These have too many hextets ("::" must expand to at least one hextet) + print is_valid_ip("6:1:2::3:4:5:6:7"); + print is_valid_ip("6:1:2::3:4:5:6:7:8"); + print "============ test extract_ip_addresses()"; print extract_ip_addresses("this is 1.1.1.1 a test 2.2.2.2 string with ip addresses 3.3.3.3"); print extract_ip_addresses("this is 1.1.1.1 a test 0:0:0:0:0:0:0:0 string with ip addresses 3.3.3.3"); + # This will use the leading 6 from "IPv6" (maybe that's not intended + # by a person trying to parse such a string, but that's just what's going + # to happen; it's on them to deal). + print extract_ip_addresses("IPv6:1:2::3:4:5:6:7"); } diff --git a/testing/btest/scripts/base/utils/conn-ids.test b/testing/btest/scripts/base/utils/conn-ids.test index affe746e35..b44615b102 100644 --- a/testing/btest/scripts/base/utils/conn-ids.test +++ b/testing/btest/scripts/base/utils/conn-ids.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/decompose_uri.zeek b/testing/btest/scripts/base/utils/decompose_uri.zeek index 074e782474..30ba9cd245 100644 --- a/testing/btest/scripts/base/utils/decompose_uri.zeek +++ b/testing/btest/scripts/base/utils/decompose_uri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/urls diff --git a/testing/btest/scripts/base/utils/dir.test b/testing/btest/scripts/base/utils/dir.test index c02f215d51..6043d54289 100644 --- a/testing/btest/scripts/base/utils/dir.test +++ b/testing/btest/scripts/base/utils/dir.test @@ -1,12 +1,12 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../dirtest.zeek -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next1 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b ../dirtest.zeek +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next1 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: touch testdir/newone # @TEST-EXEC: rm testdir/bye -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next2 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next2 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: touch testdir/bye # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: touch testdir/newone -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout @TEST-START-FILE dirtest.zeek diff --git a/testing/btest/scripts/base/utils/directions-and-hosts.test b/testing/btest/scripts/base/utils/directions-and-hosts.test index a955053d4a..7e731aba2e 100644 --- a/testing/btest/scripts/base/utils/directions-and-hosts.test +++ b/testing/btest/scripts/base/utils/directions-and-hosts.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # These are loaded by default. diff --git a/testing/btest/scripts/base/utils/exec.test b/testing/btest/scripts/base/utils/exec.test index 8913ed025c..efa13c781c 100644 --- a/testing/btest/scripts/base/utils/exec.test +++ b/testing/btest/scripts/base/utils/exec.test @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../exectest.zeek +# @TEST-EXEC: btest-bg-run zeek zeek -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout @TEST-START-FILE exectest.zeek diff --git a/testing/btest/scripts/base/utils/files.test b/testing/btest/scripts/base/utils/files.test index 402da96bed..8410c50a1a 100644 --- a/testing/btest/scripts/base/utils/files.test +++ b/testing/btest/scripts/base/utils/files.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/hash_hrw.zeek b/testing/btest/scripts/base/utils/hash_hrw.zeek index 90f87f6f46..c77e1548fe 100644 --- a/testing/btest/scripts/base/utils/hash_hrw.zeek +++ b/testing/btest/scripts/base/utils/hash_hrw.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/hash_hrw diff --git a/testing/btest/scripts/base/utils/json.test b/testing/btest/scripts/base/utils/json.test index 968db1cefe..8d34ed98b1 100644 --- a/testing/btest/scripts/base/utils/json.test +++ b/testing/btest/scripts/base/utils/json.test @@ -2,7 +2,7 @@ # test with no elements, with one element, and with more than one element. # Test that the "only_loggable" option works (output only record fields with # the &log attribute). -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output type color: enum { Red, White, Blue }; diff --git a/testing/btest/scripts/base/utils/numbers.test b/testing/btest/scripts/base/utils/numbers.test index c1a2fff8c8..f80b64c26a 100644 --- a/testing/btest/scripts/base/utils/numbers.test +++ b/testing/btest/scripts/base/utils/numbers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/paths.test b/testing/btest/scripts/base/utils/paths.test index 8436d37b8b..09e8b96f97 100644 --- a/testing/btest/scripts/base/utils/paths.test +++ b/testing/btest/scripts/base/utils/paths.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. @@ -41,18 +41,18 @@ print "==============================="; test_extract("\"/this/is/a/dir\" is current directory", "/this/is/a/dir"); test_extract("/this/is/a/dir is current directory", "/this/is/a/dir"); test_extract("/this/is/a/dir\\ is\\ current\\ directory", "/this/is/a/dir\\ is\\ current\\ directory"); -test_extract("hey, /foo/bar/baz.bro is a cool script", "/foo/bar/baz.bro"); +test_extract("hey, /foo/bar/baz.zeek is a cool script", "/foo/bar/baz.zeek"); test_extract("here's two dirs: /foo/bar and /foo/baz", "/foo/bar"); print "test build_path_compressed()"; print "==============================="; -print build_path_compressed("/home/bro/", "policy/somefile.bro"); -print build_path_compressed("/home/bro/", "/usr/local/bro/share/bro/somefile.bro"); -print build_path_compressed("/home/bro/", "/usr/local/bro/share/../../bro/somefile.bro"); +print build_path_compressed("/home/bro/", "policy/somefile.zeek"); +print build_path_compressed("/home/bro/", "/usr/local/bro/share/bro/somefile.zeek"); +print build_path_compressed("/home/bro/", "/usr/local/bro/share/../../bro/somefile.zeek"); print "==============================="; print "test build_full_path()"; print "==============================="; -print build_path("/home/bro/", "policy/somefile.bro"); -print build_path("/home/bro/", "/usr/local/bro/share/bro/somefile.bro"); +print build_path("/home/bro/", "policy/somefile.zeek"); +print build_path("/home/bro/", "/usr/local/bro/share/bro/somefile.zeek"); diff --git a/testing/btest/scripts/base/utils/pattern.test b/testing/btest/scripts/base/utils/pattern.test index 1cf5c49100..1c5ad227ef 100644 --- a/testing/btest/scripts/base/utils/pattern.test +++ b/testing/btest/scripts/base/utils/pattern.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/queue.test b/testing/btest/scripts/base/utils/queue.test index b11cac233f..bad45a67ab 100644 --- a/testing/btest/scripts/base/utils/queue.test +++ b/testing/btest/scripts/base/utils/queue.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output # This is loaded by default diff --git a/testing/btest/scripts/base/utils/site.test b/testing/btest/scripts/base/utils/site.test index 50438a0b9c..c97d98acbd 100644 --- a/testing/btest/scripts/base/utils/site.test +++ b/testing/btest/scripts/base/utils/site.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/strings.test b/testing/btest/scripts/base/utils/strings.test index 77fe715def..9606ab3213 100644 --- a/testing/btest/scripts/base/utils/strings.test +++ b/testing/btest/scripts/base/utils/strings.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/thresholds.test b/testing/btest/scripts/base/utils/thresholds.test index 2e18cc3b63..1c56057090 100644 --- a/testing/btest/scripts/base/utils/thresholds.test +++ b/testing/btest/scripts/base/utils/thresholds.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/urls.test b/testing/btest/scripts/base/utils/urls.test index fd8c0a8622..666f805edb 100644 --- a/testing/btest/scripts/base/utils/urls.test +++ b/testing/btest/scripts/base/utils/urls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/check-test-all-policy.zeek b/testing/btest/scripts/check-test-all-policy.zeek index 9a9d120e6d..19bfe40c08 100644 --- a/testing/btest/scripts/check-test-all-policy.zeek +++ b/testing/btest/scripts/check-test-all-policy.zeek @@ -1,6 +1,6 @@ -# Makes sures test-all-policy.bro (which loads *all* other policy scripts) compiles correctly. +# Makes sures test-all-policy.zeek (which loads *all* other policy scripts) compiles correctly. # -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output @load test-all-policy diff --git a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek index f54b2e299d..b043e48830 100644 --- a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek +++ b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace frameworks/files/extract-all-files +# @TEST-EXEC: zeek -r $TRACES/http/get.trace frameworks/files/extract-all-files # @TEST-EXEC: grep -q EXTRACT files.log diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.zeek b/testing/btest/scripts/policy/frameworks/intel/removal.zeek index 41c87bc6fb..fe2938e711 100644 --- a/testing/btest/scripts/policy/frameworks/intel/removal.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/removal.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.remove diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek index c90c5e41f4..bd9abdf452 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: cat intel.log > intel-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat intel.log >> intel-all.log # @TEST-EXEC: btest-diff intel-all.log diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek index 5e0024ec7c..ad87bf8955 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff intel.log @load base/frameworks/intel diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek index 6ad04e95bd..ca144d3a55 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp-multi-addr.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp-multi-addr.pcap %INPUT # @TEST-EXEC: btest-diff intel.log @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek index 560ba35c0a..de8e28c7d4 100644 --- a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff intel.log #@TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/policy/frameworks/software/version-changes.zeek b/testing/btest/scripts/policy/frameworks/software/version-changes.zeek index 493bc1d354..9f168fb502 100644 --- a/testing/btest/scripts/policy/frameworks/software/version-changes.zeek +++ b/testing/btest/scripts/policy/frameworks/software/version-changes.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff software.log # @TEST-EXEC: btest-diff notice.log diff --git a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek index dd233a6ffc..4d36bbf3f4 100644 --- a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek +++ b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff notice.log @load frameworks/software/vulnerable diff --git a/testing/btest/scripts/policy/misc/dump-events.zeek b/testing/btest/scripts/policy/misc/dump-events.zeek index d318266787..bc017c6533 100644 --- a/testing/btest/scripts/policy/misc/dump-events.zeek +++ b/testing/btest/scripts/policy/misc/dump-events.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log # # @TEST-EXEC: btest-diff all-events.log # @TEST-EXEC: btest-diff all-events-no-args.log diff --git a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek index 0c73ccf189..5d8fd2529d 100644 --- a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/weird_stats.log diff --git a/testing/btest/scripts/policy/misc/weird-stats.zeek b/testing/btest/scripts/policy/misc/weird-stats.zeek index 16a0ca02d7..0caeb960fe 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 -# @TEST-EXEC: btest-diff bro/weird_stats.log +# @TEST-EXEC: btest-diff zeek/weird_stats.log @load misc/weird-stats diff --git a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek index 677cfa9f3d..cdb3fa5058 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek @@ -1,18 +1,18 @@ # A basic test of the known-hosts script's logging and asset_tracking options -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-local.log # @TEST-EXEC: btest-diff knownhosts-local.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-remote.log # @TEST-EXEC: btest-diff knownhosts-remote.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-all.log # @TEST-EXEC: btest-diff knownhosts-all.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_hosts.log @load protocols/conn/known-hosts diff --git a/testing/btest/scripts/policy/protocols/conn/known-services.zeek b/testing/btest/scripts/policy/protocols/conn/known-services.zeek index ab787b6bd4..3c34adadc9 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-services.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-services.zeek @@ -1,18 +1,18 @@ # A basic test of the known-services script's logging and asset_tracking options -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=LOCAL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=LOCAL_HOSTS # @TEST-EXEC: mv known_services.log knownservices-local.log # @TEST-EXEC: btest-diff knownservices-local.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=REMOTE_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=REMOTE_HOSTS # @TEST-EXEC: mv known_services.log knownservices-remote.log # @TEST-EXEC: btest-diff knownservices-remote.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=ALL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=ALL_HOSTS # @TEST-EXEC: mv known_services.log knownservices-all.log # @TEST-EXEC: btest-diff knownservices-all.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=NO_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_services.log @load protocols/conn/known-services diff --git a/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek b/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek index a3cfbf768f..78b1ce9f4c 100644 --- a/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek +++ b/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek @@ -1,10 +1,10 @@ # A basic test of the mac logging script -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: mv conn.log conn1.log -# @TEST-EXEC: bro -b -C -r $TRACES/radiotap.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/radiotap.pcap %INPUT # @TEST-EXEC: mv conn.log conn2.log -# @TEST-EXEC: bro -b -C -r $TRACES/llc.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/llc.pcap %INPUT # @TEST-EXEC: mv conn.log conn3.log # # @TEST-EXEC: btest-diff conn1.log diff --git a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek index 1711eba71d..6ee809af52 100644 --- a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek +++ b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek @@ -1,6 +1,6 @@ # A basic test of the vlan logging script -# @TEST-EXEC: bro -r $TRACES/q-in-q.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load protocols/conn/vlan-logging diff --git a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek index d695060707..770386072c 100644 --- a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek +++ b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-inverse-query.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-inverse-query.trace %INPUT # @TEST-EXEC: test ! -e dns.log @load protocols/dns/auth-addl diff --git a/testing/btest/scripts/policy/protocols/http/flash-version.zeek b/testing/btest/scripts/policy/protocols/http/flash-version.zeek index 9357295c3c..e2ad2ebf3b 100644 --- a/testing/btest/scripts/policy/protocols/http/flash-version.zeek +++ b/testing/btest/scripts/policy/protocols/http/flash-version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r ${TRACES}/http/flash-version.trace %INPUT +# @TEST-EXEC: zeek -r ${TRACES}/http/flash-version.trace %INPUT # @TEST-EXEC: btest-diff software.log @load protocols/http/software diff --git a/testing/btest/scripts/policy/protocols/http/header-names.zeek b/testing/btest/scripts/policy/protocols/http/header-names.zeek index 30b1de7fdb..5422c8e9e2 100644 --- a/testing/btest/scripts/policy/protocols/http/header-names.zeek +++ b/testing/btest/scripts/policy/protocols/http/header-names.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff http.log @load protocols/http/header-names diff --git a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek index 3041abab75..129acde477 100644 --- a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek +++ b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: btest-diff output @load protocols/http/detect-sqli diff --git a/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek b/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek index 0bc0a33d5d..f537e5146d 100644 --- a/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek +++ b/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek @@ -1,6 +1,6 @@ # This test makes sure that krb ticket hashes are logged correctly. -# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/krb/auth.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log @load protocols/krb/ticket-logging diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek index e28ebf5b49..583c8ae0a5 100644 --- a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek +++ b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssh/detect-bruteforcing diff --git a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek index 9278e11de0..16591d560c 100644 --- a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssl/expiring-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek index ad99e2e143..660181942e 100644 --- a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: btest-diff certs-remote.pem @load protocols/ssl/extract-certs-pem diff --git a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek index 52137adbd0..887035d946 100644 --- a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek @@ -1,20 +1,20 @@ -# TEST-EXEC: bro -C -r $TRACES/tls/heartbleed.pcap %INPUT +# TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed.pcap %INPUT # TEST-EXEC: mv notice.log notice-heartbleed.log # TEST-EXEC: btest-diff notice-heartbleed.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-success.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-heartbleed-success.log # @TEST-EXEC: btest-diff notice-heartbleed-success.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted.log # @TEST-EXEC: btest-diff notice-encrypted.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-success.log # @TEST-EXEC: btest-diff notice-encrypted-success.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-short.log # @TEST-EXEC: btest-diff notice-encrypted-short.log diff --git a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek index f5ff187164..e3a586b292 100644 --- a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff known_certs.log diff --git a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek index 37f9f7592b..25d830acb0 100644 --- a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff x509.log @load protocols/ssl/log-hostcerts-only diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek index ccca29fd7c..cb5d72a0d9 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek index 9686c1ab28..434b3b020b 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek index 21d174be91..948fa38b01 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-twimg.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-digicert.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek index c21dc18094..7d2ac86865 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek index f4d51f8016..efc9aebf12 100644 --- a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cp notice.log notice-out.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl-v2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl-v2.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log # @TEST-EXEC: btest-diff notice-out.log diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test index 3eb189e639..1627b00523 100644 --- a/testing/btest/scripts/site/local-compat.test +++ b/testing/btest/scripts/site/local-compat.test @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro +# @TEST-EXEC: zeek local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro # This tests the compatibility of the past release's site/local.bro -# script with the current version of Bro. If the test fails because +# script with the current version of Zeek. If the test fails because # it doesn't find the right file, that means everything stayed # compatibile between releases, so just add a TEST-START-FILE with -# the contents the latest Bro version's site/local.bro script. +# the contents the latest Zeek version's site/local.zeek script. # If the test fails while loading the old local.bro, it usually # indicates a note will need to be made in NEWS explaining to users # how to migrate to the new version and this test's TEST-START-FILE -# should be updated with the latest contents of site/local.bro. +# should be updated with the latest contents of site/local.zeek. @TEST-START-FILE local-2.6.bro ##! Local site policy. Customize as appropriate. diff --git a/testing/btest/scripts/site/local.test b/testing/btest/scripts/site/local.test index e2058417cd..158cc7f8c0 100644 --- a/testing/btest/scripts/site/local.test +++ b/testing/btest/scripts/site/local.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT @load local \ No newline at end of file diff --git a/testing/btest/signatures/bad-eval-condition.zeek b/testing/btest/signatures/bad-eval-condition.zeek index 2b3fef76fe..d64cb4cba4 100644 --- a/testing/btest/signatures/bad-eval-condition.zeek +++ b/testing/btest/signatures/bad-eval-condition.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC-FAIL: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff .stderr @load-sigs blah.sig diff --git a/testing/btest/signatures/dpd.zeek b/testing/btest/signatures/dpd.zeek index b6d58fb3a3..16e7f19724 100644 --- a/testing/btest/signatures/dpd.zeek +++ b/testing/btest/signatures/dpd.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv4.trace %INPUT >dpd-ipv4.out -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv6.trace %INPUT >dpd-ipv6.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv4.trace %INPUT >nosig-ipv4.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >nosig-ipv6.out +# @TEST-EXEC: zeek -b -s myftp -r $TRACES/ftp/ipv4.trace %INPUT >dpd-ipv4.out +# @TEST-EXEC: zeek -b -s myftp -r $TRACES/ftp/ipv6.trace %INPUT >dpd-ipv6.out +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT >nosig-ipv4.out +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv6.trace %INPUT >nosig-ipv6.out # @TEST-EXEC: btest-diff dpd-ipv4.out # @TEST-EXEC: btest-diff dpd-ipv6.out # @TEST-EXEC: btest-diff nosig-ipv4.out diff --git a/testing/btest/signatures/dst-ip-cidr-v4.zeek b/testing/btest/signatures/dst-ip-cidr-v4.zeek index e86a746e54..9c80a9148a 100644 --- a/testing/btest/signatures/dst-ip-cidr-v4.zeek +++ b/testing/btest/signatures/dst-ip-cidr-v4.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek b/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek index dc5b0f48b8..9389f11df2 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v4.zeek b/testing/btest/signatures/dst-ip-header-condition-v4.zeek index 0d0d3e644c..b04d6c30ca 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v4.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v4.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek b/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek index d82a76e78d..9de148eb87 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v6.zeek b/testing/btest/signatures/dst-ip-header-condition-v6.zeek index e629fb4462..5bd64f8fc1 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v6.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v6.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-port-header-condition.zeek b/testing/btest/signatures/dst-port-header-condition.zeek index 08ba07b0de..5f2f880d79 100644 --- a/testing/btest/signatures/dst-port-header-condition.zeek +++ b/testing/btest/signatures/dst-port-header-condition.zeek @@ -1,24 +1,24 @@ -# @TEST-EXEC: bro -b -s dst-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq.out -# @TEST-EXEC: bro -b -s dst-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-list.out -# @TEST-EXEC: bro -b -s dst-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-eq-ip6.out +# @TEST-EXEC: zeek -b -s dst-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq.out +# @TEST-EXEC: zeek -b -s dst-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-list.out +# @TEST-EXEC: zeek -b -s dst-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-eq-ip6.out -# @TEST-EXEC: bro -b -s dst-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne.out -# @TEST-EXEC: bro -b -s dst-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list.out -# @TEST-EXEC: bro -b -s dst-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne.out +# @TEST-EXEC: zeek -b -s dst-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list.out +# @TEST-EXEC: zeek -b -s dst-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt.out -# @TEST-EXEC: bro -b -s dst-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte1.out -# @TEST-EXEC: bro -b -s dst-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte2.out -# @TEST-EXEC: bro -b -s dst-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt.out +# @TEST-EXEC: zeek -b -s dst-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte1.out +# @TEST-EXEC: zeek -b -s dst-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte2.out +# @TEST-EXEC: zeek -b -s dst-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt.out -# @TEST-EXEC: bro -b -s dst-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte1.out -# @TEST-EXEC: bro -b -s dst-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte2.out -# @TEST-EXEC: bro -b -s dst-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt.out +# @TEST-EXEC: zeek -b -s dst-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte1.out +# @TEST-EXEC: zeek -b -s dst-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte2.out +# @TEST-EXEC: zeek -b -s dst-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte-nomatch.out # @TEST-EXEC: btest-diff dst-port-eq.out # @TEST-EXEC: btest-diff dst-port-eq-nomatch.out diff --git a/testing/btest/signatures/eval-condition-no-return-value.zeek b/testing/btest/signatures/eval-condition-no-return-value.zeek index b1a4f5781f..88a8e57ca1 100644 --- a/testing/btest/signatures/eval-condition-no-return-value.zeek +++ b/testing/btest/signatures/eval-condition-no-return-value.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/signatures/eval-condition.zeek b/testing/btest/signatures/eval-condition.zeek index a14003b691..fe2db7482b 100644 --- a/testing/btest/signatures/eval-condition.zeek +++ b/testing/btest/signatures/eval-condition.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load-sigs blah.sig diff --git a/testing/btest/signatures/header-header-condition.zeek b/testing/btest/signatures/header-header-condition.zeek index ad78ba4513..545a9fdf40 100644 --- a/testing/btest/signatures/header-header-condition.zeek +++ b/testing/btest/signatures/header-header-condition.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s ip -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip.out -# @TEST-EXEC: bro -b -s ip-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip-mask.out -# @TEST-EXEC: bro -b -s ip6 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >ip6.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp.out -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp.out -# @TEST-EXEC: bro -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6.out -# @TEST-EXEC: bro -b -s val-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >val-mask.out +# @TEST-EXEC: zeek -b -s ip -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip.out +# @TEST-EXEC: zeek -b -s ip-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip-mask.out +# @TEST-EXEC: zeek -b -s ip6 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >ip6.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp.out +# @TEST-EXEC: zeek -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6.out +# @TEST-EXEC: zeek -b -s val-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >val-mask.out # @TEST-EXEC: btest-diff ip.out # @TEST-EXEC: btest-diff ip-mask.out diff --git a/testing/btest/signatures/id-lookup.zeek b/testing/btest/signatures/id-lookup.zeek index f055e73725..a100b0a624 100644 --- a/testing/btest/signatures/id-lookup.zeek +++ b/testing/btest/signatures/id-lookup.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out +# @TEST-EXEC: zeek -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out # @TEST-EXEC: btest-diff id.out @TEST-START-FILE id.sig diff --git a/testing/btest/signatures/ip-proto-header-condition.zeek b/testing/btest/signatures/ip-proto-header-condition.zeek index 52d58ea223..bbaf865f06 100644 --- a/testing/btest/signatures/ip-proto-header-condition.zeek +++ b/testing/btest/signatures/ip-proto-header-condition.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp_in_ip4.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp_in_ip4.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp_in_ip4.out -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip6-tcp-good-chksum.pcap %INPUT >tcp_in_ip6.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >udp_in_ip6.out -# @TEST-EXEC: bro -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6_in_ip6.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >nomatch.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp_in_ip4.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp_in_ip4.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp_in_ip4.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip6-tcp-good-chksum.pcap %INPUT >tcp_in_ip6.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >udp_in_ip6.out +# @TEST-EXEC: zeek -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6_in_ip6.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >nomatch.out # @TEST-EXEC: btest-diff tcp_in_ip4.out # @TEST-EXEC: btest-diff udp_in_ip4.out diff --git a/testing/btest/signatures/load-sigs.zeek b/testing/btest/signatures/load-sigs.zeek index 3e08338f2c..d57630ec14 100644 --- a/testing/btest/signatures/load-sigs.zeek +++ b/testing/btest/signatures/load-sigs.zeek @@ -1,6 +1,6 @@ # A test of signature loading using @load-sigs. -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output @load-sigs ./subdir/mysigs.sig diff --git a/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek b/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek index 1e272c81ee..9c34853c8a 100644 --- a/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v4.zeek b/testing/btest/signatures/src-ip-header-condition-v4.zeek index 746e41a4be..3eaa73ce9c 100644 --- a/testing/btest/signatures/src-ip-header-condition-v4.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v4.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek b/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek index 3c4fbf5526..ad5ca917a9 100644 --- a/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v6.zeek b/testing/btest/signatures/src-ip-header-condition-v6.zeek index 613a3dd4c1..6ada9db299 100644 --- a/testing/btest/signatures/src-ip-header-condition-v6.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v6.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-port-header-condition.zeek b/testing/btest/signatures/src-port-header-condition.zeek index ea9e08ce2b..3fcd71308c 100644 --- a/testing/btest/signatures/src-port-header-condition.zeek +++ b/testing/btest/signatures/src-port-header-condition.zeek @@ -1,24 +1,24 @@ -# @TEST-EXEC: bro -b -s src-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq.out -# @TEST-EXEC: bro -b -s src-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-list.out -# @TEST-EXEC: bro -b -s src-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-eq-ip6.out +# @TEST-EXEC: zeek -b -s src-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq.out +# @TEST-EXEC: zeek -b -s src-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-list.out +# @TEST-EXEC: zeek -b -s src-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-eq-ip6.out -# @TEST-EXEC: bro -b -s src-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne.out -# @TEST-EXEC: bro -b -s src-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list.out -# @TEST-EXEC: bro -b -s src-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne.out +# @TEST-EXEC: zeek -b -s src-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list.out +# @TEST-EXEC: zeek -b -s src-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list-nomatch.out -# @TEST-EXEC: bro -b -s src-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt.out -# @TEST-EXEC: bro -b -s src-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt-nomatch.out -# @TEST-EXEC: bro -b -s src-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte1.out -# @TEST-EXEC: bro -b -s src-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte2.out -# @TEST-EXEC: bro -b -s src-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt.out +# @TEST-EXEC: zeek -b -s src-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte1.out +# @TEST-EXEC: zeek -b -s src-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte2.out +# @TEST-EXEC: zeek -b -s src-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte-nomatch.out -# @TEST-EXEC: bro -b -s src-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt.out -# @TEST-EXEC: bro -b -s src-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt-nomatch.out -# @TEST-EXEC: bro -b -s src-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte1.out -# @TEST-EXEC: bro -b -s src-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte2.out -# @TEST-EXEC: bro -b -s src-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt.out +# @TEST-EXEC: zeek -b -s src-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte1.out +# @TEST-EXEC: zeek -b -s src-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte2.out +# @TEST-EXEC: zeek -b -s src-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte-nomatch.out # @TEST-EXEC: btest-diff src-port-eq.out # @TEST-EXEC: btest-diff src-port-eq-nomatch.out diff --git a/testing/btest/signatures/udp-packetwise-insensitive.zeek b/testing/btest/signatures/udp-packetwise-insensitive.zeek new file mode 100644 index 0000000000..a87971d5c8 --- /dev/null +++ b/testing/btest/signatures/udp-packetwise-insensitive.zeek @@ -0,0 +1,53 @@ +# @TEST-EXEC: zeek -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: btest-diff out + +@load-sigs test.sig + +@TEST-START-FILE test.sig +signature xxxx { + ip-proto = udp + payload /xXxX/i + event "Found XXXX" +} + +signature axxxx { + ip-proto = udp + payload /^xxxx/i + event "Found ^XXXX" +} + +signature sxxxx { + ip-proto = udp + payload /.*xxXx/i + event "Found .*XXXX" +} + +signature yyyy { + ip-proto = udp + payload /YYYY/i + event "Found YYYY" +} + +signature ayyyy { + ip-proto = udp + payload /^YYYY/i + event "Found ^YYYY" +} + +signature syyyy { + ip-proto = udp + payload /.*YYYY/i + event "Found .*YYYY" +} + +signature nope { + ip-proto = udp + payload /.*nope/i + event "Found .*nope" +} +@TEST-END-FILE + +event signature_match(state: signature_state, msg: string, data: string) + { + print "signature match", msg, data; + } diff --git a/testing/btest/signatures/udp-packetwise-match.zeek b/testing/btest/signatures/udp-packetwise-match.zeek index 706b632dd7..feb531c37c 100644 --- a/testing/btest/signatures/udp-packetwise-match.zeek +++ b/testing/btest/signatures/udp-packetwise-match.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: zeek -r $TRACES/udp-signature-test.pcap %INPUT | sort >out # @TEST-EXEC: btest-diff out @load-sigs test.sig diff --git a/testing/btest/signatures/udp-payload-size.zeek b/testing/btest/signatures/udp-payload-size.zeek index efc5411feb..c1c6a6d49b 100644 --- a/testing/btest/signatures/udp-payload-size.zeek +++ b/testing/btest/signatures/udp-payload-size.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/coverage/README b/testing/coverage/README index d1352640f2..cc21827817 100644 --- a/testing/coverage/README +++ b/testing/coverage/README @@ -1,5 +1,5 @@ -On a Bro build configured with --enable-coverage, this script produces a code -coverage report after Bro has been invoked. The intended application of this +On a Zeek build configured with --enable-coverage, this script produces a code +coverage report after Zeek has been invoked. The intended application of this script is after the btest testsuite has run. This combination (btests first, coverage computation afterward) happens automatically when running "make" in the testing directory. This script puts .gcov files (which are included in diff --git a/testing/coverage/code_coverage.sh b/testing/coverage/code_coverage.sh index 758b2fa915..79999abe19 100755 --- a/testing/coverage/code_coverage.sh +++ b/testing/coverage/code_coverage.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -# On a Bro build configured with --enable-coverage, this script -# produces a code coverage report after Bro has been invoked. The +# On a Zeek build configured with --enable-coverage, this script +# produces a code coverage report after Zeek has been invoked. The # intended application of this script is after the btest testsuite has # run. This combination (btests first, coverage computation afterward) # happens automatically when running "make" in the testing directory. @@ -12,7 +12,7 @@ # 1. Run test suite # 2. Check for .gcda files existing. # 3a. Run gcov (-p to preserve path) -# 3b. Prune .gcov files for objects outside of the Bro tree +# 3b. Prune .gcov files for objects outside of the Zeek tree # 4a. Analyze .gcov files generated and create summary file # 4b. Send .gcov files to appropriate path # @@ -52,7 +52,7 @@ function check_file_coverage { function check_group_coverage { DATA="$1" # FILE CONTAINING COVERAGE DATA - SRC_FOLDER="$2" # WHERE BRO WAS COMPILED + SRC_FOLDER="$2" # WHERE ZEEK WAS COMPILED OUTPUT="$3" # Prints all the relevant directories @@ -117,9 +117,9 @@ else exit 1 fi -# 3b. Prune gcov files that fall outside of the Bro tree: +# 3b. Prune gcov files that fall outside of the Zeek tree: # Look for files containing gcov's slash substitution character "#" -# and remove any that don't contain the Bro path root. +# and remove any that don't contain the Zeek path root. echo -n "Pruning out-of-tree coverage files... " PREFIX=$(echo "$BASE" | sed 's|/|#|g') for i in "$TMP"/*#*.gcov; do diff --git a/testing/coverage/lcov_html.sh b/testing/coverage/lcov_html.sh index c729b2145c..f17e583e2c 100755 --- a/testing/coverage/lcov_html.sh +++ b/testing/coverage/lcov_html.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -# On a Bro build configured with --enable-coverage, this script -# produces a code coverage report in HTML format after Bro has been invoked. The +# On a Zeek build configured with --enable-coverage, this script +# produces a code coverage report in HTML format after Zeek has been invoked. The # intended application of this script is after the btest testsuite has run. # This depends on lcov to run. diff --git a/testing/external/README b/testing/external/README index ee6d71979e..6ab327b581 100644 --- a/testing/external/README +++ b/testing/external/README @@ -2,9 +2,9 @@ Test Suite for Large Trace Files ================================ -This test-suite runs more complex Bro configurations on larger trace +This test-suite runs more complex Zeek configurations on larger trace files, and compares the results to a pre-established baseline. Due to -their size, both traces and baseline are not part of the main Bro +their size, both traces and baseline are not part of the main Zeek repository but kept externally. In addition to the publically provided files, one can also add a local set to the test-suite for running on private traces. @@ -60,7 +60,7 @@ To update a test's baseline, first run ``btest`` in update mode: .. console: - > cd bro-testing + > cd zeek-testing > btest -u tests/test-you-want-to-update Then use ``git`` to commit the changes and push the changes upstream diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing index 8322309e89..078705e209 100644 --- a/testing/external/commit-hash.zeek-testing +++ b/testing/external/commit-hash.zeek-testing @@ -1 +1 @@ -1ab5538b8cdb0ef78616d665e02343321f269f3d +4283d6dba59d2bb53054c27a723cd917a27af44c diff --git a/testing/external/commit-hash.zeek-testing-private b/testing/external/commit-hash.zeek-testing-private index 70de5bacf4..7111aa9d71 100644 --- a/testing/external/commit-hash.zeek-testing-private +++ b/testing/external/commit-hash.zeek-testing-private @@ -1 +1 @@ -f30a47f38dbde8431b5c32f4060da660d162371c +7d96198cea136d8a8905db6978853dd3b40556f5 diff --git a/testing/external/scripts/diff-all b/testing/external/scripts/diff-all index d51f3b294f..0caa5078be 100755 --- a/testing/external/scripts/diff-all +++ b/testing/external/scripts/diff-all @@ -27,7 +27,7 @@ for i in `echo $files_cwd $files_baseline | sort | uniq`; do if [[ "$i" == "reporter.log" ]]; then # Do not diff the reporter.log if it only complains about missing # GeoIP support. - if ! egrep -v "^#|Bro was not configured for GeoIP support" $i; then + if ! egrep -v "^#|Zeek was not configured for GeoIP support" $i; then continue fi fi diff --git a/testing/external/scripts/perftools-adapt-paths b/testing/external/scripts/perftools-adapt-paths index cfecd39993..cbfaa610ab 100755 --- a/testing/external/scripts/perftools-adapt-paths +++ b/testing/external/scripts/perftools-adapt-paths @@ -5,6 +5,6 @@ # # Returns an exit code > 0 if there's a leak. -cat $1 | sed "s#bro *\"\./#../../../build/src/bro \".tmp/$TEST_NAME/#g" | sed 's/ *--gv//g' >$1.tmp && mv $1.tmp $1 +cat $1 | sed "s#zeek *\"\./#../../../build/src/zeek \".tmp/$TEST_NAME/#g" | sed 's/ *--gv//g' >$1.tmp && mv $1.tmp $1 grep -qv "detected leaks of" $1 diff --git a/testing/external/scripts/skel/test.skeleton b/testing/external/scripts/skel/test.skeleton index a76f3d4d09..aa32e72e7a 100644 --- a/testing/external/scripts/skel/test.skeleton +++ b/testing/external/scripts/skel/test.skeleton @@ -1,4 +1,4 @@ -# @TEST-EXEC: zcat $TRACES/trace.gz | bro -r - %INPUT +# @TEST-EXEC: zcat $TRACES/trace.gz | zeek -r - %INPUT # @TEST-EXEC: $SCRIPTS/diff-all '*.log' @load testing-setup diff --git a/testing/external/scripts/testing-setup.zeek b/testing/external/scripts/testing-setup.zeek index d24813e1fc..18e7c4783f 100644 --- a/testing/external/scripts/testing-setup.zeek +++ b/testing/external/scripts/testing-setup.zeek @@ -9,6 +9,6 @@ @ifdef ( LogAscii::use_json ) # Don't start logging everything as JSON. - # (json-logs.bro activates this). + # (json-logs.zeek activates this). redef LogAscii::use_json = F; @endif diff --git a/testing/external/subdir-btest.cfg b/testing/external/subdir-btest.cfg index 39aaead17a..79e014c591 100644 --- a/testing/external/subdir-btest.cfg +++ b/testing/external/subdir-btest.cfg @@ -6,7 +6,7 @@ IgnoreDirs = .svn CVS .tmp IgnoreFiles = *.tmp *.swp #* *.trace .gitignore *.skeleton [environment] -BROPATH=`bash -c %(testbase)s/../../../build/bro-path-dev`:%(testbase)s/../scripts +BROPATH=`bash -c %(testbase)s/../../../build/zeek-path-dev`:%(testbase)s/../scripts BRO_SEED_FILE=%(testbase)s/../random.seed TZ=UTC LC_ALL=C diff --git a/testing/scripts/coverage-calc b/testing/scripts/coverage-calc index df12e0c86f..3645f57144 100755 --- a/testing/scripts/coverage-calc +++ b/testing/scripts/coverage-calc @@ -1,12 +1,12 @@ #! /usr/bin/env python -# This script aggregates many files containing Bro script coverage information +# This script aggregates many files containing Zeek script coverage information # into a single file and reports the overall coverage information. Usage: # # coverage-calc