From 8bc65f09ec9f5cfafbf8bef96121a2b75af75d3e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Apr 2019 19:02:13 -0700 Subject: [PATCH 01/51] Cleanup/improve PList usage and Event API Majority of PLists are now created as automatic/stack objects, rather than on heap and initialized either with the known-capacity reserved upfront or directly from an initializer_list (so there's no wasted slack in the memory that gets allocated for lists containing a fixed/known number of elements). Added versions of the ConnectionEvent/QueueEvent methods that take a val_list by value. Added a move ctor/assign-operator to Plists to allow passing them around without having to copy the underlying array of pointers. --- src/Anon.cc | 8 +- src/Attr.cc | 2 +- src/BroList.h | 20 - src/Conn.cc | 92 ++-- src/Conn.h | 3 + src/DFA.h | 3 - src/DNS_Mgr.cc | 36 +- src/DNS_Mgr.h | 9 +- src/Discard.cc | 36 +- src/Event.cc | 43 +- src/Event.h | 28 +- src/EventHandler.cc | 9 +- src/EventRegistry.cc | 2 +- src/Expr.cc | 24 +- src/Expr.h | 2 +- src/File.cc | 20 +- src/ID.cc | 6 +- src/List.cc | 57 +- src/List.h | 55 +- src/PersistenceSerializer.cc | 3 +- src/RE.h | 3 - src/RemoteSerializer.cc | 52 +- src/Reporter.cc | 39 +- src/RuleAction.cc | 15 +- src/RuleCondition.cc | 2 +- src/Scope.cc | 3 + src/Serializer.cc | 7 +- src/Serializer.h | 2 +- src/Sessions.cc | 26 +- src/StateAccess.cc | 47 +- src/Stats.cc | 19 +- src/Stmt.cc | 20 +- src/Stmt.h | 3 + src/Type.cc | 2 +- src/Type.h | 3 + src/Val.cc | 49 +- src/Var.cc | 3 +- src/analyzer/Analyzer.cc | 27 +- src/analyzer/Analyzer.h | 6 + src/analyzer/protocol/arp/ARP.cc | 34 +- src/analyzer/protocol/backdoor/BackDoor.cc | 49 +- .../protocol/bittorrent/BitTorrent.cc | 10 +- .../protocol/bittorrent/BitTorrentTracker.cc | 48 +- src/analyzer/protocol/conn-size/ConnSize.cc | 10 +- src/analyzer/protocol/dns/DNS.cc | 274 +++++----- src/analyzer/protocol/file/File.cc | 13 +- src/analyzer/protocol/finger/Finger.cc | 24 +- src/analyzer/protocol/ftp/FTP.cc | 21 +- src/analyzer/protocol/gnutella/Gnutella.cc | 73 +-- src/analyzer/protocol/http/HTTP.cc | 130 +++-- src/analyzer/protocol/icmp/ICMP.cc | 147 +++-- src/analyzer/protocol/ident/Ident.cc | 39 +- src/analyzer/protocol/interconn/InterConn.cc | 16 +- src/analyzer/protocol/irc/IRC.cc | 510 +++++++++--------- src/analyzer/protocol/login/Login.cc | 79 ++- src/analyzer/protocol/login/NVT.cc | 9 +- src/analyzer/protocol/login/RSH.cc | 35 +- src/analyzer/protocol/login/Rlogin.cc | 10 +- src/analyzer/protocol/mime/MIME.cc | 79 ++- src/analyzer/protocol/ncp/NCP.cc | 26 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 30 +- src/analyzer/protocol/ntp/NTP.cc | 11 +- src/analyzer/protocol/pop3/POP3.cc | 17 +- src/analyzer/protocol/rpc/MOUNT.cc | 28 +- src/analyzer/protocol/rpc/MOUNT.h | 4 +- src/analyzer/protocol/rpc/NFS.cc | 28 +- src/analyzer/protocol/rpc/NFS.h | 4 +- src/analyzer/protocol/rpc/Portmap.cc | 22 +- src/analyzer/protocol/rpc/RPC.cc | 48 +- src/analyzer/protocol/smtp/SMTP.cc | 59 +- .../protocol/stepping-stone/SteppingStone.cc | 21 +- src/analyzer/protocol/tcp/TCP.cc | 92 ++-- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 10 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 57 +- src/analyzer/protocol/udp/UDP.cc | 10 +- src/broker/Manager.cc | 35 +- src/broker/messaging.bif | 8 +- src/file_analysis/File.cc | 53 +- src/file_analysis/File.h | 6 + src/file_analysis/Manager.cc | 11 +- .../analyzer/data_event/DataEvent.cc | 20 +- src/file_analysis/analyzer/entropy/Entropy.cc | 9 +- src/file_analysis/analyzer/extract/Extract.cc | 12 +- src/file_analysis/analyzer/hash/Hash.cc | 11 +- .../analyzer/unified2/unified2-analyzer.pac | 27 +- src/file_analysis/analyzer/x509/OCSP.cc | 86 ++- src/file_analysis/analyzer/x509/X509.cc | 27 +- src/file_analysis/analyzer/x509/X509Common.cc | 17 +- src/input/Manager.cc | 25 +- src/logging/Manager.cc | 26 +- src/main.cc | 22 +- src/option.bif | 6 +- 92 files changed, 1585 insertions(+), 1679 deletions(-) diff --git a/src/Anon.cc b/src/Anon.cc index a2afc489ca..de225e95a8 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -415,10 +415,10 @@ void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output) { if ( anonymization_mapping ) { - val_list* vl = new val_list; - vl->append(new AddrVal(input)); - vl->append(new AddrVal(output)); - mgr.QueueEvent(anonymization_mapping, vl); + mgr.QueueEvent(anonymization_mapping, { + new AddrVal(input), + new AddrVal(output) + }); } } diff --git a/src/Attr.cc b/src/Attr.cc index 47ea7d4f06..0e6db9c068 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -141,7 +141,7 @@ Attributes::~Attributes() void Attributes::AddAttr(Attr* attr) { if ( ! attrs ) - attrs = new attr_list; + attrs = new attr_list(1); if ( ! attr->RedundantAttrOkay() ) // We overwrite old attributes by deleting them first. diff --git a/src/BroList.h b/src/BroList.h index 6168bf7bda..0aa94d55ec 100644 --- a/src/BroList.h +++ b/src/BroList.h @@ -13,10 +13,6 @@ class ID; declare(PList,ID); typedef PList(ID) id_list; -class HashKey; -declare(PList,HashKey); -typedef PList(HashKey) hash_key_list; - class Val; declare(PList,Val); typedef PList(Val) val_list; @@ -29,28 +25,12 @@ class BroType; declare(PList,BroType); typedef PList(BroType) type_list; -class TypeDecl; -declare(PList,TypeDecl); -typedef PList(TypeDecl) type_decl_list; - -class Case; -declare(PList,Case); -typedef PList(Case) case_list; - class Attr; declare(PList,Attr); typedef PList(Attr) attr_list; -class Scope; -declare(PList,Scope); -typedef PList(Scope) scope_list; - class Timer; declare(PList,Timer); typedef PList(Timer) timer_list; -class DNS_Mgr_Request; -declare(PList,DNS_Mgr_Request); -typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; - #endif diff --git a/src/Conn.cc b/src/Conn.cc index 03ecf32703..494d2d21c4 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -325,12 +325,11 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, // and at this stage it's not a *multiple* instance. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(threshold)); - - ConnectionEvent(e, 0, vl); + ConnectionEvent(e, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(threshold) + }); } void Connection::DeleteTimer(double /* t */) @@ -390,9 +389,7 @@ void Connection::EnableStatusUpdateTimer() void Connection::StatusUpdateTimer(double t) { - val_list* vl = new val_list(1); - vl->append(BuildConnVal()); - ConnectionEvent(connection_status_update, 0, vl); + ConnectionEvent(connection_status_update, 0, { BuildConnVal() }); ADD_TIMER(&Connection::StatusUpdateTimer, network_time + connection_status_update_interval, 0, TIMER_CONN_STATUS_UPDATE); @@ -630,23 +627,23 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, { if ( software_parse_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_parse_error, analyzer, vl); + ConnectionEvent(software_parse_error, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, s), + }); } return 0; } if ( software_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(val); - vl->append(new StringVal(len, s)); - ConnectionEvent(software_version_found, 0, vl); + ConnectionEvent(software_version_found, 0, { + BuildConnVal(), + new AddrVal(addr), + val, + new StringVal(len, s), + }); } else Unref(val); @@ -669,11 +666,11 @@ int Connection::UnparsedVersionFoundEvent(const IPAddr& addr, if ( software_unparsed_version_found ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new AddrVal(addr)); - vl->append(new StringVal(len, full)); - ConnectionEvent(software_unparsed_version_found, analyzer, vl); + ConnectionEvent(software_unparsed_version_found, analyzer, { + BuildConnVal(), + new AddrVal(addr), + new StringVal(len, full), + }); } return 1; @@ -684,12 +681,11 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch if ( ! f ) return; - val_list* vl = new val_list(2); if ( name ) - vl->append(new StringVal(name)); - vl->append(BuildConnVal()); + ConnectionEvent(f, analyzer, {new StringVal(name), BuildConnVal()}); + else + ConnectionEvent(f, analyzer, {BuildConnVal()}); - ConnectionEvent(f, analyzer, vl); } void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2) @@ -701,33 +697,35 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, return; } - val_list* vl = new val_list(3); - vl->append(BuildConnVal()); - vl->append(v1); - if ( v2 ) - vl->append(v2); - - ConnectionEvent(f, analyzer, vl); + ConnectionEvent(f, analyzer, {BuildConnVal(), v1, v2}); + else + ConnectionEvent(f, analyzer, {BuildConnVal(), v1}); } -void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) { if ( ! f ) { // This may actually happen if there is no local handler // and a previously existing remote handler went away. - loop_over_list(*vl, i) - Unref((*vl)[i]); - delete vl; + loop_over_list(vl, i) + Unref(vl[i]); + return; } // "this" is passed as a cookie for the event - mgr.QueueEvent(f, vl, SOURCE_LOCAL, + mgr.QueueEvent(f, std::move(vl), SOURCE_LOCAL, a ? a->GetID() : 0, GetTimerMgr(), this); } +void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) + { + ConnectionEvent(f, a, std::move(*vl)); + delete vl; + } + void Connection::Weird(const char* name, const char* addl) { weird = 1; @@ -1055,12 +1053,12 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) if ( connection_flow_label_changed && (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { - val_list* vl = new val_list(4); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(my_flow_label)); - vl->append(val_mgr->GetCount(flow_label)); - ConnectionEvent(connection_flow_label_changed, 0, vl); + ConnectionEvent(connection_flow_label_changed, 0, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(my_flow_label), + val_mgr->GetCount(flow_label), + }); } my_flow_label = flow_label; diff --git a/src/Conn.h b/src/Conn.h index e49314968a..2622134f2a 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -176,8 +176,11 @@ public: void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = 0); void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = 0); + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list* vl); + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list vl); void Weird(const char* name, const char* addl = ""); bool DidWeird() const { return weird != 0; } diff --git a/src/DFA.h b/src/DFA.h index 2f06f4e98f..1b58774da0 100644 --- a/src/DFA.h +++ b/src/DFA.h @@ -111,9 +111,6 @@ private: PDict(CacheEntry) states; }; -declare(PList,DFA_State); -typedef PList(DFA_State) DFA_state_list; - class DFA_Machine : public BroObj { public: DFA_Machine(NFA_Machine* n, EquivClass* ec); diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 2fff6903b0..c72e66f0bf 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -699,25 +699,27 @@ int DNS_Mgr::Save() return 1; } +void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm) + { + if ( ! e ) + return; + + mgr.QueueEvent(e, {BuildMappingVal(dm)}); + } + void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2) { if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(dm)); + Unref(l1); + Unref(l2); - if ( l1 ) - { - vl->append(l1->ConvertToSet()); - if ( l2 ) - vl->append(l2->ConvertToSet()); - - Unref(l1); - Unref(l2); - } - - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + BuildMappingVal(dm), + l1->ConvertToSet(), + l2->ConvertToSet(), + }); } void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) @@ -725,10 +727,10 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) if ( ! e ) return; - val_list* vl = new val_list; - vl->append(BuildMappingVal(old_dm)); - vl->append(BuildMappingVal(new_dm)); - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + BuildMappingVal(old_dm), + BuildMappingVal(new_dm), + }); } Val* DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 0358ceba18..24d1e4c850 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -9,7 +9,7 @@ #include #include "util.h" -#include "BroList.h" +#include "List.h" #include "Dict.h" #include "EventHandler.h" #include "iosource/IOSource.h" @@ -23,6 +23,9 @@ class EventHandler; class RecordType; class DNS_Mgr_Request; +declare(PList,DNS_Mgr_Request); +typedef PList(DNS_Mgr_Request) DNS_mgr_request_list; + struct nb_dns_info; struct nb_dns_result; @@ -96,8 +99,8 @@ protected: friend class LookupCallback; friend class DNS_Mgr_Request; - void Event(EventHandlerPtr e, DNS_Mapping* dm, - ListVal* l1 = 0, ListVal* l2 = 0); + void Event(EventHandlerPtr e, DNS_Mapping* dm); + void Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2); void Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm); Val* BuildMappingVal(DNS_Mapping* dm); diff --git a/src/Discard.cc b/src/Discard.cc index 2a20c897aa..d1acd80b4d 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -33,12 +33,11 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) if ( check_ip ) { - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_ip->Call(args)->AsBool(); + discard_packet = check_ip->Call(&args)->AsBool(); } catch ( InterpreterException& e ) @@ -46,8 +45,6 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) discard_packet = false; } - delete args; - if ( discard_packet ) return discard_packet; } @@ -88,21 +85,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct tcphdr* tp = (const struct tcphdr*) data; int th_len = tp->th_off * 4; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, th_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, th_len, len, caplen), + }; try { - discard_packet = check_tcp->Call(args)->AsBool(); + discard_packet = check_tcp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -113,21 +109,20 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) const struct udphdr* up = (const struct udphdr*) data; int uh_len = sizeof (struct udphdr); - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); - args->append(BuildData(data, uh_len, len, caplen)); + val_list args{ + ip->BuildPktHdrVal(), + BuildData(data, uh_len, len, caplen), + }; try { - discard_packet = check_udp->Call(args)->AsBool(); + discard_packet = check_udp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } @@ -137,20 +132,17 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) { const struct icmp* ih = (const struct icmp*) data; - val_list* args = new val_list; - args->append(ip->BuildPktHdrVal()); + val_list args{ip->BuildPktHdrVal()}; try { - discard_packet = check_icmp->Call(args)->AsBool(); + discard_packet = check_icmp->Call(&args)->AsBool(); } catch ( InterpreterException& e ) { discard_packet = false; } - - delete args; } } diff --git a/src/Event.cc b/src/Event.cc index 36ba2dfc3c..26ca874c2a 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -13,28 +13,27 @@ EventMgr mgr; uint64 num_events_queued = 0; uint64 num_events_dispatched = 0; +Event::Event(EventHandlerPtr arg_handler, val_list arg_args, + SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, + BroObj* arg_obj) + : handler(arg_handler), + args(std::move(arg_args)), + src(arg_src), + aid(arg_aid), + mgr(arg_mgr ? arg_mgr : timer_mgr), + obj(arg_obj), + next_event(nullptr) + { + if ( obj ) + Ref(obj); + } + Event::Event(EventHandlerPtr arg_handler, val_list* arg_args, SourceID arg_src, analyzer::ID arg_aid, TimerMgr* arg_mgr, BroObj* arg_obj) + : Event(arg_handler, std::move(*arg_args), arg_src, arg_aid, arg_mgr, arg_obj) { - handler = arg_handler; - args = arg_args; - src = arg_src; - mgr = arg_mgr ? arg_mgr : timer_mgr; // default is global - aid = arg_aid; - obj = arg_obj; - - if ( obj ) - Ref(obj); - - next_event = 0; - } - -Event::~Event() - { - // We don't Unref() the individual arguments by using delete_vals() - // here, because Func::Call already did that. - delete args; + delete arg_args; } void Event::Describe(ODesc* d) const @@ -49,7 +48,7 @@ void Event::Describe(ODesc* d) const if ( ! d->IsBinary() ) d->Add("("); - describe_vals(args, d); + describe_vals(&args, d); if ( ! d->IsBinary() ) d->Add("("); } @@ -62,7 +61,7 @@ void Event::Dispatch(bool no_remote) if ( event_serializer ) { SerialInfo info(event_serializer); - event_serializer->Serialize(&info, handler->Name(), args); + event_serializer->Serialize(&info, handler->Name(), &args); } if ( handler->ErrorHandler() ) @@ -70,7 +69,7 @@ void Event::Dispatch(bool no_remote) try { - handler->Call(args, no_remote); + handler->Call(&args, no_remote); } catch ( InterpreterException& e ) @@ -129,7 +128,7 @@ void EventMgr::QueueEvent(Event* event) void EventMgr::Drain() { if ( event_queue_flush_point ) - QueueEvent(event_queue_flush_point, new val_list()); + QueueEvent(event_queue_flush_point, val_list{}); SegmentProfiler(segment_logger, "draining-events"); diff --git a/src/Event.h b/src/Event.h index 69860daf50..9ee30ae674 100644 --- a/src/Event.h +++ b/src/Event.h @@ -11,12 +11,17 @@ class EventMgr; +// We don't Unref() the individual arguments by using delete_vals() +// in a dtor because Func::Call already does that. class Event : public BroObj { public: + Event(EventHandlerPtr handler, val_list args, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0); + Event(EventHandlerPtr handler, val_list* args, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0); - ~Event() override; void SetNext(Event* n) { next_event = n; } Event* NextEvent() const { return next_event; } @@ -25,7 +30,7 @@ public: analyzer::ID Analyzer() const { return aid; } TimerMgr* Mgr() const { return mgr; } EventHandlerPtr Handler() const { return handler; } - val_list* Args() const { return args; } + const val_list* Args() const { return &args; } void Describe(ODesc* d) const override; @@ -37,7 +42,7 @@ protected: void Dispatch(bool no_remote = false); EventHandlerPtr handler; - val_list* args; + val_list args; SourceID src; analyzer::ID aid; TimerMgr* mgr; @@ -53,14 +58,25 @@ public: EventMgr(); ~EventMgr() override; - void QueueEvent(const EventHandlerPtr &h, val_list* vl, + void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) { if ( h ) - QueueEvent(new Event(h, vl, src, aid, mgr, obj)); + QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } + } + + void QueueEvent(const EventHandlerPtr &h, val_list* vl, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0) + { + QueueEvent(h, std::move(*vl), src, aid, mgr, obj); + delete vl; } void Dispatch(Event* event, bool no_remote = false) diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 00b19f7832..08e8728d6f 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -172,11 +172,10 @@ void EventHandler::NewEvent(val_list* vl) vargs->Assign(i, rec); } - val_list* mvl = new val_list(2); - mvl->append(new StringVal(name)); - mvl->append(vargs); - - Event* ev = new Event(new_event, mvl); + Event* ev = new Event(new_event, { + new StringVal(name), + vargs, + }); mgr.Dispatch(ev); } diff --git a/src/EventRegistry.cc b/src/EventRegistry.cc index 875d6d6b26..e28c7b4176 100644 --- a/src/EventRegistry.cc +++ b/src/EventRegistry.cc @@ -73,7 +73,7 @@ EventRegistry::string_list* EventRegistry::UsedHandlers() EventRegistry::string_list* EventRegistry::AllHandlers() { - string_list* names = new string_list; + string_list* names = new string_list(handlers.Length()); IterCookie* c = handlers.InitForIteration(); diff --git a/src/Expr.cc b/src/Expr.cc index 737a9455ca..ff039ece35 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2565,7 +2565,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( attrs ) { - attr_copy = new attr_list; + attr_copy = new attr_list(attrs->length()); loop_over_list(*attrs, i) attr_copy->append((*attrs)[i]); } @@ -2634,7 +2634,7 @@ bool AssignExpr::TypeCheck(attr_list* attrs) if ( sce->Attrs() ) { attr_list* a = sce->Attrs()->Attrs(); - attrs = new attr_list; + attrs = new attr_list(a->length()); loop_over_list(*a, i) attrs->append((*a)[i]); } @@ -3467,9 +3467,9 @@ RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list) // Spin through the list, which should be comprised only of // record-field-assign expressions, and build up a // record type to associate with this constructor. - type_decl_list* record_types = new type_decl_list; - const expr_list& exprs = constructor_list->Exprs(); + type_decl_list* record_types = new type_decl_list(exprs.length()); + loop_over_list(exprs, i) { Expr* e = exprs[i]; @@ -4469,11 +4469,12 @@ bool FlattenExpr::DoUnserialize(UnserialInfo* info) ScheduleTimer::ScheduleTimer(EventHandlerPtr arg_event, val_list* arg_args, double t, TimerMgr* arg_tmgr) -: Timer(t, TIMER_SCHEDULE) + : Timer(t, TIMER_SCHEDULE), + event(arg_event), + args(std::move(*arg_args)), + tmgr(arg_tmgr) { - event = arg_event; - args = arg_args; - tmgr = arg_tmgr; + delete arg_args; } ScheduleTimer::~ScheduleTimer() @@ -4482,7 +4483,7 @@ ScheduleTimer::~ScheduleTimer() void ScheduleTimer::Dispatch(double /* t */, int /* is_expire */) { - mgr.QueueEvent(event, args, SOURCE_LOCAL, 0, tmgr); + mgr.QueueEvent(event, std::move(args), SOURCE_LOCAL, 0, tmgr); } ScheduleExpr::ScheduleExpr(Expr* arg_when, EventExpr* arg_event) @@ -4998,7 +4999,8 @@ Val* EventExpr::Eval(Frame* f) const return 0; val_list* v = eval_list(f, args); - mgr.QueueEvent(handler, v); + mgr.QueueEvent(handler, std::move(*v)); + delete v; return 0; } @@ -5128,7 +5130,7 @@ BroType* ListExpr::InitType() const if ( exprs[0]->IsRecordElement(0) ) { - type_decl_list* types = new type_decl_list; + type_decl_list* types = new type_decl_list(exprs.length()); loop_over_list(exprs, i) { TypeDecl* td = new TypeDecl(0, 0); diff --git a/src/Expr.h b/src/Expr.h index 820de2b876..e268f07648 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -937,7 +937,7 @@ public: protected: EventHandlerPtr event; - val_list* args; + val_list args; TimerMgr* tmgr; }; diff --git a/src/File.cc b/src/File.cc index 609ea4f0ac..d7a213237f 100644 --- a/src/File.cc +++ b/src/File.cc @@ -65,10 +65,8 @@ void RotateTimer::Dispatch(double t, int is_expire) { if ( raise ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - mgr.QueueEvent(rotate_interval, vl); + mgr.QueueEvent(rotate_interval, {new Val(file)}); } file->InstallRotateTimer(); @@ -641,19 +639,15 @@ void BroFile::CloseCachedFiles() // Send final rotate events (immediately). if ( f->rotate_interval ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new Event(::rotate_interval, vl); + Event* event = new Event(::rotate_interval, {new Val(f)}); mgr.Dispatch(event, true); } if ( f->rotate_size ) { - val_list* vl = new val_list; Ref(f); - vl->append(new Val(f)); - Event* event = new ::Event(::rotate_size, vl); + Event* event = new ::Event(::rotate_size, {new Val(f)}); mgr.Dispatch(event, true); } @@ -801,9 +795,7 @@ int BroFile::Write(const char* data, int len) if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size ) { - val_list* vl = new val_list; - vl->append(new Val(this)); - mgr.QueueEvent(::rotate_size, vl); + mgr.QueueEvent(::rotate_size, {new Val(this)}); } // This does not work if we seek around. But none of the logs does that @@ -818,10 +810,8 @@ void BroFile::RaiseOpenEvent() if ( ! ::file_opened ) return; - val_list* vl = new val_list; Ref(this); - vl->append(new Val(this)); - Event* event = new ::Event(::file_opened, vl); + Event* event = new ::Event(::file_opened, {new Val(this)}); mgr.Dispatch(event, true); } diff --git a/src/ID.cc b/src/ID.cc index fd99d7c937..faa11b3408 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -258,8 +258,7 @@ void ID::MakeDeprecated() if ( IsDeprecated() ) return; - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_DEPRECATED)); + attr_list* attr = new attr_list{new Attr(ATTR_DEPRECATED)}; AddAttrs(new Attributes(attr, Type(), false)); } @@ -305,8 +304,7 @@ void ID::SetOption() // option implied redefinable if ( ! IsRedefinable() ) { - attr_list* attr = new attr_list; - attr->append(new Attr(ATTR_REDEF)); + attr_list* attr = new attr_list{new Attr(ATTR_REDEF)}; AddAttrs(new Attributes(attr, Type(), false)); } } diff --git a/src/List.cc b/src/List.cc index 0f7f706bcd..86129ccfa0 100644 --- a/src/List.cc +++ b/src/List.cc @@ -12,11 +12,13 @@ BaseList::BaseList(int size) { num_entries = 0; - max_entries = 0; - entry = 0; if ( size <= 0 ) + { + max_entries = 0; + entry = 0; return; + } max_entries = size; @@ -24,7 +26,7 @@ BaseList::BaseList(int size) } -BaseList::BaseList(BaseList& b) +BaseList::BaseList(const BaseList& b) { max_entries = b.max_entries; num_entries = b.num_entries; @@ -38,18 +40,34 @@ BaseList::BaseList(BaseList& b) entry[i] = b.entry[i]; } +BaseList::BaseList(BaseList&& b) + { + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + } + +BaseList::BaseList(const ent* arr, int n) + { + num_entries = max_entries = n; + entry = (ent*) safe_malloc(max_entries * sizeof(ent)); + memcpy(entry, arr, n * sizeof(ent)); + } + void BaseList::sort(list_cmp_func cmp_func) { qsort(entry, num_entries, sizeof(ent), cmp_func); } -void BaseList::operator=(BaseList& b) +BaseList& BaseList::operator=(const BaseList& b) { if ( this == &b ) - return; // i.e., this already equals itself + return *this; - if ( entry ) - free(entry); + free(entry); max_entries = b.max_entries; num_entries = b.num_entries; @@ -61,6 +79,23 @@ void BaseList::operator=(BaseList& b) for ( int i = 0; i < num_entries; ++i ) entry[i] = b.entry[i]; + + return *this; + } + +BaseList& BaseList::operator=(BaseList&& b) + { + if ( this == &b ) + return *this; + + free(entry); + entry = b.entry; + num_entries = b.num_entries; + max_entries = b.max_entries; + + b.entry = 0; + b.num_entries = b.max_entries = 0; + return *this; } void BaseList::insert(ent a) @@ -145,12 +180,8 @@ ent BaseList::get() void BaseList::clear() { - if ( entry ) - { - free(entry); - entry = 0; - } - + free(entry); + entry = 0; num_entries = max_entries = 0; } diff --git a/src/List.h b/src/List.h index 6fb2bbcec6..15e99eb0dd 100644 --- a/src/List.h +++ b/src/List.h @@ -20,6 +20,8 @@ // Entries must be either a pointer to the data or nonzero data with // sizeof(data) <= sizeof(void*). +#include +#include #include #include "util.h" @@ -28,8 +30,6 @@ typedef int (*list_cmp_func)(const void* v1, const void* v2); class BaseList { public: - ~BaseList() { clear(); } - void clear(); // remove all entries int length() const { return num_entries; } int max() const { return max_entries; } @@ -41,8 +41,14 @@ public: { return padded_sizeof(*this) + pad_size(max_entries * sizeof(ent)); } protected: + ~BaseList() { free(entry); } explicit BaseList(int = 0); - BaseList(BaseList&); + BaseList(const BaseList&); + BaseList(BaseList&&); + BaseList(const ent* arr, int n); + + BaseList& operator=(const BaseList&); + BaseList& operator=(BaseList&&); void insert(ent); // add at head of list @@ -75,7 +81,29 @@ protected: return entry[i]; } - void operator=(BaseList&); + // This could essentially be an std::vector if we wanted. Some + // reasons to maybe not refactor to use std::vector ? + // + // - Harder to use a custom growth factor. Also, the growth + // factor would be implementation-specific, taking some control over + // performance out of our hands. + // + // - It won't ever take advantage of realloc's occasional ability to + // grow in-place. + // + // - Combine above point this with lack of control of growth + // factor means the common choice of 2x growth factor causes + // a growth pattern that crawls forward in memory with no possible + // re-use of previous chunks (the new capacity is always larger than + // all previously allocated chunks combined). This point and + // whether 2x is empirically an issue still seems debated (at least + // GCC seems to stand by 2x as empirically better). + // + // - Sketchy shrinking behavior: standard says that requests to + // shrink are non-binding (it's expected implementations heed, but + // still not great to have no guarantee). Also, it would not take + // advantage of realloc's ability to contract in-place, it would + // allocate-and-copy. ent* entry; int max_entries; @@ -103,10 +131,13 @@ struct List(type) : BaseList \ explicit List(type)(type ...); \ List(type)() : BaseList(0) {} \ explicit List(type)(int sz) : BaseList(sz) {} \ - List(type)(List(type)& l) : BaseList((BaseList&)l) {} \ + List(type)(const List(type)& l) : BaseList(l) {} \ + List(type)(List(type)&& l) : BaseList(std::move(l)) {} \ \ - void operator=(List(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + List(type)& operator=(const List(type)& l) \ + { return (List(type)&) BaseList::operator=(l); } \ + List(type)& operator=(List(type)&& l) \ + { return (List(type)&) BaseList::operator=(std::move(l)); } \ void insert(type a) { BaseList::insert(ent(a)); } \ void sortedinsert(type a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ @@ -144,10 +175,14 @@ struct PList(type) : BaseList \ explicit PList(type)(type* ...); \ PList(type)() : BaseList(0) {} \ explicit PList(type)(int sz) : BaseList(sz) {} \ - PList(type)(PList(type)& l) : BaseList((BaseList&)l) {} \ + PList(type)(const PList(type)& l) : BaseList(l) {} \ + PList(type)(PList(type)&& l) : BaseList(std::move(l)) {} \ + PList(type)(std::initializer_list il) : BaseList((const ent*)il.begin(), il.size()) {} \ \ - void operator=(PList(type)& l) \ - { BaseList::operator=((BaseList&)l); } \ + PList(type)& operator=(const PList(type)& l) \ + { return (PList(type)&) BaseList::operator=(l); } \ + PList(type)& operator=(PList(type)&& l) \ + { return (PList(type)&) BaseList::operator=(std::move(l)); } \ void insert(type* a) { BaseList::insert(ent(a)); } \ void sortedinsert(type* a, list_cmp_func cmp_func) \ { BaseList::sortedinsert(ent(a), cmp_func); } \ diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc index ae5c531aa7..6f4082314f 100644 --- a/src/PersistenceSerializer.cc +++ b/src/PersistenceSerializer.cc @@ -201,7 +201,8 @@ void PersistenceSerializer::RaiseFinishedSendState() void PersistenceSerializer::GotEvent(const char* name, double time, EventHandlerPtr event, val_list* args) { - mgr.QueueEvent(event, args); + mgr.QueueEvent(event, std::move(*args)); + delete args; } void PersistenceSerializer::GotFunctionCall(const char* name, double time, diff --git a/src/RE.h b/src/RE.h index 06b0699864..286eb1b44d 100644 --- a/src/RE.h +++ b/src/RE.h @@ -229,9 +229,6 @@ protected: Specific_RE_Matcher* re_exact; }; -declare(PList, RE_Matcher); -typedef PList(RE_Matcher) re_matcher_list; - extern RE_Matcher* RE_Matcher_conjunction(const RE_Matcher* re1, const RE_Matcher* re2); extern RE_Matcher* RE_Matcher_disjunction(const RE_Matcher* re1, const RE_Matcher* re2); diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index f55fba167c..3abd8e6423 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -1435,7 +1435,9 @@ void RemoteSerializer::Process() break; BufferedEvent* be = events[0]; - ::Event* event = new ::Event(be->handler, be->args, be->src); + ::Event* event = new ::Event(be->handler, std::move(*be->args), be->src); + delete be->args; + be->args = nullptr; Peer* old_current_peer = current_peer; // Prevent the source peer from getting the event back. @@ -2260,14 +2262,14 @@ bool RemoteSerializer::ProcessPongMsg() ping_args* args = (ping_args*) current_args->data; - val_list* vl = new val_list; - vl->append(current_peer->val->Ref()); - vl->append(val_mgr->GetCount((unsigned int) ntohl(args->seq))); - vl->append(new Val(current_time(true) - ntohd(args->time1), - TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time2), TYPE_INTERVAL)); - vl->append(new Val(ntohd(args->time3), TYPE_INTERVAL)); - mgr.QueueEvent(remote_pong, vl); + mgr.QueueEvent(remote_pong, { + current_peer->val->Ref(), + val_mgr->GetCount((unsigned int) ntohl(args->seq)), + new Val(current_time(true) - ntohd(args->time1), + TYPE_INTERVAL), + new Val(ntohd(args->time2), TYPE_INTERVAL), + new Val(ntohd(args->time3), TYPE_INTERVAL) + }); return true; } @@ -3006,20 +3008,20 @@ void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, { if ( peer ) { - val_list* vl = new val_list(); - vl->append(peer->val->Ref()); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log_peer, vl); + mgr.QueueEvent(remote_log_peer, { + peer->val->Ref(), + val_mgr->GetCount(level), + val_mgr->GetCount(src), + new StringVal(msg) + }); } else { - val_list* vl = new val_list(); - vl->append(val_mgr->GetCount(level)); - vl->append(val_mgr->GetCount(src)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(remote_log, vl); + mgr.QueueEvent(remote_log, { + val_mgr->GetCount(level), + val_mgr->GetCount(src), + new StringVal(msg) + }); } #ifdef DEBUG @@ -3041,27 +3043,27 @@ void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, void RemoteSerializer::RaiseEvent(EventHandlerPtr event, Peer* peer, const char* arg) { - val_list* vl = new val_list; + val_list vl(1 + (bool)arg); if ( peer ) { Ref(peer->val); - vl->append(peer->val); + vl.append(peer->val); } else { Val* v = mgr.GetLocalPeerVal(); v->Ref(); - vl->append(v); + vl.append(v); } if ( arg ) - vl->append(new StringVal(arg)); + vl.append(new StringVal(arg)); // If we only have remote sources, the network time // will not increase as long as no peers are connected. // Therefore, we send these events immediately. - mgr.Dispatch(new Event(event, vl, PEER_LOCAL)); + mgr.Dispatch(new Event(event, std::move(vl), PEER_LOCAL)); } void RemoteSerializer::LogStats() diff --git a/src/Reporter.cc b/src/Reporter.cc index 413f89b9ea..9821911d17 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -216,36 +216,30 @@ void Reporter::Syslog(const char* fmt, ...) void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, file_analysis::File* f, const char* addl, const char* fmt_name, ...) { - val_list* vl = new val_list(1); + val_list vl(2); if ( conn_val ) - vl->append(conn_val); + vl.append(conn_val); else if ( f ) - vl->append(f->GetVal()->Ref()); + vl.append(f->GetVal()->Ref()); if ( addl ) - vl->append(new StringVal(addl)); + vl.append(new StringVal(addl)); va_list ap; va_start(ap, fmt_name); - DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", event, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...) { - val_list* vl = new val_list(2); - vl->append(new AddrVal(orig)); - vl->append(new AddrVal(resp)); + val_list vl{new AddrVal(orig), new AddrVal(resp)}; va_list ap; va_start(ap, fmt_name); - DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", flow_weird, 0, 0, &vl, false, false, 0, fmt_name, ap); va_end(ap); - - delete vl; } void Reporter::UpdateWeirdStats(const char* name) @@ -489,29 +483,32 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, if ( raise_event && event && via_events && ! in_error_handler ) { - val_list* vl = new val_list; + auto vl_size = 1 + (bool)time + (bool)location + (bool)conn + + (addl ? addl->length() : 0); + + val_list vl(vl_size); if ( time ) - vl->append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); + vl.append(new Val((bro_start_network_time != 0.0) ? network_time : 0, TYPE_TIME)); - vl->append(new StringVal(buffer)); + vl.append(new StringVal(buffer)); if ( location ) - vl->append(new StringVal(loc_str.c_str())); + vl.append(new StringVal(loc_str.c_str())); if ( conn ) - vl->append(conn->BuildConnVal()); + vl.append(conn->BuildConnVal()); if ( addl ) { loop_over_list(*addl, i) - vl->append((*addl)[i]); + vl.append((*addl)[i]); } if ( conn ) - conn->ConnectionEvent(event, 0, vl); + conn->ConnectionEvent(event, 0, std::move(vl)); else - mgr.QueueEvent(event, vl); + mgr.QueueEvent(event, std::move(vl)); } else { diff --git a/src/RuleAction.cc b/src/RuleAction.cc index e67c51b514..ab9994bde2 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -17,16 +17,11 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, { if ( signature_match ) { - val_list* vl = new val_list; - vl->append(rule_matcher->BuildRuleStateValue(parent, state)); - vl->append(new StringVal(msg)); - - if ( data ) - vl->append(new StringVal(len, (const char*)data)); - else - vl->append(val_mgr->GetEmptyString()); - - mgr.QueueEvent(signature_match, vl); + mgr.QueueEvent(signature_match, { + rule_matcher->BuildRuleStateValue(parent, state), + new StringVal(msg), + data ? new StringVal(len, (const char*)data) : val_mgr->GetEmptyString(), + }); } } diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index 0534570ed7..fdb35f5d06 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -162,7 +162,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state, return id->ID_Val()->AsBool(); // Call function with a signature_state value as argument. - val_list args; + val_list args(2); args.append(rule_matcher->BuildRuleStateValue(rule, state)); if ( data ) diff --git a/src/Scope.cc b/src/Scope.cc index a707336381..e260ea3ca7 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -7,6 +7,9 @@ #include "Scope.h" #include "Reporter.h" +declare(PList,Scope); +typedef PList(Scope) scope_list; + static scope_list scopes; static Scope* top_scope; diff --git a/src/Serializer.cc b/src/Serializer.cc index 0366c36c81..2c32283c56 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -365,7 +365,7 @@ bool Serializer::UnserializeCall(UnserialInfo* info) d.SetIncludeStats(true); d.SetShort(); - val_list* args = new val_list; + val_list* args = new val_list(len); for ( int i = 0; i < len; ++i ) { Val* v = Val::Unserialize(info); @@ -996,7 +996,8 @@ void EventPlayer::GotEvent(const char* name, double time, { ne_time = time; ne_handler = event; - ne_args = args; + ne_args = std::move(*args); + delete args; } void EventPlayer::GotFunctionCall(const char* name, double time, @@ -1054,7 +1055,7 @@ void EventPlayer::Process() if ( ! (io && ne_time) ) return; - Event* event = new Event(ne_handler, ne_args); + Event* event = new Event(ne_handler, std::move(ne_args)); mgr.Dispatch(event); ne_time = 0; diff --git a/src/Serializer.h b/src/Serializer.h index 3b863a5b6e..2c30ef5443 100644 --- a/src/Serializer.h +++ b/src/Serializer.h @@ -353,7 +353,7 @@ protected: // Next event waiting to be dispatched. double ne_time; EventHandlerPtr ne_handler; - val_list* ne_args; + val_list ne_args; }; diff --git a/src/Sessions.cc b/src/Sessions.cc index edccb7e00c..db4e9e5d3a 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -171,11 +171,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) SegmentProfiler(segment_logger, "dispatching-packet"); if ( raw_packet ) - { - val_list* vl = new val_list(); - vl->append(pkt->BuildPktHdrVal()); - mgr.QueueEvent(raw_packet, vl); - } + mgr.QueueEvent(raw_packet, {pkt->BuildPktHdrVal()}); if ( pkt_profiler ) pkt_profiler->ProfilePkt(t, pkt->cap_len); @@ -415,11 +411,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr { dump_this_packet = 1; if ( esp_packet ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(esp_packet, vl); - } + mgr.QueueEvent(esp_packet, {ip_hdr->BuildPktHdrVal()}); // Can't do more since upper-layer payloads are going to be encrypted. return; @@ -439,11 +431,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr } if ( mobile_ipv6_message ) - { - val_list* vl = new val_list(); - vl->append(ip_hdr->BuildPktHdrVal()); - mgr.QueueEvent(mobile_ipv6_message, vl); - } + mgr.QueueEvent(mobile_ipv6_message, {ip_hdr->BuildPktHdrVal()}); if ( ip_hdr->NextProto() != IPPROTO_NONE ) Weird("mobility_piggyback", pkt, encapsulation); @@ -1329,10 +1317,10 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, if ( external ) { - val_list* vl = new val_list(2); - vl->append(conn->BuildConnVal()); - vl->append(new StringVal(conn->GetTimerMgr()->GetTag().c_str())); - conn->ConnectionEvent(connection_external, 0, vl); + conn->ConnectionEvent(connection_external, 0, { + conn->BuildConnVal(), + new StringVal(conn->GetTimerMgr()->GetTag().c_str()), + }); } } diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 874ed9c5c2..b9f08a54cc 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -192,12 +192,12 @@ bool StateAccess::CheckOld(const char* op, ID* id, Val* index, else arg3 = new StringVal(""); - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal(op), + arg1, + arg2, + arg3, + }); return false; } @@ -219,12 +219,12 @@ bool StateAccess::CheckOldSet(const char* op, ID* id, Val* index, Val* arg2 = new StringVal(should ? "set" : "not set"); Val* arg3 = new StringVal(is ? "set" : "not set"); - val_list* args = new val_list; - args->append(new StringVal(op)); - args->append(arg1); - args->append(arg2); - args->append(arg3); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal(op), + arg1, + arg2, + arg3, + }); return false; } @@ -514,12 +514,12 @@ void StateAccess::Replay() d.SetShort(); op1.val->Describe(&d); - val_list* args = new val_list; - args->append(new StringVal("read")); - args->append(new StringVal(fmt("%s[%s]", target.id->Name(), d.Description()))); - args->append(new StringVal("existent")); - args->append(new StringVal("not existent")); - mgr.QueueEvent(remote_state_inconsistency, args); + mgr.QueueEvent(remote_state_inconsistency, { + new StringVal("read"), + new StringVal(fmt("%s[%s]", target.id->Name(), d.Description())), + new StringVal("existent"), + new StringVal("not existent"), + }); } } } @@ -536,10 +536,10 @@ void StateAccess::Replay() if ( remote_state_access_performed ) { - val_list* vl = new val_list; - vl->append(new StringVal(target.id->Name())); - vl->append(target.id->ID_Val()->Ref()); - mgr.QueueEvent(remote_state_access_performed, vl); + mgr.QueueEvent(remote_state_access_performed, { + new StringVal(target.id->Name()), + target.id->ID_Val()->Ref(), + }); } } @@ -943,8 +943,7 @@ void NotifierRegistry::Register(ID* id, NotifierRegistry::Notifier* notifier) } else { - attr_list* a = new attr_list; - a->append(attr); + attr_list* a = new attr_list{attr}; id->SetAttrs(new Attributes(a, id->Type(), false)); } diff --git a/src/Stats.cc b/src/Stats.cc index 780ffdc39b..7c232f7aa4 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -310,11 +310,11 @@ void ProfileLogger::Log() // (and for consistency we dispatch it *now*) if ( profiling_update ) { - val_list* vl = new val_list; Ref(file); - vl->append(new Val(file)); - vl->append(val_mgr->GetBool(expensive)); - mgr.Dispatch(new Event(profiling_update, vl)); + mgr.Dispatch(new Event(profiling_update, { + new Val(file), + val_mgr->GetBool(expensive), + })); } } @@ -369,12 +369,11 @@ void SampleLogger::SegmentProfile(const char* /* name */, const Location* /* loc */, double dtime, int dmem) { - val_list* vl = new val_list(2); - vl->append(load_samples->Ref()); - vl->append(new IntervalVal(dtime, Seconds)); - vl->append(val_mgr->GetInt(dmem)); - - mgr.QueueEvent(load_sample, vl); + mgr.QueueEvent(load_sample, { + load_samples->Ref(), + new IntervalVal(dtime, Seconds), + val_mgr->GetInt(dmem) + }); } void SegmentProfiler::Init() diff --git a/src/Stmt.cc b/src/Stmt.cc index 7e7ba23a18..6dba9eb251 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -292,13 +292,14 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const if ( print_hook ) { - val_list* vl = new val_list(2); ::Ref(f); - vl->append(new Val(f)); - vl->append(new StringVal(d.Len(), d.Description())); // Note, this doesn't do remote printing. - mgr.Dispatch(new Event(print_hook, vl), true); + mgr.Dispatch( + new Event( + print_hook, + {new Val(f), new StringVal(d.Len(), d.Description())}), + true); } if ( remote_serializer ) @@ -704,7 +705,7 @@ bool Case::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - type_cases = new id_list; + type_cases = new id_list(len); while ( len-- ) { @@ -1198,7 +1199,10 @@ Val* EventStmt::Exec(Frame* f, stmt_flow_type& flow) const val_list* args = eval_list(f, event_expr->Args()); if ( args ) - mgr.QueueEvent(event_expr->Handler(), args); + { + mgr.QueueEvent(event_expr->Handler(), std::move(*args)); + delete args; + } flow = FLOW_NEXT; @@ -1633,7 +1637,7 @@ bool ForStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - loop_vars = new id_list; + loop_vars = new id_list(len); while ( len-- ) { @@ -2149,7 +2153,7 @@ bool InitStmt::DoUnserialize(UnserialInfo* info) if ( ! UNSERIALIZE(&len) ) return false; - inits = new id_list; + inits = new id_list(len); while ( len-- ) { diff --git a/src/Stmt.h b/src/Stmt.h index a9bf7cddf8..c3ee6611fe 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -213,6 +213,9 @@ protected: Stmt* s; }; +declare(PList,Case); +typedef PList(Case) case_list; + class SwitchStmt : public ExprStmt { public: SwitchStmt(Expr* index, case_list* cases); diff --git a/src/Type.cc b/src/Type.cc index 77a5ac6d16..28f4a28492 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -2266,7 +2266,7 @@ BroType* merge_types(const BroType* t1, const BroType* t2) if ( rt1->NumFields() != rt2->NumFields() ) return 0; - type_decl_list* tdl3 = new type_decl_list; + type_decl_list* tdl3 = new type_decl_list(rt1->NumFields()); for ( int i = 0; i < rt1->NumFields(); ++i ) { diff --git a/src/Type.h b/src/Type.h index bc13997461..c537bb6203 100644 --- a/src/Type.h +++ b/src/Type.h @@ -460,6 +460,9 @@ public: const char* id; }; +declare(PList,TypeDecl); +typedef PList(TypeDecl) type_decl_list; + class RecordType : public BroType { public: explicit RecordType(type_decl_list* types); diff --git a/src/Val.cc b/src/Val.cc index b55a9090d3..a7bb933524 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1861,29 +1861,30 @@ Val* TableVal::Default(Val* index) return def_attr->AttrExpr()->IsConst() ? def_val->Ref() : def_val->Clone(); const Func* f = def_val->AsFunc(); - val_list* vl = new val_list(); + val_list vl; if ( index->Type()->Tag() == TYPE_LIST ) { const val_list* vl0 = index->AsListVal()->Vals(); + vl = val_list(vl0->length()); loop_over_list(*vl0, i) - vl->append((*vl0)[i]->Ref()); + vl.append((*vl0)[i]->Ref()); } else - vl->append(index->Ref()); + { + vl = val_list{index->Ref()}; + } Val* result = 0; try { - result = f->Call(vl); + result = f->Call(&vl); } catch ( InterpreterException& e ) { /* Already reported. */ } - delete vl; - if ( ! result ) { Error("no value returned from &default function"); @@ -2423,21 +2424,6 @@ double TableVal::CallExpireFunc(Val* idx) return 0; } - val_list* vl = new val_list; - vl->append(Ref()); - - // Flatten lists of a single element. - if ( idx->Type()->Tag() == TYPE_LIST && - idx->AsListVal()->Length() == 1 ) - { - Val* old = idx; - idx = idx->AsListVal()->Index(0); - idx->Ref(); - Unref(old); - } - - vl->append(idx); - double secs = 0; try @@ -2447,19 +2433,31 @@ double TableVal::CallExpireFunc(Val* idx) if ( ! vf ) { // Will have been reported already. - delete_vals(vl); + Unref(idx); return 0; } if ( vf->Type()->Tag() != TYPE_FUNC ) { - Unref(vf); - delete_vals(vl); vf->Error("not a function"); + Unref(vf); + Unref(idx); return 0; } - Val* vs = vf->AsFunc()->Call(vl); + + // Flatten lists of a single element. + if ( idx->Type()->Tag() == TYPE_LIST && + idx->AsListVal()->Length() == 1 ) + { + Val* old = idx; + idx = idx->AsListVal()->Index(0); + idx->Ref(); + Unref(old); + } + + val_list vl{Ref(), idx}; + Val* vs = vf->AsFunc()->Call(&vl); if ( vs ) { @@ -2468,7 +2466,6 @@ double TableVal::CallExpireFunc(Val* idx) } Unref(vf); - delete vl; } catch ( InterpreterException& e ) diff --git a/src/Var.cc b/src/Var.cc index 8534fdd910..fb27b7261f 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -325,8 +325,7 @@ static void transfer_arg_defaults(RecordType* args, RecordType* recv) if ( ! recv_i->attrs ) { - attr_list* a = new attr_list(); - a->append(def); + attr_list* a = new attr_list{def}; recv_i->attrs = new Attributes(a, recv_i->type, true); } diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 818dd917e8..be2cfcf627 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -665,11 +665,11 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - mgr.QueueEvent(protocol_confirmation, vl); + mgr.QueueEvent(protocol_confirmation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + }); protocol_confirmed = true; } @@ -692,12 +692,12 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) EnumVal* tval = tag.AsEnumVal(); Ref(tval); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(tval); - vl->append(val_mgr->GetCount(id)); - vl->append(r); - mgr.QueueEvent(protocol_violation, vl); + mgr.QueueEvent(protocol_violation, { + BuildConnVal(), + tval, + val_mgr->GetCount(id), + r, + }); } void Analyzer::AddTimer(analyzer_timer_func timer, double t, @@ -782,6 +782,11 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list* vl) conn->ConnectionEvent(f, this, vl); } +void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) + { + conn->ConnectionEvent(f, this, std::move(vl)); + } + void Analyzer::Weird(const char* name, const char* addl) { conn->Weird(name, addl); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index a13df7e21e..ab09e63458 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -541,6 +541,12 @@ public: */ void ConnectionEvent(EventHandlerPtr f, val_list* vl); + /** + * Convenience function that forwards directly to + * Connection::ConnectionEvent(). + */ + void ConnectionEvent(EventHandlerPtr f, val_list vl); + /** * Convenience function that forwards directly to the corresponding * Connection::Weird(). diff --git a/src/analyzer/protocol/arp/ARP.cc b/src/analyzer/protocol/arp/ARP.cc index 83166bd149..e206303e9c 100644 --- a/src/analyzer/protocol/arp/ARP.cc +++ b/src/analyzer/protocol/arp/ARP.cc @@ -190,13 +190,13 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg) if ( ! bad_arp ) return; - val_list* vl = new val_list; - vl->append(ConstructAddrVal(ar_spa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_sha(hdr))); - vl->append(ConstructAddrVal(ar_tpa(hdr))); - vl->append(EthAddrToStr((const u_char*) ar_tha(hdr))); - vl->append(new StringVal(msg)); - mgr.QueueEvent(bad_arp, vl); + mgr.QueueEvent(bad_arp, { + ConstructAddrVal(ar_spa(hdr)), + EthAddrToStr((const u_char*) ar_sha(hdr)), + ConstructAddrVal(ar_tpa(hdr)), + EthAddrToStr((const u_char*) ar_tha(hdr)), + new StringVal(msg), + }); } void ARP_Analyzer::Corrupted(const char* msg) @@ -212,18 +212,14 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e, if ( ! e ) return; - // init the val_list - val_list* vl = new val_list; - - // prepare the event arguments - vl->append(EthAddrToStr(src)); - vl->append(EthAddrToStr(dst)); - vl->append(ConstructAddrVal(spa)); - vl->append(EthAddrToStr((const u_char*) sha)); - vl->append(ConstructAddrVal(tpa)); - vl->append(EthAddrToStr((const u_char*) tha)); - - mgr.QueueEvent(e, vl); + mgr.QueueEvent(e, { + EthAddrToStr(src), + EthAddrToStr(dst), + ConstructAddrVal(spa), + EthAddrToStr((const u_char*) sha), + ConstructAddrVal(tpa), + EthAddrToStr((const u_char*) tha), + }); } AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr) diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index ecfb660b94..4cc8d5f703 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -246,13 +246,12 @@ void BackDoorEndpoint::RloginSignatureFound(int len) rlogin_checking_done = 1; - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(rlogin_num_null)); - vl->append(val_mgr->GetCount(len)); - - endp->TCP()->ConnectionEvent(rlogin_signature_found, vl); + endp->TCP()->ConnectionEvent(rlogin_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(rlogin_num_null), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* data) @@ -338,12 +337,11 @@ void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* d void BackDoorEndpoint::TelnetSignatureFound(int len) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(len)); - - endp->TCP()->ConnectionEvent(telnet_signature_found, vl); + endp->TCP()->ConnectionEvent(telnet_signature_found, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(len), + }); } void BackDoorEndpoint::CheckForSSH(uint64 seq, int len, const u_char* data) @@ -643,13 +641,12 @@ void BackDoorEndpoint::CheckForHTTPProxy(uint64 /* seq */, int len, void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig) { - val_list* vl = new val_list; - vl->append(endp->TCP()->BuildConnVal()); - if ( do_orig ) - vl->append(val_mgr->GetBool(endp->IsOrig())); + endp->TCP()->ConnectionEvent(e, + {endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig())}); - endp->TCP()->ConnectionEvent(e, vl); + else + endp->TCP()->ConnectionEvent(e, {endp->TCP()->BuildConnVal()}); } @@ -776,20 +773,16 @@ void BackDoor_Analyzer::StatTimer(double t, int is_expire) void BackDoor_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); - - TCP()->ConnectionEvent(backdoor_stats, vl); + TCP()->ConnectionEvent(backdoor_stats, { + TCP()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void BackDoor_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(TCP()->BuildConnVal()); - - TCP()->ConnectionEvent(backdoor_remove_conn, vl); + TCP()->ConnectionEvent(backdoor_remove_conn, {TCP()->BuildConnVal()}); } BackDoorTimer::BackDoorTimer(double t, BackDoor_Analyzer* a) diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index 652d3d120c..989265623c 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -120,10 +120,10 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bittorrent_peer_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bittorrent_peer_weird, vl); + ConnectionEvent(bittorrent_peer_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 54cac790fb..411bbf0aff 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -247,11 +247,11 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bt_tracker_weird ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(msg)); - ConnectionEvent(bt_tracker_weird, vl); + ConnectionEvent(bt_tracker_weird, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(msg), + }); } } @@ -346,19 +346,16 @@ void BitTorrentTracker_Analyzer::RequestGet(char* uri) void BitTorrentTracker_Analyzer::EmitRequest(void) { - val_list* vl; - ProtocolConfirmation(); - vl = new val_list; - vl->append(BuildConnVal()); - vl->append(req_val_uri); - vl->append(req_val_headers); + ConnectionEvent(bt_tracker_request, { + BuildConnVal(), + req_val_uri, + req_val_headers, + }); req_val_uri = 0; req_val_headers = 0; - - ConnectionEvent(bt_tracker_request, vl); } bool BitTorrentTracker_Analyzer::ParseResponse(char* line) @@ -404,11 +401,11 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { if ( res_status != 200 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - ConnectionEvent(bt_tracker_response_not_ok, vl); + ConnectionEvent(bt_tracker_response_not_ok, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + }); res_val_headers = 0; res_buf_pos = res_buf + res_buf_len; res_state = BTT_RES_DONE; @@ -790,16 +787,15 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) { ProtocolConfirmation(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(res_status)); - vl->append(res_val_headers); - vl->append(res_val_peers); - vl->append(res_val_benc); + ConnectionEvent(bt_tracker_response, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + res_val_peers, + res_val_benc, + }); res_val_headers = 0; res_val_peers = 0; res_val_benc = 0; - - ConnectionEvent(bt_tracker_response, vl); } diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 52d81e3111..cf6521103c 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -47,11 +47,11 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool if ( ! f ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetCount(threshold)); - vl->append(val_mgr->GetBool(is_orig)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + val_mgr->GetCount(threshold), + val_mgr->GetBool(is_orig), + }); } void ConnSize_Analyzer::CheckSizes(bool is_orig) diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 944ce92731..a67b548fe9 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -46,13 +46,12 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) if ( dns_message ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(msg.BuildHdrVal()); - vl->append(val_mgr->GetCount(len)); - - analyzer->ConnectionEvent(dns_message, vl); + analyzer->ConnectionEvent(dns_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + msg.BuildHdrVal(), + val_mgr->GetCount(len), + }); } // There is a great deal of non-DNS traffic that runs on port 53. @@ -133,11 +132,10 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) int DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - analyzer->ConnectionEvent(dns_end, vl); + analyzer->ConnectionEvent(dns_end, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + }); return 1; } @@ -336,11 +334,11 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, if ( dns_unknown_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - analyzer->ConnectionEvent(dns_unknown_reply, vl); + analyzer->ConnectionEvent(dns_unknown_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + }); } analyzer->Weird("DNS_RR_unknown_type", fmt("%d", msg->atype)); @@ -551,14 +549,12 @@ int DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, if ( reply_event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - - analyzer->ConnectionEvent(reply_event, vl); + analyzer->ConnectionEvent(reply_event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + }); } return 1; @@ -598,14 +594,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, if ( dns_SOA_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - RecordVal* r = new RecordVal(dns_soa); - r->Assign(0, new StringVal(new BroString(mname, mname_end - mname, 1))); r->Assign(1, new StringVal(new BroString(rname, rname_end - rname, 1))); r->Assign(2, val_mgr->GetCount(serial)); @@ -614,9 +603,12 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(5, new IntervalVal(double(expire), Seconds)); r->Assign(6, new IntervalVal(double(minimum), Seconds)); - vl->append(r); - - analyzer->ConnectionEvent(dns_SOA_reply, vl); + analyzer->ConnectionEvent(dns_SOA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + r + }); } return 1; @@ -642,15 +634,13 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, if ( dns_MX_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(preference)); - - analyzer->ConnectionEvent(dns_MX_reply, vl); + analyzer->ConnectionEvent(dns_MX_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(preference), + }); } return 1; @@ -687,16 +677,15 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, if ( dns_SRV_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(val_mgr->GetCount(priority)); - vl->append(val_mgr->GetCount(weight)); - vl->append(val_mgr->GetCount(port)); - - analyzer->ConnectionEvent(dns_SRV_reply, vl); + analyzer->ConnectionEvent(dns_SRV_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + val_mgr->GetCount(priority), + val_mgr->GetCount(weight), + val_mgr->GetCount(port), + }); } return 1; @@ -711,12 +700,11 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, if ( dns_EDNS_addl && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildEDNS_Val()); - analyzer->ConnectionEvent(dns_EDNS_addl, vl); + analyzer->ConnectionEvent(dns_EDNS_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildEDNS_Val(), + }); } // Currently EDNS supports the movement of type:data pairs @@ -789,13 +777,11 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, msg->tsig->orig_id = orig_id; msg->tsig->rr_error = rr_error; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildTSIG_Val()); - - analyzer->ConnectionEvent(dns_TSIG_addl, vl); + analyzer->ConnectionEvent(dns_TSIG_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildTSIG_Val(), + }); return 1; } @@ -889,14 +875,12 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, rrsig.signer_name = new BroString(name, name_end - name, 1); rrsig.signature = sign; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildRRSIG_Val(&rrsig)); - - analyzer->ConnectionEvent(dns_RRSIG, vl); + analyzer->ConnectionEvent(dns_RRSIG, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildRRSIG_Val(&rrsig), + }); return 1; } @@ -983,14 +967,12 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, dnskey.dprotocol = dprotocol; dnskey.public_key = key; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDNSKEY_Val(&dnskey)); - - analyzer->ConnectionEvent(dns_DNSKEY, vl); + analyzer->ConnectionEvent(dns_DNSKEY, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDNSKEY_Val(&dnskey), + }); return 1; } @@ -1035,15 +1017,13 @@ int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new StringVal(new BroString(name, name_end - name, 1))); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_NSEC, vl); + analyzer->ConnectionEvent(dns_NSEC, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + char_strings, + }); return 1; } @@ -1121,14 +1101,12 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, nsec3.nsec_hash = hash_val; nsec3.bitmaps = char_strings; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildNSEC3_Val(&nsec3)); - - analyzer->ConnectionEvent(dns_NSEC3, vl); + analyzer->ConnectionEvent(dns_NSEC3, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildNSEC3_Val(&nsec3), + }); return 1; } @@ -1178,14 +1156,12 @@ int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, ds.digest_type = ds_dtype; ds.digest_val = ds_digest; - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(msg->BuildDS_Val(&ds)); - - analyzer->ConnectionEvent(dns_DS, vl); + analyzer->ConnectionEvent(dns_DS, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDS_Val(&ds), + }); return 1; } @@ -1203,14 +1179,12 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, if ( dns_A_reply && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(htonl(addr))); - - analyzer->ConnectionEvent(dns_A_reply, vl); + analyzer->ConnectionEvent(dns_A_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(htonl(addr)), + }); } return 1; @@ -1242,13 +1216,12 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, event = dns_A6_reply; if ( event && ! msg->skip_event ) { - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(new AddrVal(addr)); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new AddrVal(addr), + }); } return 1; @@ -1317,14 +1290,12 @@ int DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) char_strings->Assign(char_strings->Size(), char_string); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(char_strings); - - analyzer->ConnectionEvent(dns_TXT_reply, vl); + analyzer->ConnectionEvent(dns_TXT_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + char_strings, + }); return rdlength == 0; } @@ -1359,16 +1330,14 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, data += value->Len(); rdlength -= value->Len(); - val_list* vl = new val_list; - - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(msg->BuildAnswerVal()); - vl->append(val_mgr->GetCount(flags)); - vl->append(new StringVal(tag)); - vl->append(new StringVal(value)); - - analyzer->ConnectionEvent(dns_CAA_reply, vl); + analyzer->ConnectionEvent(dns_CAA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + val_mgr->GetCount(flags), + new StringVal(tag), + new StringVal(value), + }); return rdlength == 0; } @@ -1382,14 +1351,13 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, RR_Type qtype = RR_Type(ExtractShort(data, len)); int qclass = ExtractShort(data, len); - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(msg->BuildHdrVal()); - vl->append(new StringVal(question_name)); - vl->append(val_mgr->GetCount(qtype)); - vl->append(val_mgr->GetCount(qclass)); - - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + new StringVal(question_name), + val_mgr->GetCount(qtype), + val_mgr->GetCount(qclass), + }); } @@ -1737,10 +1705,10 @@ void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, { if ( ! interp->ParseMessage(data, len, 1) && non_dns_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(non_dns_request, vl); + ConnectionEvent(non_dns_request, { + BuildConnVal(), + new StringVal(len, (const char*) data), + }); } } diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index b7e00c7fa4..bb81eaa1fd 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -77,10 +77,11 @@ void File_Analyzer::Identify() &matches); string match = matches.empty() ? "" : *(matches.begin()->second.begin()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(buffer_len, buffer)); - vl->append(new StringVal("")); - vl->append(new StringVal(match)); - ConnectionEvent(file_transferred, vl); + + ConnectionEvent(file_transferred, { + BuildConnVal(), + new StringVal(buffer_len, buffer), + new StringVal(""), + new StringVal(match), + }); } diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 6729c34448..0f7cec2677 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -66,14 +66,15 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig else host = at + 1; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(long_cnt)); - vl->append(new StringVal(at - line, line)); - vl->append(new StringVal(end_of_line - host, host)); - if ( finger_request ) - ConnectionEvent(finger_request, vl); + { + ConnectionEvent(finger_request, { + BuildConnVal(), + val_mgr->GetBool(long_cnt), + new StringVal(at - line, line), + new StringVal(end_of_line - host, host), + }); + } Conn()->Match(Rule::FINGER, (const u_char *) line, end_of_line - line, true, true, 1, true); @@ -86,10 +87,9 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( ! finger_reply ) return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(finger_reply, vl); + ConnectionEvent(finger_reply, { + BuildConnVal(), + new StringVal(end_of_line - line, line), + }); } } diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index f28dadf670..d4a659124e 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -73,8 +73,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) // Could emit "ftp empty request/reply" weird, but maybe not worth it. return; - val_list* vl = new val_list; - vl->append(BuildConnVal()); + val_list vl; EventHandlerPtr f; if ( orig ) @@ -95,8 +94,11 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) else cmd_str = (new StringVal(cmd_len, cmd))->ToUpper(); - vl->append(cmd_str); - vl->append(new StringVal(end_of_line - line, line)); + vl = val_list{ + BuildConnVal(), + cmd_str, + new StringVal(end_of_line - line, line), + }; f = ftp_request; ProtocolConfirmation(); @@ -171,14 +173,17 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) } } - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool(cont_resp)); + vl = val_list{ + BuildConnVal(), + val_mgr->GetCount(reply_code), + new StringVal(end_of_line - line, line), + val_mgr->GetBool(cont_resp), + }; f = ftp_reply; } - ConnectionEvent(f, vl); + ConnectionEvent(f, std::move(vl)); ForwardStream(length, data, orig); } diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index e7c11b40bb..dc6e14bf63 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -58,16 +58,10 @@ void Gnutella_Analyzer::Done() if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - if ( Established() && gnutella_establish ) - ConnectionEvent(gnutella_establish, vl); + ConnectionEvent(gnutella_establish, {BuildConnVal()}); else if ( ! Established () && gnutella_not_establish ) - ConnectionEvent(gnutella_not_establish, vl); - else - delete_vals(vl); + ConnectionEvent(gnutella_not_establish, {BuildConnVal()}); } if ( gnutella_partial_binary_msg ) @@ -78,14 +72,12 @@ void Gnutella_Analyzer::Done() { if ( ! p->msg_sent && p->msg_pos ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(p->msg)); - vl->append(val_mgr->GetBool((i == 0))); - vl->append(val_mgr->GetCount(p->msg_pos)); - - ConnectionEvent(gnutella_partial_binary_msg, vl); + ConnectionEvent(gnutella_partial_binary_msg, { + BuildConnVal(), + new StringVal(p->msg), + val_mgr->GetBool((i == 0)), + val_mgr->GetCount(p->msg_pos), + }); } else if ( ! p->msg_sent && p->payload_left ) @@ -129,10 +121,7 @@ int Gnutella_Analyzer::IsHTTP(string header) if ( gnutella_http_notify ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_http_notify, vl); + ConnectionEvent(gnutella_http_notify, {BuildConnVal()}); } analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); @@ -192,13 +181,11 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { if ( gnutella_text_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(ms->headers.data())); - - ConnectionEvent(gnutella_text_msg, vl); + ConnectionEvent(gnutella_text_msg, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(ms->headers.data()), + }); } ms->headers = ""; @@ -206,12 +193,9 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) if ( Established () && gnutella_establish ) { - val_list* vl = new val_list; - sent_establish = 1; - vl->append(BuildConnVal()); - ConnectionEvent(gnutella_establish, vl); + ConnectionEvent(gnutella_establish, {BuildConnVal()}); } } } @@ -237,21 +221,18 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) if ( gnutella_binary_msg ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(p->msg_type)); - vl->append(val_mgr->GetCount(p->msg_ttl)); - vl->append(val_mgr->GetCount(p->msg_hops)); - vl->append(val_mgr->GetCount(p->msg_len)); - vl->append(new StringVal(p->payload)); - vl->append(val_mgr->GetCount(p->payload_len)); - vl->append(val_mgr->GetBool( - (p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD)))); - vl->append(val_mgr->GetBool((p->payload_left == 0))); - - ConnectionEvent(gnutella_binary_msg, vl); + ConnectionEvent(gnutella_binary_msg, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(p->msg_type), + val_mgr->GetCount(p->msg_ttl), + val_mgr->GetCount(p->msg_hops), + val_mgr->GetCount(p->msg_len), + new StringVal(p->payload), + val_mgr->GetCount(p->payload_len), + val_mgr->GetBool((p->payload_len < min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))), + val_mgr->GetBool((p->payload_left == 0)), + }); } } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 4706286914..6087f7b43d 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -646,11 +646,11 @@ void HTTP_Message::Done(const int interrupted, const char* detail) if ( http_message_done ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildMessageStat(interrupted, detail)); - GetAnalyzer()->ConnectionEvent(http_message_done, vl); + GetAnalyzer()->ConnectionEvent(http_message_done, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildMessageStat(interrupted, detail), + }); } MyHTTP_Analyzer()->HTTP_MessageDone(is_orig, this); @@ -679,10 +679,10 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) if ( http_begin_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_begin_entity, vl); + analyzer->ConnectionEvent(http_begin_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -696,10 +696,10 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) if ( http_end_entity ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - analyzer->ConnectionEvent(http_end_entity, vl); + analyzer->ConnectionEvent(http_end_entity, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } current_entity = (HTTP_Entity*) entity->Parent(); @@ -737,11 +737,11 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { if ( http_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(http_all_headers, vl); + analyzer->ConnectionEvent(http_all_headers, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + BuildHeaderTable(hlist), + }); } if ( http_content_type ) @@ -751,12 +751,12 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) ty->Ref(); subty->Ref(); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(ty); - vl->append(subty); - analyzer->ConnectionEvent(http_content_type, vl); + analyzer->ConnectionEvent(http_content_type, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + ty, + subty, + }); } } @@ -1182,12 +1182,8 @@ void HTTP_Analyzer::GenStats() r->Assign(2, new Val(request_version, TYPE_DOUBLE)); r->Assign(3, new Val(reply_version, TYPE_DOUBLE)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(r); - // DEBUG_MSG("%.6f http_stats\n", network_time); - ConnectionEvent(http_stats, vl); + ConnectionEvent(http_stats, {BuildConnVal(), r}); } } @@ -1384,13 +1380,12 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail) { if ( http_event ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(detail); - // DEBUG_MSG("%.6f http_event\n", network_time); - ConnectionEvent(http_event, vl); + ConnectionEvent(http_event, { + BuildConnVal(), + new StringVal(category), + detail, + }); } else delete detail; @@ -1426,17 +1421,16 @@ void HTTP_Analyzer::HTTP_Request() if ( http_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - Ref(request_method); - vl->append(request_method); - vl->append(TruncateURI(request_URI->AsStringVal())); - vl->append(TruncateURI(unescaped_URI->AsStringVal())); - vl->append(new StringVal(fmt("%.1f", request_version))); // DEBUG_MSG("%.6f http_request\n", network_time); - ConnectionEvent(http_request, vl); + ConnectionEvent(http_request, { + BuildConnVal(), + request_method, + TruncateURI(request_URI->AsStringVal()), + TruncateURI(unescaped_URI->AsStringVal()), + new StringVal(fmt("%.1f", request_version)), + }); } } @@ -1444,15 +1438,14 @@ void HTTP_Analyzer::HTTP_Reply() { if ( http_reply ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(fmt("%.1f", reply_version))); - vl->append(val_mgr->GetCount(reply_code)); - if ( reply_reason_phrase ) - vl->append(reply_reason_phrase->Ref()); - else - vl->append(new StringVal("")); - ConnectionEvent(http_reply, vl); + ConnectionEvent(http_reply, { + BuildConnVal(), + new StringVal(fmt("%.1f", reply_version)), + val_mgr->GetCount(reply_code), + reply_reason_phrase ? + reply_reason_phrase->Ref() : + new StringVal(""), + }); } else { @@ -1524,10 +1517,10 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) if ( http_connection_upgrade ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(new StringVal(upgrade_protocol)); - ConnectionEvent(http_connection_upgrade, vl); + ConnectionEvent(http_connection_upgrade, { + BuildConnVal(), + new StringVal(upgrade_protocol), + }); } } @@ -1697,14 +1690,15 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h) Conn()->Match(rule, (const u_char*) hd_value.data, hd_value.length, is_orig, false, true, false); - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(mime::new_string_val(h->get_name())->ToUpper()); - vl->append(mime::new_string_val(h->get_value())); if ( DEBUG_http ) DEBUG_MSG("%.6f http_header\n", network_time); - ConnectionEvent(http_header, vl); + + ConnectionEvent(http_header, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + mime::new_string_val(h->get_name())->ToUpper(), + mime::new_string_val(h->get_value()), + }); } } @@ -1833,12 +1827,12 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data) { if ( http_entity_data ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(entity_data->Len())); - vl->append(new StringVal(entity_data)); - ConnectionEvent(http_entity_data, vl); + ConnectionEvent(http_entity_data, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(entity_data->Len()), + new StringVal(entity_data), + }); } else delete entity_data; diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 1832b324b2..a740ac8848 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -199,20 +199,21 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { if ( icmp_sent ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); - ConnectionEvent(icmp_sent, vl); + ConnectionEvent(icmp_sent, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + }); } if ( icmp_sent_payload ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); BroString* payload = new BroString(data, min(len, caplen), 0); - vl->append(new StringVal(payload)); - ConnectionEvent(icmp_sent_payload, vl); + + ConnectionEvent(icmp_sent_payload, { + BuildConnVal(), + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + new StringVal(payload), + }); } } @@ -511,14 +512,13 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, BroString* payload = new BroString(data, caplen, 0); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)); - vl->append(val_mgr->GetCount(iid)); - vl->append(val_mgr->GetCount(iseq)); - vl->append(new StringVal(payload)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), + val_mgr->GetCount(iid), + val_mgr->GetCount(iseq), + new StringVal(payload), + }); } @@ -534,24 +534,23 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(reachable) + (int)sizeof(retrans) ) memcpy(&retrans, data + sizeof(reachable), sizeof(retrans)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_num_addrs)); // Cur Hop Limit - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x80)); // Managed - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x40)); // Other - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x20)); // Home Agent - vl->append(val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3)); // Pref - vl->append(val_mgr->GetBool(icmpp->icmp_wpa & 0x04)); // Proxy - vl->append(val_mgr->GetCount(icmpp->icmp_wpa & 0x02)); // Reserved - vl->append(new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds)); - vl->append(new IntervalVal((double)ntohl(reachable), Milliseconds)); - vl->append(new IntervalVal((double)ntohl(retrans), Milliseconds)); - int opt_offset = sizeof(reachable) + sizeof(retrans); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_num_addrs), // Cur Hop Limit + val_mgr->GetBool(icmpp->icmp_wpa & 0x80), // Managed + val_mgr->GetBool(icmpp->icmp_wpa & 0x40), // Other + val_mgr->GetBool(icmpp->icmp_wpa & 0x20), // Home Agent + val_mgr->GetCount((icmpp->icmp_wpa & 0x18)>>3), // Pref + val_mgr->GetBool(icmpp->icmp_wpa & 0x04), // Proxy + val_mgr->GetCount(icmpp->icmp_wpa & 0x02), // Reserved + new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds), + new IntervalVal((double)ntohl(reachable), Milliseconds), + new IntervalVal((double)ntohl(retrans), Milliseconds), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -564,18 +563,17 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80)); // Router - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40)); // Solicited - vl->append(val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20)); // Override - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80), // Router + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x40), // Solicited + val_mgr->GetBool(icmpp->icmp_num_addrs & 0x20), // Override + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -588,15 +586,14 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, if ( caplen >= (int)sizeof(in6_addr) ) tgtaddr = IPAddr(*((const in6_addr*)data)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - int opt_offset = sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -612,16 +609,15 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, if ( caplen >= 2 * (int)sizeof(in6_addr) ) dstaddr = IPAddr(*((const in6_addr*)(data + sizeof(in6_addr)))); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(tgtaddr)); - vl->append(new AddrVal(dstaddr)); - int opt_offset = 2 * sizeof(in6_addr); - vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + new AddrVal(tgtaddr), + new AddrVal(dstaddr), + BuildNDOptionsVal(caplen - opt_offset, data + opt_offset), + }); } @@ -630,12 +626,11 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, { EventHandlerPtr f = icmp_router_solicitation; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(BuildNDOptionsVal(caplen, data)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildNDOptionsVal(caplen, data), + }); } @@ -657,12 +652,12 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 0, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP4Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 0, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP4Context(caplen, data), + }); } } @@ -697,12 +692,12 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, if ( f ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(val_mgr->GetCount(icmpp->icmp_code)); - vl->append(ExtractICMP6Context(caplen, data)); - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + BuildICMPVal(icmpp, len, 1, ip_hdr), + val_mgr->GetCount(icmpp->icmp_code), + ExtractICMP6Context(caplen, data), + }); } } diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index 125f2d7f64..ba32968c3b 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -83,12 +83,11 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) Weird("ident_request_addendum", s.CheckString()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - - ConnectionEvent(ident_request, vl); + ConnectionEvent(ident_request, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + }); did_deliver = 1; } @@ -144,13 +143,12 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) if ( is_error ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - - ConnectionEvent(ident_error, vl); + ConnectionEvent(ident_error, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + }); } else @@ -178,14 +176,13 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = skip_whitespace(colon + 1, end_of_line); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetPort(local_port, TRANSPORT_TCP)); - vl->append(val_mgr->GetPort(remote_port, TRANSPORT_TCP)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(new StringVal(sys_type_s)); - - ConnectionEvent(ident_reply, vl); + ConnectionEvent(ident_reply, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + new StringVal(sys_type_s), + }); } } } diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 8d9dd72774..39749a0deb 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -241,20 +241,16 @@ void InterConn_Analyzer::StatTimer(double t, int is_expire) void InterConn_Analyzer::StatEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - vl->append(orig_endp->BuildStats()); - vl->append(resp_endp->BuildStats()); - - Conn()->ConnectionEvent(interconn_stats, this, vl); + Conn()->ConnectionEvent(interconn_stats, this, { + Conn()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void InterConn_Analyzer::RemoveEvent() { - val_list* vl = new val_list; - vl->append(Conn()->BuildConnVal()); - - Conn()->ConnectionEvent(interconn_remove_conn, this, vl); + Conn()->ConnectionEvent(interconn_remove_conn, this, {Conn()->BuildConnVal()}); } InterConnTimer::InterConnTimer(double t, InterConn_Analyzer* a) diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index 25d568d627..cd48d8469c 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -233,14 +233,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_network_info, vl); + ConnectionEvent(irc_network_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -271,13 +270,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(type.c_str())); - vl->append(new StringVal(channel.c_str())); - TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { if ( parts[i][0] == '@' ) @@ -286,9 +280,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) set->Assign(idx, 0); Unref(idx); } - vl->append(set); - ConnectionEvent(irc_names_info, vl); + ConnectionEvent(irc_names_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(type.c_str()), + new StringVal(channel.c_str()), + set, + }); } break; @@ -316,14 +315,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(users)); - vl->append(val_mgr->GetInt(services)); - vl->append(val_mgr->GetInt(servers)); - - ConnectionEvent(irc_server_info, vl); + ConnectionEvent(irc_server_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(users), + val_mgr->GetInt(services), + val_mgr->GetInt(servers), + }); } break; @@ -339,12 +337,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[i] == ":channels" ) channels = atoi(parts[i - 1].c_str()); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetInt(channels)); - - ConnectionEvent(irc_channel_info, vl); + ConnectionEvent(irc_channel_info, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetInt(channels), + }); } break; @@ -372,12 +369,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(eop - prefix, prefix)); - vl->append(new StringVal(++msg)); - ConnectionEvent(irc_global_users, vl); + ConnectionEvent(irc_global_users, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(eop - prefix, prefix), + new StringVal(++msg), + }); break; } @@ -397,12 +394,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); + vl.append(new StringVal(parts[2].c_str())); parts.erase(parts.begin(), parts.begin() + 4); @@ -413,9 +410,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( real_name[0] == ':' ) real_name = real_name.substr(1); - vl->append(new StringVal(real_name.c_str())); + vl.append(new StringVal(real_name.c_str())); - ConnectionEvent(irc_whois_user_line, vl); + ConnectionEvent(irc_whois_user_line, std::move(vl)); } break; @@ -436,12 +433,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - - ConnectionEvent(irc_whois_operator_line, vl); + ConnectionEvent(irc_whois_operator_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + }); } break; @@ -467,11 +463,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); TableVal* set = new TableVal(string_set); + for ( unsigned int i = 0; i < parts.size(); ++i ) { Val* idx = new StringVal(parts[i].c_str()); @@ -479,9 +472,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - vl->append(set); - - ConnectionEvent(irc_whois_channel_line, vl); + ConnectionEvent(irc_whois_channel_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + }); } break; @@ -502,19 +498,17 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( pos < params.size() ) { string topic = params.substr(pos + 1); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[1].c_str())); - const char* t = topic.c_str(); + if ( *t == ':' ) ++t; - vl->append(new StringVal(t)); - - ConnectionEvent(irc_channel_topic, vl); + ConnectionEvent(irc_channel_topic, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[1].c_str()), + new StringVal(t), + }); } else { @@ -537,24 +531,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); if ( parts[2][0] == '~' ) parts[2] = parts[2].substr(1); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new StringVal(parts[3].c_str())); - vl->append(new StringVal(parts[4].c_str())); - vl->append(new StringVal(parts[5].c_str())); - vl->append(new StringVal(parts[6].c_str())); + if ( parts[7][0] == ':' ) parts[7] = parts[7].substr(1); - vl->append(val_mgr->GetInt(atoi(parts[7].c_str()))); - vl->append(new StringVal(parts[8].c_str())); - ConnectionEvent(irc_who_line, vl); + ConnectionEvent(irc_who_line, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new StringVal(parts[3].c_str()), + new StringVal(parts[4].c_str()), + new StringVal(parts[5].c_str()), + new StringVal(parts[6].c_str()), + val_mgr->GetInt(atoi(parts[7].c_str())), + new StringVal(parts[8].c_str()), + }); } break; @@ -565,10 +560,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 436: if ( irc_invalid_nick ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - ConnectionEvent(irc_invalid_nick, vl); + ConnectionEvent(irc_invalid_nick, { + BuildConnVal(), + val_mgr->GetBool(orig), + }); } break; @@ -577,11 +572,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 491: // user is not operator if ( irc_oper_response ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetBool(code == 381)); - ConnectionEvent(irc_oper_response, vl); + ConnectionEvent(irc_oper_response, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetBool(code == 381), + }); } break; @@ -592,14 +587,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // All other server replies. default: - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(val_mgr->GetCount(code)); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_reply, vl); + ConnectionEvent(irc_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + val_mgr->GetCount(code), + new StringVal(params.c_str()), + }); break; } return; @@ -662,33 +656,31 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) raw_ip = (10 * raw_ip) + atoi(s.c_str()); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(parts[1].c_str())); - vl->append(new StringVal(parts[2].c_str())); - vl->append(new AddrVal(htonl(raw_ip))); - vl->append(val_mgr->GetCount(atoi(parts[4].c_str()))); - if ( parts.size() >= 6 ) - vl->append(val_mgr->GetCount(atoi(parts[5].c_str()))); - else - vl->append(val_mgr->GetCount(0)); - ConnectionEvent(irc_dcc_message, vl); + ConnectionEvent(irc_dcc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new AddrVal(htonl(raw_ip)), + val_mgr->GetCount(atoi(parts[4].c_str())), + parts.size() >= 6 ? + val_mgr->GetCount(atoi(parts[5].c_str())) : + val_mgr->GetCount(0), + }); } else { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_privmsg_message, vl); + ConnectionEvent(irc_privmsg_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } } @@ -707,14 +699,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_notice_message, vl); + ConnectionEvent(irc_notice_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_squery_message && command == "SQUERY" ) @@ -732,35 +723,34 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(target.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squery_message, vl); + ConnectionEvent(irc_squery_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_user_message && command == "USER" ) { // extract username and real name vector parts = SplitWords(params, ' '); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[0].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 1 ) - vl->append(new StringVal(parts[1].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[1].c_str())); + else vl.append(val_mgr->GetEmptyString()); if ( parts.size() > 2 ) - vl->append(new StringVal(parts[2].c_str())); - else vl->append(val_mgr->GetEmptyString()); + vl.append(new StringVal(parts[2].c_str())); + else vl.append(val_mgr->GetEmptyString()); string realname; for ( unsigned int i = 3; i < parts.size(); i++ ) @@ -771,9 +761,9 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } const char* name = realname.c_str(); - vl->append(new StringVal(*name == ':' ? name + 1 : name)); + vl.append(new StringVal(*name == ':' ? name + 1 : name)); - ConnectionEvent(irc_user_message, vl); + ConnectionEvent(irc_user_message, std::move(vl)); } else if ( irc_oper_message && command == "OPER" ) @@ -782,13 +772,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); if ( parts.size() == 2 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_oper_message, vl); + ConnectionEvent(irc_oper_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else @@ -805,12 +794,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); + val_list vl(6); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(orig)); + vl.append(new StringVal(prefix.c_str())); + vl.append(new StringVal(parts[0].c_str())); + vl.append(new StringVal(parts[1].c_str())); if ( parts.size() > 2 ) { string comment = parts[2]; @@ -820,12 +809,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( comment[0] == ':' ) comment = comment.substr(1); - vl->append(new StringVal(comment.c_str())); + vl.append(new StringVal(comment.c_str())); } else - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); - ConnectionEvent(irc_kick_message, vl); + ConnectionEvent(irc_kick_message, std::move(vl)); } else if ( irc_join_message && command == "JOIN" ) @@ -849,11 +838,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + vector channels = SplitWords(parts[0], ','); vector passwords; @@ -876,9 +862,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEvent(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_join_message && command == "NJOIN" ) @@ -895,12 +883,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) parts[1] = parts[1].substr(1); vector users = SplitWords(parts[1], ','); - - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - TableVal* list = new TableVal(irc_join_list); + string empty_string = ""; for ( unsigned int i = 0; i < users.size(); ++i ) @@ -939,9 +923,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - vl->append(list); - - ConnectionEvent(irc_join_message, vl); + ConnectionEvent(irc_join_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + list, + }); } else if ( irc_part_message && command == "PART" ) @@ -977,14 +963,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nick.c_str())); - vl->append(set); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_part_message, vl); + ConnectionEvent(irc_part_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nick.c_str()), + set, + new StringVal(message.c_str()), + }); } else if ( irc_quit_message && command == "QUIT" ) @@ -1001,13 +986,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(nickname.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_quit_message, vl); + ConnectionEvent(irc_quit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(nickname.c_str()), + new StringVal(message.c_str()), + }); } else if ( irc_nick_message && command == "NICK" ) @@ -1016,13 +1000,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( nick[0] == ':' ) nick = nick.substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(nick.c_str())); - - ConnectionEvent(irc_nick_message, vl); + ConnectionEvent(irc_nick_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(nick.c_str()) + }); } else if ( irc_who_message && command == "WHO" ) @@ -1042,16 +1025,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0].size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - if ( parts.size() > 0 ) - vl->append(new StringVal(parts[0].c_str())); - else - vl->append(val_mgr->GetEmptyString()); - vl->append(val_mgr->GetBool(oper)); - - ConnectionEvent(irc_who_message, vl); + ConnectionEvent(irc_who_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + parts.size() > 0 ? + new StringVal(parts[0].c_str()) : + val_mgr->GetEmptyString(), + val_mgr->GetBool(oper), + }); } else if ( irc_whois_message && command == "WHOIS" ) @@ -1074,26 +1055,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else users = parts[0]; - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(users.c_str())); - - ConnectionEvent(irc_whois_message, vl); + ConnectionEvent(irc_whois_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(server.c_str()), + new StringVal(users.c_str()), + }); } else if ( irc_error_message && command == "ERROR" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); if ( params[0] == ':' ) params = params.substr(1); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_error_message, vl); + ConnectionEvent(irc_error_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else if ( irc_invite_message && command == "INVITE" ) @@ -1104,14 +1084,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[1].size() > 0 && parts[1][0] == ':' ) parts[1] = parts[1].substr(1); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(parts[0].c_str())); - vl->append(new StringVal(parts[1].c_str())); - - ConnectionEvent(irc_invite_message, vl); + ConnectionEvent(irc_invite_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(parts[0].c_str()), + new StringVal(parts[1].c_str()), + }); } else Weird("irc_invalid_invite_message_format"); @@ -1121,13 +1100,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( params.size() > 0 ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_mode_message, vl); + ConnectionEvent(irc_mode_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(params.c_str()), + }); } else @@ -1136,11 +1114,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else if ( irc_password_message && command == "PASS" ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(params.c_str())); - ConnectionEvent(irc_password_message, vl); + ConnectionEvent(irc_password_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(params.c_str()), + }); } else if ( irc_squit_message && command == "SQUIT" ) @@ -1158,14 +1136,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(server.c_str())); - vl->append(new StringVal(message.c_str())); - - ConnectionEvent(irc_squit_message, vl); + ConnectionEvent(irc_squit_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(server.c_str()), + new StringVal(message.c_str()), + }); } @@ -1173,14 +1150,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_request ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_request, vl); + ConnectionEvent(irc_request, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1188,14 +1164,13 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_message ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(prefix.c_str())); - vl->append(new StringVal(command.c_str())); - vl->append(new StringVal(params.c_str())); - - ConnectionEvent(irc_message, vl); + ConnectionEvent(irc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(command.c_str()), + new StringVal(params.c_str()), + }); } } @@ -1224,10 +1199,7 @@ void IRC_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(irc_starttls, vl); + ConnectionEvent(irc_starttls, {BuildConnVal()}); } vector IRC_Analyzer::SplitWords(const string input, const char split) diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index f8eb233a29..326c126ae9 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -289,9 +289,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) { if ( authentication_skipped ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - ConnectionEvent(authentication_skipped, vl); + ConnectionEvent(authentication_skipped, {BuildConnVal()}); } state = LOGIN_STATE_SKIP; @@ -334,32 +332,26 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_terminal && streq(name, "TERM") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_display && streq(name, "DISPLAY") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_display, vl); + ConnectionEvent(login_display, { + BuildConnVal(), + new StringVal(val), + }); } else if ( login_prompt && streq(name, "TTYPROMPT") ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(val)); - - ConnectionEvent(login_prompt, vl); + ConnectionEvent(login_prompt, { + BuildConnVal(), + new StringVal(val), + }); } } @@ -433,15 +425,13 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, Val* password = HaveTypeahead() ? PopUserTextVal() : new StringVal(""); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(username->Ref()); - vl->append(client_name ? client_name->Ref() : val_mgr->GetEmptyString()); - vl->append(password); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + username->Ref(), + client_name ? client_name->Ref() : val_mgr->GetEmptyString(), + password, + new StringVal(line), + }); } const char* Login_Analyzer::GetUsername(const char* line) const @@ -454,12 +444,10 @@ const char* Login_Analyzer::GetUsername(const char* line) const void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - - ConnectionEvent(f, vl); + ConnectionEvent(f, { + BuildConnVal(), + new StringVal(line), + }); } @@ -469,12 +457,11 @@ void Login_Analyzer::Confused(const char* msg, const char* line) if ( login_confused ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(msg)); - vl->append(new StringVal(line)); - - ConnectionEvent(login_confused, vl); + ConnectionEvent(login_confused, { + BuildConnVal(), + new StringVal(msg), + new StringVal(line), + }); } if ( login_confused_text ) @@ -496,10 +483,10 @@ void Login_Analyzer::ConfusionText(const char* line) { if ( login_confused_text ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(line)); - ConnectionEvent(login_confused_text, vl); + ConnectionEvent(login_confused_text, { + BuildConnVal(), + new StringVal(line), + }); } } diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 11952103bf..53ad3c202d 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -461,11 +461,10 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len) { if ( login_terminal ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(new BroString(terminal, len, 0))); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(new BroString(terminal, len, 0)), + }); } } diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 0afacb2f2b..4688bf9280 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -156,31 +156,38 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { Login_Analyzer::DeliverStream(len, data, orig); + if ( orig ) + { + if ( ! rsh_request ) + return; + } + else + { + if ( ! rsh_reply ) + return; + } + + val_list vl(4 + orig); const char* line = (const char*) data; - val_list* vl = new val_list; - line = skip_whitespace(line); - vl->append(BuildConnVal()); - vl->append(client_name ? client_name->Ref() : new StringVal("")); - vl->append(username ? username->Ref() : new StringVal("")); - vl->append(new StringVal(line)); + vl.append(BuildConnVal()); + vl.append(client_name ? client_name->Ref() : new StringVal("")); + vl.append(username ? username->Ref() : new StringVal("")); + vl.append(new StringVal(line)); - if ( orig && rsh_request ) + if ( orig ) { if ( contents_orig->RshSaveState() == RSH_SERVER_USER_NAME ) // First input - vl->append(val_mgr->GetTrue()); + vl.append(val_mgr->GetTrue()); else - vl->append(val_mgr->GetFalse()); + vl.append(val_mgr->GetFalse()); - ConnectionEvent(rsh_request, vl); + ConnectionEvent(rsh_request, std::move(vl)); } - else if ( rsh_reply ) - ConnectionEvent(rsh_reply, vl); - else - delete_vals(vl); + ConnectionEvent(rsh_reply, std::move(vl)); } void Rsh_Analyzer::ClientUserName(const char* s) diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 6979148676..10d9e23e91 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -244,11 +244,9 @@ void Rlogin_Analyzer::TerminalType(const char* s) { if ( login_terminal ) { - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(new StringVal(s)); - - ConnectionEvent(login_terminal, vl); + ConnectionEvent(login_terminal, { + BuildConnVal(), + new StringVal(s), + }); } } diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 931e155fdf..edb5316bac 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1358,11 +1358,11 @@ void MIME_Mail::Done() hash_final(md5_hash, digest); md5_hash = nullptr; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(content_hash_length)); - vl->append(new StringVal(new BroString(1, digest, 16))); - analyzer->ConnectionEvent(mime_content_hash, vl); + analyzer->ConnectionEvent(mime_content_hash, { + analyzer->BuildConnVal(), + val_mgr->GetCount(content_hash_length), + new StringVal(new BroString(1, digest, 16)), + }); } MIME_Message::Done(); @@ -1386,11 +1386,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */) cur_entity_id.clear(); if ( mime_begin_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_begin_entity, vl); - } + analyzer->ConnectionEvent(mime_begin_entity, {analyzer->BuildConnVal()}); buffer_start = data_start = 0; ASSERT(entity_content.size() == 0); @@ -1402,12 +1398,12 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) { BroString* s = concatenate(entity_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - analyzer->ConnectionEvent(mime_entity_data, vl); + analyzer->ConnectionEvent(mime_entity_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); if ( ! mime_all_data ) delete_strings(entity_content); @@ -1416,11 +1412,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) } if ( mime_end_entity ) - { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - analyzer->ConnectionEvent(mime_end_entity, vl); - } + analyzer->ConnectionEvent(mime_end_entity, {analyzer->BuildConnVal()}); file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); @@ -1430,10 +1422,10 @@ void MIME_Mail::SubmitHeader(MIME_Header* h) { if ( mime_one_header ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderVal(h)); - analyzer->ConnectionEvent(mime_one_header, vl); + analyzer->ConnectionEvent(mime_one_header, { + analyzer->BuildConnVal(), + BuildHeaderVal(h), + }); } } @@ -1441,10 +1433,10 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist) { if ( mime_all_headers ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(BuildHeaderTable(hlist)); - analyzer->ConnectionEvent(mime_all_headers, vl); + analyzer->ConnectionEvent(mime_all_headers, { + analyzer->BuildConnVal(), + BuildHeaderTable(hlist), + }); } } @@ -1478,11 +1470,11 @@ void MIME_Mail::SubmitData(int len, const char* buf) const char* data = (char*) data_buffer->Bytes() + data_start; int data_len = (buf + len) - data; - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(data_len)); - vl->append(new StringVal(data_len, data)); - analyzer->ConnectionEvent(mime_segment_data, vl); + analyzer->ConnectionEvent(mime_segment_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(data_len), + new StringVal(data_len, data), + }); } cur_entity_id = file_mgr->DataIn(reinterpret_cast(buf), len, @@ -1525,12 +1517,11 @@ void MIME_Mail::SubmitAllData() BroString* s = concatenate(all_content); delete_strings(all_content); - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(s->Len())); - vl->append(new StringVal(s)); - - analyzer->ConnectionEvent(mime_all_data, vl); + analyzer->ConnectionEvent(mime_all_data, { + analyzer->BuildConnVal(), + val_mgr->GetCount(s->Len()), + new StringVal(s), + }); } } @@ -1555,10 +1546,10 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) if ( mime_event ) { - val_list* vl = new val_list(); - vl->append(analyzer->BuildConnVal()); - vl->append(new StringVal(category)); - vl->append(new StringVal(detail)); - analyzer->ConnectionEvent(mime_event, vl); + analyzer->ConnectionEvent(mime_event, { + analyzer->BuildConnVal(), + new StringVal(category), + new StringVal(detail), + }); } } diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index b59358b703..ceb480292b 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -61,21 +61,27 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) EventHandlerPtr f = frame->is_orig() ? ncp_request : ncp_reply; if ( f ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(frame->frame_type())); - vl->append(val_mgr->GetCount(frame->body_length())); - if ( frame->is_orig() ) - vl->append(val_mgr->GetCount(req_func)); + { + analyzer->ConnectionEvent(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_func), + }); + } else { - vl->append(val_mgr->GetCount(req_frame_type)); - vl->append(val_mgr->GetCount(req_func)); - vl->append(val_mgr->GetCount(frame->reply()->completion_code())); + analyzer->ConnectionEvent(f, { + analyzer->BuildConnVal(), + val_mgr->GetCount(frame->frame_type()), + val_mgr->GetCount(frame->body_length()), + val_mgr->GetCount(req_frame_type), + val_mgr->GetCount(req_func), + val_mgr->GetCount(frame->reply()->completion_code()), + }); } - analyzer->ConnectionEvent(f, vl); } } diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 492375b7aa..5dc07f7d0d 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -58,12 +58,12 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { if ( netbios_session_message ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_query)); - vl->append(val_mgr->GetCount(type)); - vl->append(val_mgr->GetCount(len)); - analyzer->ConnectionEvent(netbios_session_message, vl); + analyzer->ConnectionEvent(netbios_session_message, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_query), + val_mgr->GetCount(type), + val_mgr->GetCount(len), + }); } switch ( type ) { @@ -328,13 +328,19 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, if ( ! event ) return; - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); if ( is_orig >= 0 ) - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(new BroString(data, len, 0))); - - analyzer->ConnectionEvent(event, vl); + { + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(new BroString(data, len, 0)), + }); + } + else + analyzer->ConnectionEvent(event, { + analyzer->BuildConnVal(), + new StringVal(new BroString(data, len, 0)), + }); } diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index 631d5bc3e9..2e6988d13f 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -78,12 +78,11 @@ void NTP_Analyzer::Message(const u_char* data, int len) msg->Assign(9, new Val(LongFloat(ntp_data->rec), TYPE_TIME)); msg->Assign(10, new Val(LongFloat(ntp_data->xmt), TYPE_TIME)); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(msg); - vl->append(new StringVal(new BroString(data, len, 0))); - - ConnectionEvent(ntp_message, vl); + ConnectionEvent(ntp_message, { + BuildConnVal(), + msg, + new StringVal(new BroString(data, len, 0)), + }); } double NTP_Analyzer::ShortFloat(struct s_fixedpt fp) diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 2cd5041a70..e7ccf3907c 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -833,10 +833,7 @@ void POP3_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(pop3_starttls, vl); + ConnectionEvent(pop3_starttls, {BuildConnVal()}); } void POP3_Analyzer::AuthSuccessfull() @@ -926,14 +923,14 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, if ( ! event ) return; - val_list* vl = new val_list; + val_list vl(2 + (bool)arg1 + (bool)arg2); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); + vl.append(BuildConnVal()); + vl.append(val_mgr->GetBool(is_orig)); if ( arg1 ) - vl->append(new StringVal(arg1)); + vl.append(new StringVal(arg1)); if ( arg2 ) - vl->append(new StringVal(arg2)); + vl.append(new StringVal(arg2)); - ConnectionEvent(event, vl); + ConnectionEvent(event, std::move(vl)); } diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 604d2e3ed1..1cea8e0211 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -93,9 +93,9 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status if ( mount_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(mount_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEvent(mount_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -162,34 +162,34 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, mount_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, mount_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, std::move(vl)); } else Unref(reply); return 1; } -val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, +val_list MOUNT_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and mount3_info. // These are the first parameters for each mount_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for (size_t i = 0; i < c->AuxGIDs().size(); ++i) @@ -212,7 +212,7 @@ val_list* MOUNT_Interp::event_common_vl(RPC_CallInfo *c, info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/MOUNT.h b/src/analyzer/protocol/rpc/MOUNT.h index 42da4f61ed..7c243f96a0 100644 --- a/src/analyzer/protocol/rpc/MOUNT.h +++ b/src/analyzer/protocol/rpc/MOUNT.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // mount_status. These are the first parameters for each mount_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::MOUNT3::status_t mount_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate MOUNTv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index ff16812d65..3453263dd0 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -147,9 +147,9 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, if ( nfs_reply_status ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - analyzer->ConnectionEvent(nfs_reply_status, vl); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, 0); + analyzer->ConnectionEvent(nfs_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -274,18 +274,18 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, // optional and all are set to 0 ... if ( event ) { - val_list* vl = event_common_vl(c, rpc_status, nfs_status, - start_time, last_time, reply_len); - Val *request = c->TakeRequestVal(); + auto vl = event_common_vl(c, rpc_status, nfs_status, + start_time, last_time, reply_len, (bool)request + (bool)reply); + if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); - analyzer->ConnectionEvent(event, vl); + analyzer->ConnectionEvent(event, std::move(vl)); } else Unref(reply); @@ -317,15 +317,15 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse return 0; } -val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, +val_list NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, - double rep_last_time, int reply_len) + double rep_last_time, int reply_len, int extra_elements) { // Returns a new val_list that already has a conn_val, and nfs3_info. // These are the first parameters for each nfs_* event ... - val_list *vl = new val_list; - vl->append(analyzer->BuildConnVal()); + val_list vl(2 + extra_elements); + vl.append(analyzer->BuildConnVal()); VectorVal* auxgids = new VectorVal(internal_type("index_vec")->AsVectorType()); for ( size_t i = 0; i < c->AuxGIDs().size(); ++i ) @@ -346,7 +346,7 @@ val_list* NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_s info->Assign(11, new StringVal(c->MachineName())); info->Assign(12, auxgids); - vl->append(info); + vl.append(info); return vl; } diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index 2ec4047946..56a368bfdc 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -22,10 +22,10 @@ protected: // Returns a new val_list that already has a conn_val, rpc_status and // nfs_status. These are the first parameters for each nfs_* event // ... - val_list* event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, + val_list event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status, BifEnum::NFS3::status_t nfs_status, double rep_start_time, double rep_last_time, - int reply_len); + int reply_len, int extra_elements); // These methods parse the appropriate NFSv3 "type" out of buf. If // there are any errors (i.e., buffer to short, etc), buf will be set diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 95beab6b62..8333f615fa 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -261,10 +261,10 @@ uint32 PortmapperInterp::CheckPort(uint32 port) { if ( pm_bad_port ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(port)); - analyzer->ConnectionEvent(pm_bad_port, vl); + analyzer->ConnectionEvent(pm_bad_port, { + analyzer->BuildConnVal(), + val_mgr->GetCount(port), + }); } port = 0; @@ -282,25 +282,25 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu return; } - val_list* vl = new val_list; + val_list vl; - vl->append(analyzer->BuildConnVal()); + vl.append(analyzer->BuildConnVal()); if ( status == BifEnum::RPC_SUCCESS ) { if ( request ) - vl->append(request); + vl.append(request); if ( reply ) - vl->append(reply); + vl.append(reply); } else { - vl->append(BifType::Enum::rpc_status->GetVal(status)); + vl.append(BifType::Enum::rpc_status->GetVal(status)); if ( request ) - vl->append(request); + vl.append(request); } - analyzer->ConnectionEvent(f, vl); + analyzer->ConnectionEvent(f, std::move(vl)); } Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn) diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 5bd748d1ea..781ba20681 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -330,16 +330,16 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { if ( rpc_dialogue ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(new Val(c->StartTime(), TYPE_TIME)); - vl->append(val_mgr->GetCount(c->CallLen())); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_dialogue, vl); + analyzer->ConnectionEvent(rpc_dialogue, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + BifType::Enum::rpc_status->GetVal(status), + new Val(c->StartTime(), TYPE_TIME), + val_mgr->GetCount(c->CallLen()), + val_mgr->GetCount(reply_len), + }); } } @@ -347,14 +347,14 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { if ( rpc_call ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(c->XID())); - vl->append(val_mgr->GetCount(c->Program())); - vl->append(val_mgr->GetCount(c->Version())); - vl->append(val_mgr->GetCount(c->Proc())); - vl->append(val_mgr->GetCount(c->CallLen())); - analyzer->ConnectionEvent(rpc_call, vl); + analyzer->ConnectionEvent(rpc_call, { + analyzer->BuildConnVal(), + val_mgr->GetCount(c->XID()), + val_mgr->GetCount(c->Program()), + val_mgr->GetCount(c->Version()), + val_mgr->GetCount(c->Proc()), + val_mgr->GetCount(c->CallLen()), + }); } } @@ -362,12 +362,12 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { if ( rpc_reply ) { - val_list* vl = new val_list; - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetCount(xid)); - vl->append(BifType::Enum::rpc_status->GetVal(status)); - vl->append(val_mgr->GetCount(reply_len)); - analyzer->ConnectionEvent(rpc_reply, vl); + analyzer->ConnectionEvent(rpc_reply, { + analyzer->BuildConnVal(), + val_mgr->GetCount(xid), + BifType::Enum::rpc_status->GetVal(status), + val_mgr->GetCount(reply_len), + }); } } diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 6b92484431..dff1677fc3 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -220,11 +220,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( smtp_data && ! skip_data ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(new StringVal(data_len, line)); - ConnectionEvent(smtp_data, vl); + ConnectionEvent(smtp_data, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(data_len, line), + }); } } @@ -350,15 +350,14 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) break; } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig)); - vl->append(val_mgr->GetCount(reply_code)); - vl->append(new StringVal(cmd)); - vl->append(new StringVal(end_of_line - line, line)); - vl->append(val_mgr->GetBool((pending_reply > 0))); - - ConnectionEvent(smtp_reply, vl); + ConnectionEvent(smtp_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + val_mgr->GetCount(reply_code), + new StringVal(cmd), + new StringVal(end_of_line - line, line), + val_mgr->GetBool((pending_reply > 0)), + }); } } @@ -411,10 +410,7 @@ void SMTP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - - ConnectionEvent(smtp_starttls, vl); + ConnectionEvent(smtp_starttls, {BuildConnVal()}); } @@ -856,14 +852,12 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, int arg_len, const char* arg) { ProtocolConfirmation(); - val_list* vl = new val_list; - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(orig_is_sender)); - vl->append((new StringVal(cmd_len, cmd))->ToUpper()); - vl->append(new StringVal(arg_len, arg)); - - ConnectionEvent(smtp_request, vl); + ConnectionEvent(smtp_request, { + BuildConnVal(), + val_mgr->GetBool(orig_is_sender), + (new StringVal(cmd_len, cmd))->ToUpper(), + new StringVal(arg_len, arg), + }); } void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, @@ -874,17 +868,16 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, if ( smtp_unexpected ) { - val_list* vl = new val_list; int is_orig = is_sender; if ( ! orig_is_sender ) is_orig = ! is_orig; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(msg)); - vl->append(new StringVal(detail_len, detail)); - - ConnectionEvent(smtp_unexpected, vl); + ConnectionEvent(smtp_unexpected, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(msg), + new StringVal(detail_len, detail), + }); } } diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 3035a0b1a5..f4b4f78c89 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -139,25 +139,20 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2) if ( ! f ) return; - val_list* vl = new val_list; - - vl->append(val_mgr->GetInt(id1)); - if ( id2 >= 0 ) - vl->append(val_mgr->GetInt(id2)); + endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); + else + endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1)}); - endp->TCP()->ConnectionEvent(f, vl); } void SteppingStoneEndpoint::CreateEndpEvent(int is_orig) { - val_list* vl = new val_list; - - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetInt(stp_id)); - vl->append(val_mgr->GetBool(is_orig)); - - endp->TCP()->ConnectionEvent(stp_create_endp, vl); + endp->TCP()->ConnectionEvent(stp_create_endp, { + endp->TCP()->BuildConnVal(), + val_mgr->GetInt(stp_id), + val_mgr->GetBool(is_orig), + }); } SteppingStone_Analyzer::SteppingStone_Analyzer(Connection* c) diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 9329b103ed..a90e0f32c4 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -299,11 +299,11 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig, if ( OS_val ) { // found new OS version - val_list* vl = new val_list; - vl->append(tcp->BuildConnVal()); - vl->append(src_addr_val->Ref()); - vl->append(OS_val); - tcp->ConnectionEvent(OS_version_found, vl); + tcp->ConnectionEvent(OS_version_found, { + tcp->BuildConnVal(), + src_addr_val->Ref(), + OS_val, + }); } } @@ -965,20 +965,17 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - val_list* vl = new val_list(); - - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(flags.AsString())); - vl->append(val_mgr->GetCount(rel_seq)); - vl->append(val_mgr->GetCount(flags.ACK() ? rel_ack : 0)); - vl->append(val_mgr->GetCount(len)); - - // We need the min() here because Ethernet padding can lead to - // caplen > len. - vl->append(new StringVal(min(caplen, len), (const char*) data)); - - ConnectionEvent(tcp_packet, vl); + ConnectionEvent(tcp_packet, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(flags.AsString()), + val_mgr->GetCount(rel_seq), + val_mgr->GetCount(flags.ACK() ? rel_ack : 0), + val_mgr->GetCount(len), + // We need the min() here because Ethernet padding can lead to + // caplen > len. + new StringVal(min(caplen, len), (const char*) data), + }); } int TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen, @@ -1283,10 +1280,10 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( connection_SYN_packet ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(SYN_vals->Ref()); - ConnectionEvent(connection_SYN_packet, vl); + ConnectionEvent(connection_SYN_packet, { + BuildConnVal(), + SYN_vals->Ref(), + }); } passive_fingerprint(this, is_orig, ip, tp, tcp_hdr_len); @@ -1503,14 +1500,12 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt, { if ( tcp_option ) { - val_list* vl = new val_list(); - - vl->append(analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(val_mgr->GetCount(opt)); - vl->append(val_mgr->GetCount(optlen)); - - analyzer->ConnectionEvent(tcp_option, vl); + analyzer->ConnectionEvent(tcp_option, { + analyzer->BuildConnVal(), + val_mgr->GetBool(is_orig), + val_mgr->GetCount(opt), + val_mgr->GetCount(optlen), + }); } return 0; @@ -1826,10 +1821,10 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { if ( connection_EOF ) { - val_list* vl = new val_list(); - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - ConnectionEvent(connection_EOF, vl); + ConnectionEvent(connection_EOF, { + BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + }); } const analyzer_list& children(GetChildren()); @@ -2108,15 +2103,14 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, if ( tcp_rexmit ) { - val_list* vl = new val_list(); - vl->append(endp->TCP()->BuildConnVal()); - vl->append(val_mgr->GetBool(endp->IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - vl->append(val_mgr->GetCount(data_in_flight)); - vl->append(val_mgr->GetCount(endp->peer->window)); - - endp->TCP()->ConnectionEvent(tcp_rexmit, vl); + endp->TCP()->ConnectionEvent(tcp_rexmit, { + endp->TCP()->BuildConnVal(), + val_mgr->GetBool(endp->IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + val_mgr->GetCount(data_in_flight), + val_mgr->GetCount(endp->peer->window), + }); } } else @@ -2164,11 +2158,11 @@ void TCPStats_Analyzer::Done() { TCP_ApplicationAnalyzer::Done(); - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(orig_stats->BuildStats()); - vl->append(resp_stats->BuildStats()); - ConnectionEvent(conn_stats, vl); + ConnectionEvent(conn_stats, { + BuildConnVal(), + orig_stats->BuildStats(), + resp_stats->BuildStats(), + }); } void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen) diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 7e7b316e10..ce58398f2d 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -237,11 +237,11 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal(buf)); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal(buf), + }); } } } diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index ef68f621b5..5ad6d2e460 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -136,12 +136,12 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) if ( report_gap(endp, endp->peer) ) { - val_list* vl = new val_list; - vl->append(dst_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(val_mgr->GetCount(len)); - dst_analyzer->ConnectionEvent(content_gap, vl); + dst_analyzer->ConnectionEvent(content_gap, { + dst_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + val_mgr->GetCount(len), + }); } if ( type == Direct ) @@ -335,11 +335,11 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler content write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler content write failure"), + }); } } @@ -352,11 +352,11 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) if ( contents_file_write_failure ) { - val_list* vl = new val_list(); - vl->append(Endpoint()->Conn()->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(new StringVal("TCP reassembler gap write failure")); - tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl); + tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + Endpoint()->Conn()->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + new StringVal("TCP reassembler gap write failure"), + }); } } @@ -425,12 +425,12 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - val_list* vl = new val_list(3); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(new StringVal(b1_s)); - vl->append(new StringVal(b2_s)); - vl->append(new StringVal(flags.AsString())); - tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl); + tcp_analyzer->ConnectionEvent(rexmit_inconsistency, { + tcp_analyzer->BuildConnVal(), + new StringVal(b1_s), + new StringVal(b2_s), + new StringVal(flags.AsString()), + }); } } @@ -596,13 +596,12 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data) if ( deliver_tcp_contents ) { - val_list* vl = new val_list(); - vl->append(tcp_analyzer->BuildConnVal()); - vl->append(val_mgr->GetBool(IsOrig())); - vl->append(val_mgr->GetCount(seq)); - vl->append(new StringVal(len, (const char*) data)); - - tcp_analyzer->ConnectionEvent(tcp_contents, vl); + tcp_analyzer->ConnectionEvent(tcp_contents, { + tcp_analyzer->BuildConnVal(), + val_mgr->GetBool(IsOrig()), + val_mgr->GetCount(seq), + new StringVal(len, (const char*) data), + }); } // Q. Can we say this because it is already checked in DataSent()? diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index ca144941b6..6123c42e91 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -157,11 +157,11 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( do_udp_contents ) { - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - vl->append(new StringVal(len, (const char*) data)); - ConnectionEvent(udp_contents, vl); + ConnectionEvent(udp_contents, { + BuildConnVal(), + val_mgr->GetBool(is_orig), + new StringVal(len, (const char*) data), + }); } Unref(port_val); diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index d31198ced7..c9d1d7a1e3 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -540,9 +540,11 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int std::string serial_data(data, len); free(data); - val_list vl(2); - vl.append(stream->Ref()); - vl.append(new StringVal(path)); + val_list vl{ + stream->Ref(), + new StringVal(path), + }; + Val* v = log_topic_func->Call(&vl); if ( ! v ) @@ -993,7 +995,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) return; } - auto vl = new val_list; + val_list vl(args.size()); for ( auto i = 0u; i < args.size(); ++i ) { @@ -1002,7 +1004,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) auto val = data_to_val(std::move(args[i]), expected_type); if ( val ) - vl->append(val); + vl.append(val); else { reporter->Warning("failed to convert remote event '%s' arg #%d," @@ -1013,10 +1015,13 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } } - if ( static_cast(vl->length()) == args.size() ) - mgr.QueueEvent(handler, vl, SOURCE_BROKER); + if ( static_cast(vl.length()) == args.size() ) + mgr.QueueEvent(handler, std::move(vl), SOURCE_BROKER); else - delete_vals(vl); + { + loop_over_list(vl, i) + Unref(vl[i]); + } } bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) @@ -1270,11 +1275,7 @@ void Manager::ProcessStatus(broker::status stat) auto str = stat.message(); auto msg = new StringVal(str ? *str : ""); - auto vl = new val_list; - vl->append(endpoint_info); - vl->append(msg); - - mgr.QueueEvent(event, vl); + mgr.QueueEvent(event, {endpoint_info, msg}); } void Manager::ProcessError(broker::error err) @@ -1351,10 +1352,10 @@ void Manager::ProcessError(broker::error err) msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); } - auto vl = new val_list; - vl->append(BifType::Enum::Broker::ErrorCode->GetVal(ec)); - vl->append(new StringVal(msg)); - mgr.QueueEvent(Broker::error, vl); + mgr.QueueEvent(Broker::error, { + BifType::Enum::Broker::ErrorCode->GetVal(ec), + new StringVal(msg), + }); } void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response response) diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index ec7696c752..d80f3742b6 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -183,9 +183,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::rr_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) @@ -226,9 +224,7 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool if ( ! topic_func ) topic_func = global_scope()->Lookup("Cluster::hrw_topic")->ID_Val()->AsFunc(); - val_list vl(2); - vl.append(pool->Ref()); - vl.append(key->Ref()); + val_list vl{pool->Ref(), key->Ref()}; auto topic = topic_func->Call(&vl); if ( ! topic->AsString()->Len() ) diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 641943909e..faa6b280b0 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -154,11 +154,11 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) { if ( conn && FileEventAvailable(file_over_new_connection) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(conn->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - FileEvent(file_over_new_connection, vl); + FileEvent(file_over_new_connection, { + val->Ref(), + conn->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); } } @@ -303,13 +303,11 @@ bool File::SetMime(const string& mime_type) if ( ! FileEventAvailable(file_sniff) ) return false; - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); meta->Assign(meta_mime_type_idx, new StringVal(mime_type)); meta->Assign(meta_inferred_idx, val_mgr->GetBool(0)); - FileEvent(file_sniff, vl); + + FileEvent(file_sniff, {val->Ref(), meta}); return true; } @@ -338,10 +336,7 @@ void File::InferMetadata() len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx)); file_mgr->DetectMIME(data, len, &matches); - val_list* vl = new val_list(); - vl->append(val->Ref()); RecordVal* meta = new RecordVal(fa_metadata_type); - vl->append(meta); if ( ! matches.empty() ) { @@ -351,7 +346,7 @@ void File::InferMetadata() file_analysis::GenMIMEMatchesVal(matches)); } - FileEvent(file_sniff, vl); + FileEvent(file_sniff, {val->Ref(), meta}); return; } @@ -463,11 +458,11 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset) if ( FileEventAvailable(file_reassembly_overflow) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(current_offset)); - vl->append(val_mgr->GetCount(gap_bytes)); - FileEvent(file_reassembly_overflow, vl); + FileEvent(file_reassembly_overflow, { + val->Ref(), + val_mgr->GetCount(current_offset), + val_mgr->GetCount(gap_bytes), + }); } } @@ -608,11 +603,11 @@ void File::Gap(uint64 offset, uint64 len) if ( FileEventAvailable(file_gap) ) { - val_list* vl = new val_list(); - vl->append(val->Ref()); - vl->append(val_mgr->GetCount(offset)); - vl->append(val_mgr->GetCount(len)); - FileEvent(file_gap, vl); + FileEvent(file_gap, { + val->Ref(), + val_mgr->GetCount(offset), + val_mgr->GetCount(len), + }); } analyzers.DrainModifications(); @@ -631,14 +626,18 @@ void File::FileEvent(EventHandlerPtr h) if ( ! FileEventAvailable(h) ) return; - val_list* vl = new val_list(); - vl->append(val->Ref()); - FileEvent(h, vl); + FileEvent(h, {val->Ref()}); } void File::FileEvent(EventHandlerPtr h, val_list* vl) { - mgr.QueueEvent(h, vl); + FileEvent(h, std::move(*vl)); + delete vl; + } + +void File::FileEvent(EventHandlerPtr h, val_list vl) + { + mgr.QueueEvent(h, std::move(vl)); if ( h == file_new || h == file_over_new_connection || h == file_sniff || diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 0c4c313f06..54517b53ba 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -172,6 +172,12 @@ public: */ void FileEvent(EventHandlerPtr h, val_list* vl); + /** + * Raises an event related to the file's life-cycle. + * @param h pointer to an event handler. + * @param vl list of argument values to pass to event call. + */ + void FileEvent(EventHandlerPtr h, val_list vl); /** * Sets the MIME type for a file to a specific value. diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index ab4b1ed261..134418a476 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -443,12 +443,11 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig) EnumVal* tagval = tag.AsEnumVal(); Ref(tagval); - val_list* vl = new val_list(); - vl->append(tagval); - vl->append(c->BuildConnVal()); - vl->append(val_mgr->GetBool(is_orig)); - - mgr.QueueEvent(get_file_handle, vl); + mgr.QueueEvent(get_file_handle, { + tagval, + c->BuildConnVal(), + val_mgr->GetBool(is_orig), + }); mgr.Drain(); // need file handle immediately so we don't have to buffer data return current_file_id; } diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 15462e8e92..8aa688b879 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -41,12 +41,11 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) { if ( ! chunk_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - args->append(val_mgr->GetCount(offset)); - - mgr.QueueEvent(chunk_event, args); + mgr.QueueEvent(chunk_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + val_mgr->GetCount(offset), + }); return true; } @@ -55,11 +54,10 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len) { if ( ! stream_event ) return true; - val_list* args = new val_list; - args->append(GetFile()->GetVal()->Ref()); - args->append(new StringVal(new BroString(data, len, 0))); - - mgr.QueueEvent(stream_event, args); + mgr.QueueEvent(stream_event, { + GetFile()->GetVal()->Ref(), + new StringVal(new BroString(data, len, 0)), + }); return true; } diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 4802224950..873b8e2fcf 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -53,9 +53,6 @@ void Entropy::Finalize() if ( ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; entropy->Get(&ent, &chisq, &mean, &montepi, &scc); @@ -67,6 +64,8 @@ void Entropy::Finalize() ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); - vl->append(ent_result); - mgr.QueueEvent(file_entropy, vl); + mgr.QueueEvent(file_entropy, { + GetFile()->GetVal()->Ref(), + ent_result, + }); } diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index dc05fba367..e7aca5bcf3 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -90,12 +90,12 @@ bool Extract::DeliverStream(const u_char* data, uint64 len) if ( limit_exceeded && file_extraction_limit ) { File* f = GetFile(); - val_list* vl = new val_list(); - vl->append(f->GetVal()->Ref()); - vl->append(Args()->Ref()); - vl->append(val_mgr->GetCount(limit)); - vl->append(val_mgr->GetCount(len)); - f->FileEvent(file_extraction_limit, vl); + f->FileEvent(file_extraction_limit, { + f->GetVal()->Ref(), + Args()->Ref(), + val_mgr->GetCount(limit), + val_mgr->GetCount(len), + }); // Limit may have been modified by a BIF, re-check it. limit_exceeded = check_limit_exceeded(limit, depth, len, &towrite); diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index 9829934301..07bcb0babd 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -48,10 +48,9 @@ void Hash::Finalize() if ( ! hash->IsValid() || ! fed ) return; - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(new StringVal(kind)); - vl->append(hash->Get()); - - mgr.QueueEvent(file_hash, vl); + mgr.QueueEvent(file_hash, { + GetFile()->GetVal()->Ref(), + new StringVal(kind), + hash->Get(), + }); } diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index 00229184a2..ee874c4d37 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -81,10 +81,11 @@ refine flow Flow += { ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; %} @@ -112,10 +113,11 @@ refine flow Flow += { ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label})); ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(ids_event); - mgr.QueueEvent(::unified2_event, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_event, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + ids_event, + }, + SOURCE_LOCAL); } return true; @@ -133,10 +135,11 @@ refine flow Flow += { packet->Assign(4, val_mgr->GetCount(${pkt.link_type})); packet->Assign(5, bytestring_to_val(${pkt.packet_data})); - val_list* vl = new val_list(); - vl->append(connection()->bro_analyzer()->GetFile()->GetVal()->Ref()); - vl->append(packet); - mgr.QueueEvent(::unified2_packet, vl, SOURCE_LOCAL); + mgr.QueueEvent(::unified2_packet, { + connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), + packet, + }, + SOURCE_LOCAL); } return true; diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index c49481c23a..3681c6fd44 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -417,10 +417,6 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) char buf[OCSP_STRING_BUF_SIZE]; // we need a buffer for some of the openssl functions memset(buf, 0, sizeof(buf)); - // build up our response as we go along... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - uint64 version = 0; #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) @@ -431,23 +427,24 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) // TODO: try to parse out general name ? #endif - vl->append(val_mgr->GetCount(version)); + mgr.QueueEvent(ocsp_request, { + GetFile()->GetVal()->Ref(), + val_mgr->GetCount(version), + }); BIO *bio = BIO_new(BIO_s_mem()); - mgr.QueueEvent(ocsp_request, vl); - int req_count = OCSP_request_onereq_count(req); for ( int i=0; iappend(GetFile()->GetVal()->Ref()); + val_list rvl(5); + rvl.append(GetFile()->GetVal()->Ref()); OCSP_ONEREQ *one_req = OCSP_request_onereq_get0(req, i); OCSP_CERTID *cert_id = OCSP_onereq_get0_id(one_req); - ocsp_add_cert_id(cert_id, rvl, bio); - mgr.QueueEvent(ocsp_request_certificate, rvl); + ocsp_add_cert_id(cert_id, &rvl, bio); + mgr.QueueEvent(ocsp_request_certificate, std::move(rvl)); } BIO_free(bio); @@ -470,14 +467,13 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) char buf[OCSP_STRING_BUF_SIZE]; memset(buf, 0, sizeof(buf)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - const char *status_str = OCSP_response_status_str(OCSP_response_status(resp)); StringVal* status_val = new StringVal(strlen(status_str), status_str); - vl->append(status_val->Ref()); - mgr.QueueEvent(ocsp_response_status, vl); - vl = nullptr; + + mgr.QueueEvent(ocsp_response_status, { + GetFile()->GetVal()->Ref(), + status_val->Ref(), + }); //if (!resp_bytes) // { @@ -490,6 +486,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //int len = BIO_read(bio, buf, sizeof(buf)); //BIO_reset(bio); + val_list vl(8); + // get the basic response basic_resp = OCSP_response_get1_basic(resp); if ( !basic_resp ) @@ -501,28 +499,27 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) goto clean_up; #endif - vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(resp_val->Ref()); - vl->append(status_val); + vl.append(GetFile()->GetVal()->Ref()); + vl.append(resp_val->Ref()); + vl.append(status_val); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - vl->append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); + vl.append(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version))); #else - vl->append(parse_basic_resp_data_version(basic_resp)); + vl.append(parse_basic_resp_data_version(basic_resp)); #endif // responderID if ( OCSP_RESPID_bio(basic_resp, bio) ) { len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); } else { reporter->Weird("OpenSSL failed to get OCSP responder id"); - vl->append(val_mgr->GetEmptyString()); + vl.append(val_mgr->GetEmptyString()); } // producedAt @@ -532,7 +529,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) produced_at = OCSP_resp_get0_produced_at(basic_resp); #endif - vl->append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); + vl.append(new Val(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME)); // responses @@ -545,8 +542,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) if ( !single_resp ) continue; - val_list* rvl = new val_list(); - rvl->append(GetFile()->GetVal()->Ref()); + val_list rvl(10); + rvl.append(GetFile()->GetVal()->Ref()); // cert id const OCSP_CERTID* cert_id = nullptr; @@ -557,7 +554,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) cert_id = OCSP_SINGLERESP_get0_id(single_resp); #endif - ocsp_add_cert_id(cert_id, rvl, bio); + ocsp_add_cert_id(cert_id, &rvl, bio); BIO_reset(bio); // certStatus @@ -574,38 +571,38 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL failed to find status of OCSP response"); const char* cert_status_str = OCSP_cert_status_str(status); - rvl->append(new StringVal(strlen(cert_status_str), cert_status_str)); + rvl.append(new StringVal(strlen(cert_status_str), cert_status_str)); // revocation time and reason if revoked if ( status == V_OCSP_CERTSTATUS_REVOKED ) { - rvl->append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME)); if ( reason != OCSP_REVOKED_STATUS_NOSTATUS ) { const char* revoke_reason = OCSP_crl_reason_str(reason); - rvl->append(new StringVal(strlen(revoke_reason), revoke_reason)); + rvl.append(new StringVal(strlen(revoke_reason), revoke_reason)); } else - rvl->append(new StringVal(0, "")); + rvl.append(new StringVal(0, "")); } else { - rvl->append(new Val(0.0, TYPE_TIME)); - rvl->append(new StringVal(0, "")); + rvl.append(new Val(0.0, TYPE_TIME)); + rvl.append(new StringVal(0, "")); } if ( this_update ) - rvl->append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); if ( next_update ) - rvl->append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); + rvl.append(new Val(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME)); else - rvl->append(new Val(0.0, TYPE_TIME)); + rvl.append(new Val(0.0, TYPE_TIME)); - mgr.QueueEvent(ocsp_response_certificate, rvl); + mgr.QueueEvent(ocsp_response_certificate, std::move(rvl)); num_ext = OCSP_SINGLERESP_get_ext_count(single_resp); for ( int k = 0; k < num_ext; ++k ) @@ -621,10 +618,10 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm); len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); + vl.append(new StringVal(len, buf)); BIO_reset(bio); #else - vl->append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); + vl.append(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf))); #endif //i2a_ASN1_OBJECT(bio, basic_resp->signature); @@ -633,7 +630,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) //BIO_reset(bio); certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType()); - vl->append(certs_vector); + vl.append(certs_vector); #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) certs = basic_resp->certs; @@ -654,7 +651,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) reporter->Weird("OpenSSL returned null certificate"); } } - mgr.QueueEvent(ocsp_response_bytes, vl); + + mgr.QueueEvent(ocsp_response_bytes, std::move(vl)); // ok, now that we are done with the actual certificate - let's parse extensions :) num_ext = OCSP_BASICRESP_get_ext_count(basic_resp); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 38422897db..c33f20a800 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -57,11 +57,11 @@ bool file_analysis::X509::EndOfFile() RecordVal* cert_record = ParseCertificate(cert_val, GetFile()); // and send the record on to scriptland - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(cert_val->Ref()); - vl->append(cert_record->Ref()); // we Ref it here, because we want to keep a copy around for now... - mgr.QueueEvent(x509_certificate, vl); + mgr.QueueEvent(x509_certificate, { + GetFile()->GetVal()->Ref(), + cert_val->Ref(), + cert_record->Ref(), // we Ref it here, because we want to keep a copy around for now... + }); // after parsing the certificate - parse the extensions... @@ -227,11 +227,10 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( constr->pathlen ) pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pBasicConstraint); - - mgr.QueueEvent(x509_ext_basic_constraints, vl); + mgr.QueueEvent(x509_ext_basic_constraints, { + GetFile()->GetVal()->Ref(), + pBasicConstraint, + }); BASIC_CONSTRAINTS_free(constr); } @@ -367,10 +366,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) sanExt->Assign(4, val_mgr->GetBool(otherfields)); - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(sanExt); - mgr.QueueEvent(x509_ext_subject_alternative_name, vl); + mgr.QueueEvent(x509_ext_subject_alternative_name, { + GetFile()->GetVal()->Ref(), + sanExt, + }); GENERAL_NAMES_free(altname); } diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index b6c16fc1dc..7fb3100e97 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -277,13 +277,18 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, EventHandlerP // parsed. And if we have it, we send the specialized event on top of the // generic event that we just had. I know, that is... kind of not nice, // but I am not sure if there is a better way to do it... - val_list* vl = new val_list(); - vl->append(GetFile()->GetVal()->Ref()); - vl->append(pX509Ext); - if ( h == ocsp_extension ) - vl->append(val_mgr->GetBool(global ? 1 : 0)); - mgr.QueueEvent(h, vl); + if ( h == ocsp_extension ) + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + val_mgr->GetBool(global ? 1 : 0), + }); + else + mgr.QueueEvent(h, { + GetFile()->GetVal()->Ref(), + pX509Ext, + }); // let individual analyzers parse more. ParseExtensionsSpecific(ex, global, ext_asn, oid); diff --git a/src/input/Manager.cc b/src/input/Manager.cc index aaf84a99b2..002e8cded9 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1865,11 +1865,12 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu bool convert_error = false; - val_list* vl = new val_list; + val_list vl(num_vals); + for ( int j = 0; j < num_vals; j++) { Val* v = ValueToVal(i, vals[j], convert_error); - vl->append(v); + vl.append(v); if ( v && ! convert_error && ! same_type(type->FieldType(j), v->Type()) ) { convert_error = true; @@ -1881,18 +1882,20 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu if ( convert_error ) { - delete_vals(vl); + loop_over_list(vl, i) + Unref(vl[i]); + return false; } else - mgr.QueueEvent(handler, vl, SOURCE_LOCAL); + mgr.QueueEvent(handler, std::move(vl), SOURCE_LOCAL); return true; } void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const { - val_list* vl = new val_list; + val_list vl(numvals); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %d vals", @@ -1902,16 +1905,16 @@ void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const va_list lP; va_start(lP, numvals); for ( int i = 0; i < numvals; i++ ) - vl->append( va_arg(lP, Val*) ); + vl.append( va_arg(lP, Val*) ); va_end(lP); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } void Manager::SendEvent(EventHandlerPtr ev, list events) const { - val_list* vl = new val_list; + val_list vl(events.size()); #ifdef DEBUG DBG_LOG(DBG_INPUT, "SendEvent with %" PRIuPTR " vals (list)", @@ -1919,11 +1922,9 @@ void Manager::SendEvent(EventHandlerPtr ev, list events) const #endif for ( list::iterator i = events.begin(); i != events.end(); i++ ) - { - vl->append( *i ); - } + vl.append( *i ); - mgr.QueueEvent(ev, vl, SOURCE_LOCAL); + mgr.QueueEvent(ev, std::move(vl), SOURCE_LOCAL); } // Convert a bro list value to a bro record value. diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index f1b459811f..108869be9f 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -715,11 +715,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Raise the log event. if ( stream->event ) - { - val_list* vl = new val_list(1); - vl->append(columns->Ref()); - mgr.QueueEvent(stream->event, vl, SOURCE_LOCAL); - } + mgr.QueueEvent(stream->event, {columns->Ref()}, SOURCE_LOCAL); // Send to each of our filters. for ( list::iterator i = stream->filters.begin(); @@ -732,8 +728,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) { // See whether the predicates indicates that we want // to log this record. - val_list vl(1); - vl.append(columns->Ref()); + val_list vl{columns->Ref()}; int result = 1; @@ -750,17 +745,12 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) if ( filter->path_func ) { - val_list vl(3); - vl.append(id->Ref()); - Val* path_arg; if ( filter->path_val ) path_arg = filter->path_val->Ref(); else path_arg = val_mgr->GetEmptyString(); - vl.append(path_arg); - Val* rec_arg; BroType* rt = filter->path_func->FType()->Args()->FieldType("rec"); @@ -770,7 +760,11 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Can be TYPE_ANY here. rec_arg = columns->Ref(); - vl.append(rec_arg); + val_list vl{ + id->Ref(), + path_arg, + rec_arg, + }; Val* v = 0; @@ -1087,8 +1081,7 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, RecordVal* ext_rec = nullptr; if ( filter->num_ext_fields > 0 ) { - val_list vl(1); - vl.append(filter->path_val->Ref()); + val_list vl{filter->path_val->Ref()}; Val* res = filter->ext_func->Call(&vl); if ( res ) ext_rec = res->AsRecordVal(); @@ -1593,8 +1586,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con assert(func); // Call the postprocessor function. - val_list vl(1); - vl.append(info); + val_list vl{info}; int result = 0; diff --git a/src/main.cc b/src/main.cc index 1116b8c331..56300fc1a2 100644 --- a/src/main.cc +++ b/src/main.cc @@ -284,12 +284,11 @@ void done_with_network() if ( net_done ) { - val_list* args = new val_list; - args->append(new Val(timer_mgr->Time(), TYPE_TIME)); mgr.Drain(); - // Don't propagate this event to remote clients. - mgr.Dispatch(new Event(net_done, args), true); + mgr.Dispatch(new Event(net_done, + {new Val(timer_mgr->Time(), TYPE_TIME)}), + true); } // Save state before expiring the remaining events/timers. @@ -341,7 +340,7 @@ void terminate_bro() EventHandlerPtr bro_done = internal_handler("bro_done"); if ( bro_done ) - mgr.QueueEvent(bro_done, new val_list); + mgr.QueueEvent(bro_done, val_list{}); timer_mgr->Expire(); mgr.Drain(); @@ -1137,8 +1136,9 @@ int main(int argc, char** argv) net_update_time(current_time()); EventHandlerPtr bro_init = internal_handler("bro_init"); - if ( bro_init ) //### this should be a function - mgr.QueueEvent(bro_init, new val_list); + + if ( bro_init ) + mgr.QueueEvent(bro_init, val_list{}); EventRegistry::string_list* dead_handlers = event_registry->UnusedHandlers(); @@ -1190,10 +1190,10 @@ int main(int argc, char** argv) if ( i->skipped ) continue; - val_list* vl = new val_list; - vl->append(new StringVal(i->name.c_str())); - vl->append(val_mgr->GetCount(i->include_level)); - mgr.QueueEvent(bro_script_loaded, vl); + mgr.QueueEvent(bro_script_loaded, { + new StringVal(i->name.c_str()), + val_mgr->GetCount(i->include_level), + }); } reporter->ReportViaEvents(true); diff --git a/src/option.bif b/src/option.bif index 2156808763..04bc7f2b1b 100644 --- a/src/option.bif +++ b/src/option.bif @@ -15,10 +15,12 @@ static bool call_option_handlers_and_set_value(StringVal* name, ID* i, Val* val, { for ( auto handler_function : i->GetOptionHandlers() ) { - val_list vl(2); + bool add_loc = handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3; + val_list vl(2 + add_loc); vl.append(name->Ref()); vl.append(val); - if ( handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3 ) + + if ( add_loc ) vl.append(location->Ref()); val = handler_function->Call(&vl); // consumed by next call. From b6862c5c59bb5febda071cf834d51d1546543c51 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Apr 2019 20:23:49 -0700 Subject: [PATCH 02/51] Add methods to queue events without handler existence check Added ConnectionEventFast() and QueueEventFast() methods to avoid redundant event handler existence checks. It's common practice for caller to already check for event handler existence before doing all the work of constructing the arguments, so it's desirable to not have to check for existence again. E.g. going through ConnectionEvent() means 3 existence checks: one you do yourself before calling it, one in ConnectionEvent(), and then another in QueueEvent(). The existence check itself can be more than a few operations sometimes as it needs to check a few flags that determine if it's enabled, has a local body, or has any remote receivers in the old comm. system or has been flagged as something to publish in the new comm. system. --- aux/bifcl | 2 +- src/Anon.cc | 2 +- src/Conn.cc | 27 +- src/Conn.h | 2 + src/DNS_Mgr.cc | 6 +- src/Event.cc | 2 +- src/Event.h | 7 + src/Reporter.cc | 4 +- src/RuleAction.cc | 2 +- src/Sessions.cc | 8 +- src/StateAccess.cc | 2 +- src/Stats.cc | 11 +- src/analyzer/Analyzer.cc | 19 +- src/analyzer/Analyzer.h | 6 + src/analyzer/protocol/arp/ARP.cc | 4 +- src/analyzer/protocol/backdoor/BackDoor.cc | 27 +- .../protocol/bittorrent/BitTorrent.cc | 2 +- .../protocol/bittorrent/BitTorrentTracker.cc | 39 +-- src/analyzer/protocol/conn-size/ConnSize.cc | 2 +- src/analyzer/protocol/dns/DNS.cc | 261 ++++++++++-------- src/analyzer/protocol/dns/DNS.h | 6 +- src/analyzer/protocol/file/File.cc | 13 +- src/analyzer/protocol/finger/Finger.cc | 4 +- src/analyzer/protocol/gnutella/Gnutella.cc | 14 +- src/analyzer/protocol/http/HTTP.cc | 24 +- src/analyzer/protocol/icmp/ICMP.cc | 39 ++- src/analyzer/protocol/ident/Ident.cc | 17 +- src/analyzer/protocol/imap/imap-analyzer.pac | 7 +- src/analyzer/protocol/interconn/InterConn.cc | 14 +- src/analyzer/protocol/irc/IRC.cc | 122 ++++---- src/analyzer/protocol/login/Login.cc | 19 +- src/analyzer/protocol/login/NVT.cc | 2 +- src/analyzer/protocol/login/RSH.cc | 4 +- src/analyzer/protocol/login/Rlogin.cc | 2 +- src/analyzer/protocol/mime/MIME.cc | 19 +- src/analyzer/protocol/ncp/NCP.cc | 4 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 6 +- src/analyzer/protocol/ntlm/ntlm-analyzer.pac | 9 + src/analyzer/protocol/ntp/NTP.cc | 5 +- src/analyzer/protocol/pop3/POP3.cc | 5 +- src/analyzer/protocol/rfb/rfb-analyzer.pac | 24 +- src/analyzer/protocol/rpc/MOUNT.cc | 4 +- src/analyzer/protocol/rpc/NFS.cc | 4 +- src/analyzer/protocol/rpc/Portmap.cc | 4 +- src/analyzer/protocol/rpc/RPC.cc | 6 +- .../protocol/smb/smb1-com-nt-create-andx.pac | 6 +- src/analyzer/protocol/smb/smb1-protocol.pac | 7 +- src/analyzer/protocol/smb/smb2-com-create.pac | 6 +- src/analyzer/protocol/smtp/SMTP.cc | 23 +- .../protocol/socks/socks-analyzer.pac | 87 +++--- src/analyzer/protocol/ssl/ssl-analyzer.pac | 4 +- .../protocol/ssl/ssl-dtls-analyzer.pac | 21 +- .../protocol/ssl/tls-handshake-analyzer.pac | 172 ++++++++---- .../protocol/stepping-stone/SteppingStone.cc | 9 +- .../protocol/syslog/syslog-analyzer.pac | 3 + src/analyzer/protocol/tcp/TCP.cc | 23 +- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 2 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 10 +- src/analyzer/protocol/udp/UDP.cc | 2 +- src/analyzer/protocol/xmpp/xmpp-analyzer.pac | 3 +- src/broker/Manager.cc | 9 +- src/file_analysis/File.cc | 2 +- src/file_analysis/Manager.cc | 2 +- .../analyzer/data_event/DataEvent.cc | 4 +- src/file_analysis/analyzer/entropy/Entropy.cc | 5 +- src/file_analysis/analyzer/hash/Hash.cc | 5 +- .../analyzer/unified2/unified2-analyzer.pac | 6 +- src/file_analysis/analyzer/x509/OCSP.cc | 24 +- src/file_analysis/analyzer/x509/X509.cc | 20 +- .../analyzer/x509/x509-extension.pac | 3 + src/logging/Manager.cc | 2 +- src/main.cc | 23 +- 72 files changed, 771 insertions(+), 524 deletions(-) diff --git a/aux/bifcl b/aux/bifcl index 44622332fb..33cde13264 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit 44622332fb1361383799be33e365704caacce199 +Subproject commit 33cde13264825df906668b608017e65f4ffbc12a diff --git a/src/Anon.cc b/src/Anon.cc index de225e95a8..983c7fbec8 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -415,7 +415,7 @@ void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output) { if ( anonymization_mapping ) { - mgr.QueueEvent(anonymization_mapping, { + mgr.QueueEventFast(anonymization_mapping, { new AddrVal(input), new AddrVal(output) }); diff --git a/src/Conn.cc b/src/Conn.cc index 494d2d21c4..83ad6c08f6 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -325,7 +325,7 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, // and at this stage it's not a *multiple* instance. return; - ConnectionEvent(e, 0, { + ConnectionEventFast(e, 0, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(threshold) @@ -389,7 +389,7 @@ void Connection::EnableStatusUpdateTimer() void Connection::StatusUpdateTimer(double t) { - ConnectionEvent(connection_status_update, 0, { BuildConnVal() }); + ConnectionEventFast(connection_status_update, 0, { BuildConnVal() }); ADD_TIMER(&Connection::StatusUpdateTimer, network_time + connection_status_update_interval, 0, TIMER_CONN_STATUS_UPDATE); @@ -627,7 +627,7 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, { if ( software_parse_error ) { - ConnectionEvent(software_parse_error, analyzer, { + ConnectionEventFast(software_parse_error, analyzer, { BuildConnVal(), new AddrVal(addr), new StringVal(len, s), @@ -638,7 +638,7 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len, if ( software_version_found ) { - ConnectionEvent(software_version_found, 0, { + ConnectionEventFast(software_version_found, 0, { BuildConnVal(), new AddrVal(addr), val, @@ -666,7 +666,7 @@ int Connection::UnparsedVersionFoundEvent(const IPAddr& addr, if ( software_unparsed_version_found ) { - ConnectionEvent(software_unparsed_version_found, analyzer, { + ConnectionEventFast(software_unparsed_version_found, analyzer, { BuildConnVal(), new AddrVal(addr), new StringVal(len, full), @@ -682,9 +682,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch return; if ( name ) - ConnectionEvent(f, analyzer, {new StringVal(name), BuildConnVal()}); + ConnectionEventFast(f, analyzer, {new StringVal(name), BuildConnVal()}); else - ConnectionEvent(f, analyzer, {BuildConnVal()}); + ConnectionEventFast(f, analyzer, {BuildConnVal()}); } @@ -698,9 +698,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, } if ( v2 ) - ConnectionEvent(f, analyzer, {BuildConnVal(), v1, v2}); + ConnectionEventFast(f, analyzer, {BuildConnVal(), v1, v2}); else - ConnectionEvent(f, analyzer, {BuildConnVal(), v1}); + ConnectionEventFast(f, analyzer, {BuildConnVal(), v1}); } void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) @@ -720,6 +720,13 @@ void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_l a ? a->GetID() : 0, GetTimerMgr(), this); } +void Connection::ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl) + { + // "this" is passed as a cookie for the event + mgr.QueueEventFast(f, std::move(vl), SOURCE_LOCAL, + a ? a->GetID() : 0, GetTimerMgr(), this); + } + void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl) { ConnectionEvent(f, a, std::move(*vl)); @@ -1053,7 +1060,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label) if ( connection_flow_label_changed && (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { - ConnectionEvent(connection_flow_label_changed, 0, { + ConnectionEventFast(connection_flow_label_changed, 0, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(my_flow_label), diff --git a/src/Conn.h b/src/Conn.h index 2622134f2a..d19501ff13 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -181,6 +181,8 @@ public: val_list* vl); void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list vl); + void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list vl); void Weird(const char* name, const char* addl = ""); bool DidWeird() const { return weird != 0; } diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index c72e66f0bf..c3efda3ad9 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -704,7 +704,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm) if ( ! e ) return; - mgr.QueueEvent(e, {BuildMappingVal(dm)}); + mgr.QueueEventFast(e, {BuildMappingVal(dm)}); } void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2) @@ -715,7 +715,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2 Unref(l1); Unref(l2); - mgr.QueueEvent(e, { + mgr.QueueEventFast(e, { BuildMappingVal(dm), l1->ConvertToSet(), l2->ConvertToSet(), @@ -727,7 +727,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm) if ( ! e ) return; - mgr.QueueEvent(e, { + mgr.QueueEventFast(e, { BuildMappingVal(old_dm), BuildMappingVal(new_dm), }); diff --git a/src/Event.cc b/src/Event.cc index 26ca874c2a..8b87caa9b1 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -128,7 +128,7 @@ void EventMgr::QueueEvent(Event* event) void EventMgr::Drain() { if ( event_queue_flush_point ) - QueueEvent(event_queue_flush_point, val_list{}); + QueueEventFast(event_queue_flush_point, val_list{}); SegmentProfiler(segment_logger, "draining-events"); diff --git a/src/Event.h b/src/Event.h index 9ee30ae674..258b680d49 100644 --- a/src/Event.h +++ b/src/Event.h @@ -58,6 +58,13 @@ public: EventMgr(); ~EventMgr() override; + void QueueEventFast(const EventHandlerPtr &h, val_list vl, + SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, + TimerMgr* mgr = 0, BroObj* obj = 0) + { + QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); + } + void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) diff --git a/src/Reporter.cc b/src/Reporter.cc index 9821911d17..cc0542eaac 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -506,9 +506,9 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, } if ( conn ) - conn->ConnectionEvent(event, 0, std::move(vl)); + conn->ConnectionEventFast(event, 0, std::move(vl)); else - mgr.QueueEvent(event, std::move(vl)); + mgr.QueueEventFast(event, std::move(vl)); } else { diff --git a/src/RuleAction.cc b/src/RuleAction.cc index ab9994bde2..3d22e3b56f 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -17,7 +17,7 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, { if ( signature_match ) { - mgr.QueueEvent(signature_match, { + mgr.QueueEventFast(signature_match, { rule_matcher->BuildRuleStateValue(parent, state), new StringVal(msg), data ? new StringVal(len, (const char*)data) : val_mgr->GetEmptyString(), diff --git a/src/Sessions.cc b/src/Sessions.cc index db4e9e5d3a..3507c46e53 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -171,7 +171,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) SegmentProfiler(segment_logger, "dispatching-packet"); if ( raw_packet ) - mgr.QueueEvent(raw_packet, {pkt->BuildPktHdrVal()}); + mgr.QueueEventFast(raw_packet, {pkt->BuildPktHdrVal()}); if ( pkt_profiler ) pkt_profiler->ProfilePkt(t, pkt->cap_len); @@ -411,7 +411,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr { dump_this_packet = 1; if ( esp_packet ) - mgr.QueueEvent(esp_packet, {ip_hdr->BuildPktHdrVal()}); + mgr.QueueEventFast(esp_packet, {ip_hdr->BuildPktHdrVal()}); // Can't do more since upper-layer payloads are going to be encrypted. return; @@ -1315,9 +1315,9 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, { conn->Event(new_connection, 0); - if ( external ) + if ( external && connection_external ) { - conn->ConnectionEvent(connection_external, 0, { + conn->ConnectionEventFast(connection_external, 0, { conn->BuildConnVal(), new StringVal(conn->GetTimerMgr()->GetTag().c_str()), }); diff --git a/src/StateAccess.cc b/src/StateAccess.cc index b9f08a54cc..72ed9ef236 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -536,7 +536,7 @@ void StateAccess::Replay() if ( remote_state_access_performed ) { - mgr.QueueEvent(remote_state_access_performed, { + mgr.QueueEventFast(remote_state_access_performed, { new StringVal(target.id->Name()), target.id->ID_Val()->Ref(), }); diff --git a/src/Stats.cc b/src/Stats.cc index 7c232f7aa4..1d2a2c8ad8 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -369,11 +369,12 @@ void SampleLogger::SegmentProfile(const char* /* name */, const Location* /* loc */, double dtime, int dmem) { - mgr.QueueEvent(load_sample, { - load_samples->Ref(), - new IntervalVal(dtime, Seconds), - val_mgr->GetInt(dmem) - }); + if ( load_sample ) + mgr.QueueEventFast(load_sample, { + load_samples->Ref(), + new IntervalVal(dtime, Seconds), + val_mgr->GetInt(dmem) + }); } void SegmentProfiler::Init() diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index be2cfcf627..874b405e9d 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -662,16 +662,19 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) if ( protocol_confirmed ) return; + protocol_confirmed = true; + + if ( ! protocol_confirmation ) + return; + EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal(); Ref(tval); - mgr.QueueEvent(protocol_confirmation, { + mgr.QueueEventFast(protocol_confirmation, { BuildConnVal(), tval, val_mgr->GetCount(id), }); - - protocol_confirmed = true; } void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) @@ -689,10 +692,13 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) else r = new StringVal(reason); + if ( ! protocol_violation ) + return; + EnumVal* tval = tag.AsEnumVal(); Ref(tval); - mgr.QueueEvent(protocol_violation, { + mgr.QueueEventFast(protocol_violation, { BuildConnVal(), tval, val_mgr->GetCount(id), @@ -787,6 +793,11 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) conn->ConnectionEvent(f, this, std::move(vl)); } +void Analyzer::ConnectionEventFast(EventHandlerPtr f, val_list vl) + { + conn->ConnectionEventFast(f, this, std::move(vl)); + } + void Analyzer::Weird(const char* name, const char* addl) { conn->Weird(name, addl); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index ab09e63458..141d420a82 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -547,6 +547,12 @@ public: */ void ConnectionEvent(EventHandlerPtr f, val_list vl); + /** + * Convenience function that forwards directly to + * Connection::ConnectionEventFast(). + */ + void ConnectionEventFast(EventHandlerPtr f, val_list vl); + /** * Convenience function that forwards directly to the corresponding * Connection::Weird(). diff --git a/src/analyzer/protocol/arp/ARP.cc b/src/analyzer/protocol/arp/ARP.cc index e206303e9c..d3a4ab688f 100644 --- a/src/analyzer/protocol/arp/ARP.cc +++ b/src/analyzer/protocol/arp/ARP.cc @@ -190,7 +190,7 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg) if ( ! bad_arp ) return; - mgr.QueueEvent(bad_arp, { + mgr.QueueEventFast(bad_arp, { ConstructAddrVal(ar_spa(hdr)), EthAddrToStr((const u_char*) ar_sha(hdr)), ConstructAddrVal(ar_tpa(hdr)), @@ -212,7 +212,7 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e, if ( ! e ) return; - mgr.QueueEvent(e, { + mgr.QueueEventFast(e, { EthAddrToStr(src), EthAddrToStr(dst), ConstructAddrVal(spa), diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index 4cc8d5f703..81b4c0e9a5 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -246,7 +246,10 @@ void BackDoorEndpoint::RloginSignatureFound(int len) rlogin_checking_done = 1; - endp->TCP()->ConnectionEvent(rlogin_signature_found, { + if ( ! rlogin_signature_found ) + return; + + endp->TCP()->ConnectionEventFast(rlogin_signature_found, { endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), val_mgr->GetCount(rlogin_num_null), @@ -337,7 +340,10 @@ void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* d void BackDoorEndpoint::TelnetSignatureFound(int len) { - endp->TCP()->ConnectionEvent(telnet_signature_found, { + if ( ! telnet_signature_found ) + return; + + endp->TCP()->ConnectionEventFast(telnet_signature_found, { endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), val_mgr->GetCount(len), @@ -641,12 +647,15 @@ void BackDoorEndpoint::CheckForHTTPProxy(uint64 /* seq */, int len, void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig) { + if ( ! e ) + return; + if ( do_orig ) - endp->TCP()->ConnectionEvent(e, + endp->TCP()->ConnectionEventFast(e, {endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig())}); else - endp->TCP()->ConnectionEvent(e, {endp->TCP()->BuildConnVal()}); + endp->TCP()->ConnectionEventFast(e, {endp->TCP()->BuildConnVal()}); } @@ -773,7 +782,10 @@ void BackDoor_Analyzer::StatTimer(double t, int is_expire) void BackDoor_Analyzer::StatEvent() { - TCP()->ConnectionEvent(backdoor_stats, { + if ( ! backdoor_stats ) + return; + + TCP()->ConnectionEventFast(backdoor_stats, { TCP()->BuildConnVal(), orig_endp->BuildStats(), resp_endp->BuildStats(), @@ -782,7 +794,10 @@ void BackDoor_Analyzer::StatEvent() void BackDoor_Analyzer::RemoveEvent() { - TCP()->ConnectionEvent(backdoor_remove_conn, {TCP()->BuildConnVal()}); + if ( ! backdoor_remove_conn ) + return; + + TCP()->ConnectionEventFast(backdoor_remove_conn, {TCP()->BuildConnVal()}); } BackDoorTimer::BackDoorTimer(double t, BackDoor_Analyzer* a) diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index 989265623c..c57d694c6e 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -120,7 +120,7 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bittorrent_peer_weird ) { - ConnectionEvent(bittorrent_peer_weird, { + ConnectionEventFast(bittorrent_peer_weird, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(msg), diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 411bbf0aff..a1a40e8d56 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -247,7 +247,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bt_tracker_weird ) { - ConnectionEvent(bt_tracker_weird, { + ConnectionEventFast(bt_tracker_weird, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(msg), @@ -348,11 +348,12 @@ void BitTorrentTracker_Analyzer::EmitRequest(void) { ProtocolConfirmation(); - ConnectionEvent(bt_tracker_request, { - BuildConnVal(), - req_val_uri, - req_val_headers, - }); + if ( bt_tracker_request ) + ConnectionEventFast(bt_tracker_request, { + BuildConnVal(), + req_val_uri, + req_val_headers, + }); req_val_uri = 0; req_val_headers = 0; @@ -401,11 +402,12 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { if ( res_status != 200 ) { - ConnectionEvent(bt_tracker_response_not_ok, { - BuildConnVal(), - val_mgr->GetCount(res_status), - res_val_headers, - }); + if ( bt_tracker_response_not_ok ) + ConnectionEventFast(bt_tracker_response_not_ok, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + }); res_val_headers = 0; res_buf_pos = res_buf + res_buf_len; res_state = BTT_RES_DONE; @@ -787,13 +789,14 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) { ProtocolConfirmation(); - ConnectionEvent(bt_tracker_response, { - BuildConnVal(), - val_mgr->GetCount(res_status), - res_val_headers, - res_val_peers, - res_val_benc, - }); + if ( bt_tracker_response ) + ConnectionEventFast(bt_tracker_response, { + BuildConnVal(), + val_mgr->GetCount(res_status), + res_val_headers, + res_val_peers, + res_val_benc, + }); res_val_headers = 0; res_val_peers = 0; diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index cf6521103c..1b18335e7f 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -47,7 +47,7 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool if ( ! f ) return; - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), val_mgr->GetCount(threshold), val_mgr->GetBool(is_orig), diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index a67b548fe9..f99a7ca1e9 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -46,7 +46,7 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) if ( dns_message ) { - analyzer->ConnectionEvent(dns_message, { + analyzer->ConnectionEventFast(dns_message, { analyzer->BuildConnVal(), val_mgr->GetBool(is_query), msg.BuildHdrVal(), @@ -132,10 +132,11 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) int DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) { - analyzer->ConnectionEvent(dns_end, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - }); + if ( dns_end ) + analyzer->ConnectionEventFast(dns_end, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + }); return 1; } @@ -334,7 +335,7 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, if ( dns_unknown_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_unknown_reply, { + analyzer->ConnectionEventFast(dns_unknown_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -549,7 +550,7 @@ int DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, if ( reply_event && ! msg->skip_event ) { - analyzer->ConnectionEvent(reply_event, { + analyzer->ConnectionEventFast(reply_event, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -603,7 +604,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(5, new IntervalVal(double(expire), Seconds)); r->Assign(6, new IntervalVal(double(minimum), Seconds)); - analyzer->ConnectionEvent(dns_SOA_reply, { + analyzer->ConnectionEventFast(dns_SOA_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -634,7 +635,7 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, if ( dns_MX_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_MX_reply, { + analyzer->ConnectionEventFast(dns_MX_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -677,7 +678,7 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, if ( dns_SRV_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_SRV_reply, { + analyzer->ConnectionEventFast(dns_SRV_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -700,7 +701,7 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, if ( dns_EDNS_addl && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_EDNS_addl, { + analyzer->ConnectionEventFast(dns_EDNS_addl, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildEDNS_Val(), @@ -766,22 +767,24 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, unsigned int rr_error = ExtractShort(data, len); ExtractOctets(data, len, 0); // Other Data - msg->tsig = new TSIG_DATA; + if ( dns_TSIG_addl ) + { + TSIG_DATA tsig; + tsig.alg_name = + new BroString(alg_name, alg_name_end - alg_name, 1); + tsig.sig = request_MAC; + tsig.time_s = sign_time_sec; + tsig.time_ms = sign_time_msec; + tsig.fudge = fudge; + tsig.orig_id = orig_id; + tsig.rr_error = rr_error; - msg->tsig->alg_name = - new BroString(alg_name, alg_name_end - alg_name, 1); - msg->tsig->sig = request_MAC; - msg->tsig->time_s = sign_time_sec; - msg->tsig->time_ms = sign_time_msec; - msg->tsig->fudge = fudge; - msg->tsig->orig_id = orig_id; - msg->tsig->rr_error = rr_error; - - analyzer->ConnectionEvent(dns_TSIG_addl, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildTSIG_Val(), - }); + analyzer->ConnectionEventFast(dns_TSIG_addl, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildTSIG_Val(&tsig), + }); + } return 1; } @@ -864,23 +867,26 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, break; } - RRSIG_DATA rrsig; - rrsig.type_covered = type_covered; - rrsig.algorithm = algo; - rrsig.labels = lab; - rrsig.orig_ttl = orig_ttl; - rrsig.sig_exp = sign_exp; - rrsig.sig_incep = sign_incp; - rrsig.key_tag = key_tag; - rrsig.signer_name = new BroString(name, name_end - name, 1); - rrsig.signature = sign; + if ( dns_RRSIG ) + { + RRSIG_DATA rrsig; + rrsig.type_covered = type_covered; + rrsig.algorithm = algo; + rrsig.labels = lab; + rrsig.orig_ttl = orig_ttl; + rrsig.sig_exp = sign_exp; + rrsig.sig_incep = sign_incp; + rrsig.key_tag = key_tag; + rrsig.signer_name = new BroString(name, name_end - name, 1); + rrsig.signature = sign; - analyzer->ConnectionEvent(dns_RRSIG, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildRRSIG_Val(&rrsig), - }); + analyzer->ConnectionEventFast(dns_RRSIG, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildRRSIG_Val(&rrsig), + }); + } return 1; } @@ -961,18 +967,21 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, break; } - DNSKEY_DATA dnskey; - dnskey.dflags = dflags; - dnskey.dalgorithm = dalgorithm; - dnskey.dprotocol = dprotocol; - dnskey.public_key = key; + if ( dns_DNSKEY ) + { + DNSKEY_DATA dnskey; + dnskey.dflags = dflags; + dnskey.dalgorithm = dalgorithm; + dnskey.dprotocol = dprotocol; + dnskey.public_key = key; - analyzer->ConnectionEvent(dns_DNSKEY, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildDNSKEY_Val(&dnskey), - }); + analyzer->ConnectionEventFast(dns_DNSKEY, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDNSKEY_Val(&dnskey), + }); + } return 1; } @@ -1017,13 +1026,16 @@ int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - analyzer->ConnectionEvent(dns_NSEC, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - new StringVal(new BroString(name, name_end - name, 1)), - char_strings, - }); + if ( dns_NSEC ) + analyzer->ConnectionEventFast(dns_NSEC, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + new StringVal(new BroString(name, name_end - name, 1)), + char_strings, + }); + else + Unref(char_strings); return 1; } @@ -1091,22 +1103,25 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, typebitmaps_len = typebitmaps_len - (2 + bmlen); } - NSEC3_DATA nsec3; - nsec3.nsec_flags = nsec_flags; - nsec3.nsec_hash_algo = hash_algo; - nsec3.nsec_iter = iter; - nsec3.nsec_salt_len = salt_len; - nsec3.nsec_salt = salt_val; - nsec3.nsec_hlen = hash_len; - nsec3.nsec_hash = hash_val; - nsec3.bitmaps = char_strings; + if ( dns_NSEC3 ) + { + NSEC3_DATA nsec3; + nsec3.nsec_flags = nsec_flags; + nsec3.nsec_hash_algo = hash_algo; + nsec3.nsec_iter = iter; + nsec3.nsec_salt_len = salt_len; + nsec3.nsec_salt = salt_val; + nsec3.nsec_hlen = hash_len; + nsec3.nsec_hash = hash_val; + nsec3.bitmaps = char_strings; - analyzer->ConnectionEvent(dns_NSEC3, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildNSEC3_Val(&nsec3), - }); + analyzer->ConnectionEventFast(dns_NSEC3, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildNSEC3_Val(&nsec3), + }); + } return 1; } @@ -1150,18 +1165,21 @@ int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, break; } - DS_DATA ds; - ds.key_tag = ds_key_tag; - ds.algorithm = ds_algo; - ds.digest_type = ds_dtype; - ds.digest_val = ds_digest; + if ( dns_DS ) + { + DS_DATA ds; + ds.key_tag = ds_key_tag; + ds.algorithm = ds_algo; + ds.digest_type = ds_dtype; + ds.digest_val = ds_digest; - analyzer->ConnectionEvent(dns_DS, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - msg->BuildDS_Val(&ds), - }); + analyzer->ConnectionEventFast(dns_DS, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + msg->BuildDS_Val(&ds), + }); + } return 1; } @@ -1179,7 +1197,7 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, if ( dns_A_reply && ! msg->skip_event ) { - analyzer->ConnectionEvent(dns_A_reply, { + analyzer->ConnectionEventFast(dns_A_reply, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -1216,7 +1234,7 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, event = dns_A6_reply; if ( event && ! msg->skip_event ) { - analyzer->ConnectionEvent(event, { + analyzer->ConnectionEventFast(event, { analyzer->BuildConnVal(), msg->BuildHdrVal(), msg->BuildAnswerVal(), @@ -1290,12 +1308,15 @@ int DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) char_strings->Assign(char_strings->Size(), char_string); - analyzer->ConnectionEvent(dns_TXT_reply, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - char_strings, - }); + if ( dns_TXT_reply ) + analyzer->ConnectionEventFast(dns_TXT_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + char_strings, + }); + else + Unref(char_strings); return rdlength == 0; } @@ -1330,14 +1351,20 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, data += value->Len(); rdlength -= value->Len(); - analyzer->ConnectionEvent(dns_CAA_reply, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - msg->BuildAnswerVal(), - val_mgr->GetCount(flags), - new StringVal(tag), - new StringVal(value), - }); + if ( dns_CAA_reply ) + analyzer->ConnectionEventFast(dns_CAA_reply, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + msg->BuildAnswerVal(), + val_mgr->GetCount(flags), + new StringVal(tag), + new StringVal(value), + }); + else + { + delete tag; + delete value; + } return rdlength == 0; } @@ -1351,13 +1378,14 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, RR_Type qtype = RR_Type(ExtractShort(data, len)); int qclass = ExtractShort(data, len); - analyzer->ConnectionEvent(event, { - analyzer->BuildConnVal(), - msg->BuildHdrVal(), - new StringVal(question_name), - val_mgr->GetCount(qtype), - val_mgr->GetCount(qclass), - }); + if ( event ) + analyzer->ConnectionEventFast(event, { + analyzer->BuildConnVal(), + msg->BuildHdrVal(), + new StringVal(question_name), + val_mgr->GetCount(qtype), + val_mgr->GetCount(qclass), + }); } @@ -1391,7 +1419,6 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query) answer_type = DNS_QUESTION; skip_event = 0; - tsig = 0; } DNS_MsgInfo::~DNS_MsgInfo() @@ -1470,7 +1497,7 @@ Val* DNS_MsgInfo::BuildEDNS_Val() return r; } -Val* DNS_MsgInfo::BuildTSIG_Val() +Val* DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig) { RecordVal* r = new RecordVal(dns_tsig_additional); double rtime = tsig->time_s + tsig->time_ms / 1000.0; @@ -1487,9 +1514,6 @@ Val* DNS_MsgInfo::BuildTSIG_Val() r->Assign(7, val_mgr->GetCount(tsig->rr_error)); r->Assign(8, val_mgr->GetCount(is_query)); - delete tsig; - tsig = 0; - return r; } @@ -1705,10 +1729,11 @@ void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, { if ( ! interp->ParseMessage(data, len, 1) && non_dns_request ) { - ConnectionEvent(non_dns_request, { - BuildConnVal(), - new StringVal(len, (const char*) data), - }); + if ( non_dns_request ) + ConnectionEventFast(non_dns_request, { + BuildConnVal(), + new StringVal(len, (const char*) data), + }); } } diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index f095fe96fa..a4975cdaa1 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -182,7 +182,7 @@ public: Val* BuildHdrVal(); Val* BuildAnswerVal(); Val* BuildEDNS_Val(); - Val* BuildTSIG_Val(); + Val* BuildTSIG_Val(struct TSIG_DATA*); Val* BuildRRSIG_Val(struct RRSIG_DATA*); Val* BuildDNSKEY_Val(struct DNSKEY_DATA*); Val* BuildNSEC3_Val(struct NSEC3_DATA*); @@ -214,10 +214,6 @@ public: ///< identical answer, there may be problems // uint32* addr; ///< cache value to pass back results ///< for forward lookups - - // More values for spesific DNS types. - //struct EDNS_ADDITIONAL* edns; - struct TSIG_DATA* tsig; }; diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index bb81eaa1fd..62fd36c0da 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -78,10 +78,11 @@ void File_Analyzer::Identify() string match = matches.empty() ? "" : *(matches.begin()->second.begin()); - ConnectionEvent(file_transferred, { - BuildConnVal(), - new StringVal(buffer_len, buffer), - new StringVal(""), - new StringVal(match), - }); + if ( file_transferred ) + ConnectionEventFast(file_transferred, { + BuildConnVal(), + new StringVal(buffer_len, buffer), + new StringVal(""), + new StringVal(match), + }); } diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 0f7cec2677..fcc778f151 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -68,7 +68,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( finger_request ) { - ConnectionEvent(finger_request, { + ConnectionEventFast(finger_request, { BuildConnVal(), val_mgr->GetBool(long_cnt), new StringVal(at - line, line), @@ -87,7 +87,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( ! finger_reply ) return; - ConnectionEvent(finger_reply, { + ConnectionEventFast(finger_reply, { BuildConnVal(), new StringVal(end_of_line - line, line), }); diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index dc6e14bf63..0b0ebadf03 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -59,9 +59,9 @@ void Gnutella_Analyzer::Done() if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { if ( Established() && gnutella_establish ) - ConnectionEvent(gnutella_establish, {BuildConnVal()}); + ConnectionEventFast(gnutella_establish, {BuildConnVal()}); else if ( ! Established () && gnutella_not_establish ) - ConnectionEvent(gnutella_not_establish, {BuildConnVal()}); + ConnectionEventFast(gnutella_not_establish, {BuildConnVal()}); } if ( gnutella_partial_binary_msg ) @@ -72,7 +72,7 @@ void Gnutella_Analyzer::Done() { if ( ! p->msg_sent && p->msg_pos ) { - ConnectionEvent(gnutella_partial_binary_msg, { + ConnectionEventFast(gnutella_partial_binary_msg, { BuildConnVal(), new StringVal(p->msg), val_mgr->GetBool((i == 0)), @@ -121,7 +121,7 @@ int Gnutella_Analyzer::IsHTTP(string header) if ( gnutella_http_notify ) { - ConnectionEvent(gnutella_http_notify, {BuildConnVal()}); + ConnectionEventFast(gnutella_http_notify, {BuildConnVal()}); } analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); @@ -181,7 +181,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { if ( gnutella_text_msg ) { - ConnectionEvent(gnutella_text_msg, { + ConnectionEventFast(gnutella_text_msg, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(ms->headers.data()), @@ -195,7 +195,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { sent_establish = 1; - ConnectionEvent(gnutella_establish, {BuildConnVal()}); + ConnectionEventFast(gnutella_establish, {BuildConnVal()}); } } } @@ -221,7 +221,7 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) if ( gnutella_binary_msg ) { - ConnectionEvent(gnutella_binary_msg, { + ConnectionEventFast(gnutella_binary_msg, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(p->msg_type), diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 6087f7b43d..cc6403cb3e 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -646,7 +646,7 @@ void HTTP_Message::Done(const int interrupted, const char* detail) if ( http_message_done ) { - GetAnalyzer()->ConnectionEvent(http_message_done, { + GetAnalyzer()->ConnectionEventFast(http_message_done, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), BuildMessageStat(interrupted, detail), @@ -679,7 +679,7 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) if ( http_begin_entity ) { - analyzer->ConnectionEvent(http_begin_entity, { + analyzer->ConnectionEventFast(http_begin_entity, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), }); @@ -696,7 +696,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) if ( http_end_entity ) { - analyzer->ConnectionEvent(http_end_entity, { + analyzer->ConnectionEventFast(http_end_entity, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), }); @@ -737,7 +737,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { if ( http_all_headers ) { - analyzer->ConnectionEvent(http_all_headers, { + analyzer->ConnectionEventFast(http_all_headers, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), BuildHeaderTable(hlist), @@ -751,7 +751,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) ty->Ref(); subty->Ref(); - analyzer->ConnectionEvent(http_content_type, { + analyzer->ConnectionEventFast(http_content_type, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), ty, @@ -1183,7 +1183,7 @@ void HTTP_Analyzer::GenStats() r->Assign(3, new Val(reply_version, TYPE_DOUBLE)); // DEBUG_MSG("%.6f http_stats\n", network_time); - ConnectionEvent(http_stats, {BuildConnVal(), r}); + ConnectionEventFast(http_stats, {BuildConnVal(), r}); } } @@ -1381,7 +1381,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail) if ( http_event ) { // DEBUG_MSG("%.6f http_event\n", network_time); - ConnectionEvent(http_event, { + ConnectionEventFast(http_event, { BuildConnVal(), new StringVal(category), detail, @@ -1424,7 +1424,7 @@ void HTTP_Analyzer::HTTP_Request() Ref(request_method); // DEBUG_MSG("%.6f http_request\n", network_time); - ConnectionEvent(http_request, { + ConnectionEventFast(http_request, { BuildConnVal(), request_method, TruncateURI(request_URI->AsStringVal()), @@ -1438,7 +1438,7 @@ void HTTP_Analyzer::HTTP_Reply() { if ( http_reply ) { - ConnectionEvent(http_reply, { + ConnectionEventFast(http_reply, { BuildConnVal(), new StringVal(fmt("%.1f", reply_version)), val_mgr->GetCount(reply_code), @@ -1517,7 +1517,7 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) if ( http_connection_upgrade ) { - ConnectionEvent(http_connection_upgrade, { + ConnectionEventFast(http_connection_upgrade, { BuildConnVal(), new StringVal(upgrade_protocol), }); @@ -1693,7 +1693,7 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h) if ( DEBUG_http ) DEBUG_MSG("%.6f http_header\n", network_time); - ConnectionEvent(http_header, { + ConnectionEventFast(http_header, { BuildConnVal(), val_mgr->GetBool(is_orig), mime::new_string_val(h->get_name())->ToUpper(), @@ -1827,7 +1827,7 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data) { if ( http_entity_data ) { - ConnectionEvent(http_entity_data, { + ConnectionEventFast(http_entity_data, { BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(entity_data->Len()), diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index a740ac8848..0acbbd9731 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -199,7 +199,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { if ( icmp_sent ) { - ConnectionEvent(icmp_sent, { + ConnectionEventFast(icmp_sent, { BuildConnVal(), BuildICMPVal(icmpp, len, icmpv6, ip_hdr), }); @@ -209,7 +209,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { BroString* payload = new BroString(data, min(len, caplen), 0); - ConnectionEvent(icmp_sent_payload, { + ConnectionEventFast(icmp_sent_payload, { BuildConnVal(), BuildICMPVal(icmpp, len, icmpv6, ip_hdr), new StringVal(payload), @@ -512,7 +512,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, BroString* payload = new BroString(data, caplen, 0); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), val_mgr->GetCount(iid), @@ -526,6 +526,10 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_router_advertisement; + + if ( ! f ) + return; + uint32 reachable = 0, retrans = 0; if ( caplen >= (int)sizeof(reachable) ) @@ -536,7 +540,7 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(reachable) + sizeof(retrans); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), val_mgr->GetCount(icmpp->icmp_num_addrs), // Cur Hop Limit @@ -558,6 +562,10 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_advertisement; + + if ( ! f ) + return; + IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) @@ -565,7 +573,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(in6_addr); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80), // Router @@ -581,6 +589,10 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_solicitation; + + if ( ! f ) + return; + IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) @@ -588,7 +600,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(in6_addr); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), new AddrVal(tgtaddr), @@ -601,6 +613,10 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_redirect; + + if ( ! f ) + return; + IPAddr tgtaddr, dstaddr; if ( caplen >= (int)sizeof(in6_addr) ) @@ -611,7 +627,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, int opt_offset = 2 * sizeof(in6_addr); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), new AddrVal(tgtaddr), @@ -626,7 +642,10 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, { EventHandlerPtr f = icmp_router_solicitation; - ConnectionEvent(f, { + if ( ! f ) + return; + + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), BuildNDOptionsVal(caplen, data), @@ -652,7 +671,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, if ( f ) { - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 0, ip_hdr), val_mgr->GetCount(icmpp->icmp_code), @@ -692,7 +711,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, if ( f ) { - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), val_mgr->GetCount(icmpp->icmp_code), diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index ba32968c3b..ba00d9215b 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -83,7 +83,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) Weird("ident_request_addendum", s.CheckString()); } - ConnectionEvent(ident_request, { + ConnectionEventFast(ident_request, { BuildConnVal(), val_mgr->GetPort(local_port, TRANSPORT_TCP), val_mgr->GetPort(remote_port, TRANSPORT_TCP), @@ -143,12 +143,13 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) if ( is_error ) { - ConnectionEvent(ident_error, { - BuildConnVal(), - val_mgr->GetPort(local_port, TRANSPORT_TCP), - val_mgr->GetPort(remote_port, TRANSPORT_TCP), - new StringVal(end_of_line - line, line), - }); + if ( ident_error ) + ConnectionEventFast(ident_error, { + BuildConnVal(), + val_mgr->GetPort(local_port, TRANSPORT_TCP), + val_mgr->GetPort(remote_port, TRANSPORT_TCP), + new StringVal(end_of_line - line, line), + }); } else @@ -176,7 +177,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = skip_whitespace(colon + 1, end_of_line); - ConnectionEvent(ident_reply, { + ConnectionEventFast(ident_reply, { BuildConnVal(), val_mgr->GetPort(local_port, TRANSPORT_TCP), val_mgr->GetPort(remote_port, TRANSPORT_TCP), diff --git a/src/analyzer/protocol/imap/imap-analyzer.pac b/src/analyzer/protocol/imap/imap-analyzer.pac index 353aadb7ce..ac1652086e 100644 --- a/src/analyzer/protocol/imap/imap-analyzer.pac +++ b/src/analyzer/protocol/imap/imap-analyzer.pac @@ -43,7 +43,9 @@ refine connection IMAP_Conn += { if ( commands == "ok" ) { bro_analyzer()->StartTLS(); - BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn()); + + if ( imap_starttls ) + BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn()); } else reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS"); @@ -54,6 +56,9 @@ refine connection IMAP_Conn += { function proc_server_capability(capabilities: Capability[]): bool %{ + if ( ! imap_capabilities ) + return true; + VectorVal* capv = new VectorVal(internal_type("string_vec")->AsVectorType()); for ( unsigned int i = 0; i< capabilities->size(); i++ ) { diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 39749a0deb..057280a0fa 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -241,16 +241,18 @@ void InterConn_Analyzer::StatTimer(double t, int is_expire) void InterConn_Analyzer::StatEvent() { - Conn()->ConnectionEvent(interconn_stats, this, { - Conn()->BuildConnVal(), - orig_endp->BuildStats(), - resp_endp->BuildStats(), - }); + if ( interconn_stats ) + Conn()->ConnectionEventFast(interconn_stats, this, { + Conn()->BuildConnVal(), + orig_endp->BuildStats(), + resp_endp->BuildStats(), + }); } void InterConn_Analyzer::RemoveEvent() { - Conn()->ConnectionEvent(interconn_remove_conn, this, {Conn()->BuildConnVal()}); + if ( interconn_remove_conn ) + Conn()->ConnectionEventFast(interconn_remove_conn, this, {Conn()->BuildConnVal()}); } InterConnTimer::InterConnTimer(double t, InterConn_Analyzer* a) diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index cd48d8469c..c5db109434 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -233,7 +233,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - ConnectionEvent(irc_network_info, { + ConnectionEventFast(irc_network_info, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetInt(users), @@ -281,7 +281,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - ConnectionEvent(irc_names_info, { + ConnectionEventFast(irc_names_info, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(type.c_str()), @@ -315,7 +315,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // else ### } - ConnectionEvent(irc_server_info, { + ConnectionEventFast(irc_server_info, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetInt(users), @@ -337,7 +337,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[i] == ":channels" ) channels = atoi(parts[i - 1].c_str()); - ConnectionEvent(irc_channel_info, { + ConnectionEventFast(irc_channel_info, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetInt(channels), @@ -369,7 +369,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) break; } - ConnectionEvent(irc_global_users, { + ConnectionEventFast(irc_global_users, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(eop - prefix, prefix), @@ -412,7 +412,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vl.append(new StringVal(real_name.c_str())); - ConnectionEvent(irc_whois_user_line, std::move(vl)); + ConnectionEventFast(irc_whois_user_line, std::move(vl)); } break; @@ -433,7 +433,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } - ConnectionEvent(irc_whois_operator_line, { + ConnectionEventFast(irc_whois_operator_line, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[0].c_str()), @@ -472,7 +472,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - ConnectionEvent(irc_whois_channel_line, { + ConnectionEventFast(irc_whois_channel_line, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(nick.c_str()), @@ -503,7 +503,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( *t == ':' ) ++t; - ConnectionEvent(irc_channel_topic, { + ConnectionEventFast(irc_channel_topic, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[1].c_str()), @@ -537,7 +537,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[7][0] == ':' ) parts[7] = parts[7].substr(1); - ConnectionEvent(irc_who_line, { + ConnectionEventFast(irc_who_line, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[0].c_str()), @@ -560,7 +560,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 436: if ( irc_invalid_nick ) { - ConnectionEvent(irc_invalid_nick, { + ConnectionEventFast(irc_invalid_nick, { BuildConnVal(), val_mgr->GetBool(orig), }); @@ -572,7 +572,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 491: // user is not operator if ( irc_oper_response ) { - ConnectionEvent(irc_oper_response, { + ConnectionEventFast(irc_oper_response, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetBool(code == 381), @@ -587,13 +587,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) // All other server replies. default: - ConnectionEvent(irc_reply, { - BuildConnVal(), - val_mgr->GetBool(orig), - new StringVal(prefix.c_str()), - val_mgr->GetCount(code), - new StringVal(params.c_str()), - }); + if ( irc_reply ) + ConnectionEventFast(irc_reply, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + val_mgr->GetCount(code), + new StringVal(params.c_str()), + }); break; } return; @@ -657,30 +658,32 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } - ConnectionEvent(irc_dcc_message, { - BuildConnVal(), - val_mgr->GetBool(orig), - new StringVal(prefix.c_str()), - new StringVal(target.c_str()), - new StringVal(parts[1].c_str()), - new StringVal(parts[2].c_str()), - new AddrVal(htonl(raw_ip)), - val_mgr->GetCount(atoi(parts[4].c_str())), - parts.size() >= 6 ? - val_mgr->GetCount(atoi(parts[5].c_str())) : - val_mgr->GetCount(0), - }); + if ( irc_dcc_message ) + ConnectionEventFast(irc_dcc_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(parts[1].c_str()), + new StringVal(parts[2].c_str()), + new AddrVal(htonl(raw_ip)), + val_mgr->GetCount(atoi(parts[4].c_str())), + parts.size() >= 6 ? + val_mgr->GetCount(atoi(parts[5].c_str())) : + val_mgr->GetCount(0), + }); } else { - ConnectionEvent(irc_privmsg_message, { - BuildConnVal(), - val_mgr->GetBool(orig), - new StringVal(prefix.c_str()), - new StringVal(target.c_str()), - new StringVal(message.c_str()), - }); + if ( irc_privmsg_message ) + ConnectionEventFast(irc_privmsg_message, { + BuildConnVal(), + val_mgr->GetBool(orig), + new StringVal(prefix.c_str()), + new StringVal(target.c_str()), + new StringVal(message.c_str()), + }); } } @@ -699,7 +702,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - ConnectionEvent(irc_notice_message, { + ConnectionEventFast(irc_notice_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -723,7 +726,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( message[0] == ':' ) message = message.substr(1); - ConnectionEvent(irc_squery_message, { + ConnectionEventFast(irc_squery_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -763,7 +766,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) const char* name = realname.c_str(); vl.append(new StringVal(*name == ':' ? name + 1 : name)); - ConnectionEvent(irc_user_message, std::move(vl)); + ConnectionEventFast(irc_user_message, std::move(vl)); } else if ( irc_oper_message && command == "OPER" ) @@ -772,7 +775,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); if ( parts.size() == 2 ) { - ConnectionEvent(irc_oper_message, { + ConnectionEventFast(irc_oper_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(parts[0].c_str()), @@ -814,7 +817,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else vl.append(val_mgr->GetEmptyString()); - ConnectionEvent(irc_kick_message, std::move(vl)); + ConnectionEventFast(irc_kick_message, std::move(vl)); } else if ( irc_join_message && command == "JOIN" ) @@ -862,7 +865,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - ConnectionEvent(irc_join_message, { + ConnectionEventFast(irc_join_message, { BuildConnVal(), val_mgr->GetBool(orig), list, @@ -923,7 +926,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(info); } - ConnectionEvent(irc_join_message, { + ConnectionEventFast(irc_join_message, { BuildConnVal(), val_mgr->GetBool(orig), list, @@ -963,7 +966,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) Unref(idx); } - ConnectionEvent(irc_part_message, { + ConnectionEventFast(irc_part_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(nick.c_str()), @@ -986,7 +989,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nickname = prefix.substr(0, pos); } - ConnectionEvent(irc_quit_message, { + ConnectionEventFast(irc_quit_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(nickname.c_str()), @@ -1000,7 +1003,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( nick[0] == ':' ) nick = nick.substr(1); - ConnectionEvent(irc_nick_message, { + ConnectionEventFast(irc_nick_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1025,7 +1028,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts.size() > 0 && parts[0].size() > 0 && parts[0][0] == ':' ) parts[0] = parts[0].substr(1); - ConnectionEvent(irc_who_message, { + ConnectionEventFast(irc_who_message, { BuildConnVal(), val_mgr->GetBool(orig), parts.size() > 0 ? @@ -1055,7 +1058,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else users = parts[0]; - ConnectionEvent(irc_whois_message, { + ConnectionEventFast(irc_whois_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(server.c_str()), @@ -1068,7 +1071,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( params[0] == ':' ) params = params.substr(1); - ConnectionEvent(irc_error_message, { + ConnectionEventFast(irc_error_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1084,7 +1087,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( parts[1].size() > 0 && parts[1][0] == ':' ) parts[1] = parts[1].substr(1); - ConnectionEvent(irc_invite_message, { + ConnectionEventFast(irc_invite_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1100,7 +1103,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( params.size() > 0 ) { - ConnectionEvent(irc_mode_message, { + ConnectionEventFast(irc_mode_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1114,7 +1117,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else if ( irc_password_message && command == "PASS" ) { - ConnectionEvent(irc_password_message, { + ConnectionEventFast(irc_password_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(params.c_str()), @@ -1136,7 +1139,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); } - ConnectionEvent(irc_squit_message, { + ConnectionEventFast(irc_squit_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1150,7 +1153,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_request ) { - ConnectionEvent(irc_request, { + ConnectionEventFast(irc_request, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1164,7 +1167,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_message ) { - ConnectionEvent(irc_message, { + ConnectionEventFast(irc_message, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(prefix.c_str()), @@ -1199,7 +1202,8 @@ void IRC_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - ConnectionEvent(irc_starttls, {BuildConnVal()}); + if ( irc_starttls ) + ConnectionEventFast(irc_starttls, {BuildConnVal()}); } vector IRC_Analyzer::SplitWords(const string input, const char split) diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 326c126ae9..31aba64755 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -289,7 +289,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) { if ( authentication_skipped ) { - ConnectionEvent(authentication_skipped, {BuildConnVal()}); + ConnectionEventFast(authentication_skipped, {BuildConnVal()}); } state = LOGIN_STATE_SKIP; @@ -332,7 +332,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_terminal && streq(name, "TERM") ) { - ConnectionEvent(login_terminal, { + ConnectionEventFast(login_terminal, { BuildConnVal(), new StringVal(val), }); @@ -340,7 +340,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_display && streq(name, "DISPLAY") ) { - ConnectionEvent(login_display, { + ConnectionEventFast(login_display, { BuildConnVal(), new StringVal(val), }); @@ -348,7 +348,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_prompt && streq(name, "TTYPROMPT") ) { - ConnectionEvent(login_prompt, { + ConnectionEventFast(login_prompt, { BuildConnVal(), new StringVal(val), }); @@ -425,7 +425,7 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, Val* password = HaveTypeahead() ? PopUserTextVal() : new StringVal(""); - ConnectionEvent(f, { + ConnectionEventFast(f, { BuildConnVal(), username->Ref(), client_name ? client_name->Ref() : val_mgr->GetEmptyString(), @@ -444,7 +444,10 @@ const char* Login_Analyzer::GetUsername(const char* line) const void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line) { - ConnectionEvent(f, { + if ( ! f ) + return; + + ConnectionEventFast(f, { BuildConnVal(), new StringVal(line), }); @@ -457,7 +460,7 @@ void Login_Analyzer::Confused(const char* msg, const char* line) if ( login_confused ) { - ConnectionEvent(login_confused, { + ConnectionEventFast(login_confused, { BuildConnVal(), new StringVal(msg), new StringVal(line), @@ -483,7 +486,7 @@ void Login_Analyzer::ConfusionText(const char* line) { if ( login_confused_text ) { - ConnectionEvent(login_confused_text, { + ConnectionEventFast(login_confused_text, { BuildConnVal(), new StringVal(line), }); diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 53ad3c202d..ea651ece42 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -461,7 +461,7 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len) { if ( login_terminal ) { - ConnectionEvent(login_terminal, { + ConnectionEventFast(login_terminal, { BuildConnVal(), new StringVal(new BroString(terminal, len, 0)), }); diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 4688bf9280..b3cca3f5c4 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -183,11 +183,11 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) else vl.append(val_mgr->GetFalse()); - ConnectionEvent(rsh_request, std::move(vl)); + ConnectionEventFast(rsh_request, std::move(vl)); } else - ConnectionEvent(rsh_reply, std::move(vl)); + ConnectionEventFast(rsh_reply, std::move(vl)); } void Rsh_Analyzer::ClientUserName(const char* s) diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 10d9e23e91..0c7386e59f 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -244,7 +244,7 @@ void Rlogin_Analyzer::TerminalType(const char* s) { if ( login_terminal ) { - ConnectionEvent(login_terminal, { + ConnectionEventFast(login_terminal, { BuildConnVal(), new StringVal(s), }); diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index edb5316bac..35b9832020 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1358,7 +1358,7 @@ void MIME_Mail::Done() hash_final(md5_hash, digest); md5_hash = nullptr; - analyzer->ConnectionEvent(mime_content_hash, { + analyzer->ConnectionEventFast(mime_content_hash, { analyzer->BuildConnVal(), val_mgr->GetCount(content_hash_length), new StringVal(new BroString(1, digest, 16)), @@ -1386,7 +1386,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */) cur_entity_id.clear(); if ( mime_begin_entity ) - analyzer->ConnectionEvent(mime_begin_entity, {analyzer->BuildConnVal()}); + analyzer->ConnectionEventFast(mime_begin_entity, {analyzer->BuildConnVal()}); buffer_start = data_start = 0; ASSERT(entity_content.size() == 0); @@ -1398,8 +1398,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) { BroString* s = concatenate(entity_content); - - analyzer->ConnectionEvent(mime_entity_data, { + analyzer->ConnectionEventFast(mime_entity_data, { analyzer->BuildConnVal(), val_mgr->GetCount(s->Len()), new StringVal(s), @@ -1412,7 +1411,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) } if ( mime_end_entity ) - analyzer->ConnectionEvent(mime_end_entity, {analyzer->BuildConnVal()}); + analyzer->ConnectionEventFast(mime_end_entity, {analyzer->BuildConnVal()}); file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); @@ -1422,7 +1421,7 @@ void MIME_Mail::SubmitHeader(MIME_Header* h) { if ( mime_one_header ) { - analyzer->ConnectionEvent(mime_one_header, { + analyzer->ConnectionEventFast(mime_one_header, { analyzer->BuildConnVal(), BuildHeaderVal(h), }); @@ -1433,7 +1432,7 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist) { if ( mime_all_headers ) { - analyzer->ConnectionEvent(mime_all_headers, { + analyzer->ConnectionEventFast(mime_all_headers, { analyzer->BuildConnVal(), BuildHeaderTable(hlist), }); @@ -1470,7 +1469,7 @@ void MIME_Mail::SubmitData(int len, const char* buf) const char* data = (char*) data_buffer->Bytes() + data_start; int data_len = (buf + len) - data; - analyzer->ConnectionEvent(mime_segment_data, { + analyzer->ConnectionEventFast(mime_segment_data, { analyzer->BuildConnVal(), val_mgr->GetCount(data_len), new StringVal(data_len, data), @@ -1517,7 +1516,7 @@ void MIME_Mail::SubmitAllData() BroString* s = concatenate(all_content); delete_strings(all_content); - analyzer->ConnectionEvent(mime_all_data, { + analyzer->ConnectionEventFast(mime_all_data, { analyzer->BuildConnVal(), val_mgr->GetCount(s->Len()), new StringVal(s), @@ -1546,7 +1545,7 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) if ( mime_event ) { - analyzer->ConnectionEvent(mime_event, { + analyzer->ConnectionEventFast(mime_event, { analyzer->BuildConnVal(), new StringVal(category), new StringVal(detail), diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index ceb480292b..de13e4a6e7 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -63,7 +63,7 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) { if ( frame->is_orig() ) { - analyzer->ConnectionEvent(f, { + analyzer->ConnectionEventFast(f, { analyzer->BuildConnVal(), val_mgr->GetCount(frame->frame_type()), val_mgr->GetCount(frame->body_length()), @@ -72,7 +72,7 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) } else { - analyzer->ConnectionEvent(f, { + analyzer->ConnectionEventFast(f, { analyzer->BuildConnVal(), val_mgr->GetCount(frame->frame_type()), val_mgr->GetCount(frame->body_length()), diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 5dc07f7d0d..c643f8ced7 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -58,7 +58,7 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { if ( netbios_session_message ) { - analyzer->ConnectionEvent(netbios_session_message, { + analyzer->ConnectionEventFast(netbios_session_message, { analyzer->BuildConnVal(), val_mgr->GetBool(is_query), val_mgr->GetCount(type), @@ -330,14 +330,14 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, if ( is_orig >= 0 ) { - analyzer->ConnectionEvent(event, { + analyzer->ConnectionEventFast(event, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(new BroString(data, len, 0)), }); } else - analyzer->ConnectionEvent(event, { + analyzer->ConnectionEventFast(event, { analyzer->BuildConnVal(), new StringVal(new BroString(data, len, 0)), }); diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac index c72a9d249a..0f0d842570 100644 --- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac +++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac @@ -94,6 +94,9 @@ refine connection NTLM_Conn += { function proc_ntlm_negotiate(val: NTLM_Negotiate): bool %{ + if ( ! ntlm_negotiate ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Negotiate); result->Assign(0, build_negotiate_flag_record(${val.flags})); @@ -115,6 +118,9 @@ refine connection NTLM_Conn += { function proc_ntlm_challenge(val: NTLM_Challenge): bool %{ + if ( ! ntlm_challenge ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Challenge); result->Assign(0, build_negotiate_flag_record(${val.flags})); @@ -136,6 +142,9 @@ refine connection NTLM_Conn += { function proc_ntlm_authenticate(val: NTLM_Authenticate): bool %{ + if ( ! ntlm_authenticate ) + return true; + RecordVal* result = new RecordVal(BifType::Record::NTLM::Authenticate); result->Assign(0, build_negotiate_flag_record(${val.flags})); diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index 2e6988d13f..a4c147b464 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -62,6 +62,9 @@ void NTP_Analyzer::Message(const u_char* data, int len) len -= sizeof *ntp_data; data += sizeof *ntp_data; + if ( ! ntp_message ) + return; + RecordVal* msg = new RecordVal(ntp_msg); unsigned int code = ntp_data->status & 0x7; @@ -78,7 +81,7 @@ void NTP_Analyzer::Message(const u_char* data, int len) msg->Assign(9, new Val(LongFloat(ntp_data->rec), TYPE_TIME)); msg->Assign(10, new Val(LongFloat(ntp_data->xmt), TYPE_TIME)); - ConnectionEvent(ntp_message, { + ConnectionEventFast(ntp_message, { BuildConnVal(), msg, new StringVal(new BroString(data, len, 0)), diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index e7ccf3907c..d8601ed3ba 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -833,7 +833,8 @@ void POP3_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - ConnectionEvent(pop3_starttls, {BuildConnVal()}); + if ( pop3_starttls ) + ConnectionEventFast(pop3_starttls, {BuildConnVal()}); } void POP3_Analyzer::AuthSuccessfull() @@ -932,5 +933,5 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, if ( arg2 ) vl.append(new StringVal(arg2)); - ConnectionEvent(event, std::move(vl)); + ConnectionEventFast(event, std::move(vl)); } diff --git a/src/analyzer/protocol/rfb/rfb-analyzer.pac b/src/analyzer/protocol/rfb/rfb-analyzer.pac index 39a792ba89..67adba8681 100644 --- a/src/analyzer/protocol/rfb/rfb-analyzer.pac +++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac @@ -1,7 +1,8 @@ refine flow RFB_Flow += { function proc_rfb_message(msg: RFB_PDU): bool %{ - BifEvent::generate_rfb_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn()); + if ( rfb_event ) + BifEvent::generate_rfb_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn()); return true; %} @@ -9,44 +10,51 @@ refine flow RFB_Flow += { %{ if (client) { - BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); + if ( rfb_client_version ) + BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); connection()->bro_analyzer()->ProtocolConfirmation(); } else { - BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); + if ( rfb_server_version ) + BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor)); } return true; %} function proc_rfb_share_flag(shared: bool) : bool %{ - BifEvent::generate_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared); + if ( rfb_share_flag ) + BifEvent::generate_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared); return true; %} function proc_security_types(msg: RFBSecurityTypes) : bool %{ - BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype}); + if ( rfb_authentication_type ) + BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype}); return true; %} function proc_security_types37(msg: RFBAuthTypeSelected) : bool %{ - BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type}); + if ( rfb_authentication_type ) + BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type}); return true; %} function proc_handle_server_params(msg:RFBServerInit) : bool %{ - BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height}); + if ( rfb_server_parameters ) + BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height}); return true; %} function proc_handle_security_result(result : uint32) : bool %{ - BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result); + if ( rfb_auth_result ) + BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result); return true; %} }; diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 1cea8e0211..4473826830 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -95,7 +95,7 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status { auto vl = event_common_vl(c, rpc_status, mount_status, start_time, last_time, reply_len, 0); - analyzer->ConnectionEvent(mount_reply_status, std::move(vl)); + analyzer->ConnectionEventFast(mount_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -173,7 +173,7 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status if ( reply ) vl.append(reply); - analyzer->ConnectionEvent(event, std::move(vl)); + analyzer->ConnectionEventFast(event, std::move(vl)); } else Unref(reply); diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 3453263dd0..089d89ea98 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -149,7 +149,7 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, { auto vl = event_common_vl(c, rpc_status, nfs_status, start_time, last_time, reply_len, 0); - analyzer->ConnectionEvent(nfs_reply_status, std::move(vl)); + analyzer->ConnectionEventFast(nfs_reply_status, std::move(vl)); } if ( ! rpc_success ) @@ -285,7 +285,7 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status, if ( reply ) vl.append(reply); - analyzer->ConnectionEvent(event, std::move(vl)); + analyzer->ConnectionEventFast(event, std::move(vl)); } else Unref(reply); diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 8333f615fa..cb3944519f 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -261,7 +261,7 @@ uint32 PortmapperInterp::CheckPort(uint32 port) { if ( pm_bad_port ) { - analyzer->ConnectionEvent(pm_bad_port, { + analyzer->ConnectionEventFast(pm_bad_port, { analyzer->BuildConnVal(), val_mgr->GetCount(port), }); @@ -300,7 +300,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu vl.append(request); } - analyzer->ConnectionEvent(f, std::move(vl)); + analyzer->ConnectionEventFast(f, std::move(vl)); } Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn) diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 781ba20681..be0be02232 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -330,7 +330,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { if ( rpc_dialogue ) { - analyzer->ConnectionEvent(rpc_dialogue, { + analyzer->ConnectionEventFast(rpc_dialogue, { analyzer->BuildConnVal(), val_mgr->GetCount(c->Program()), val_mgr->GetCount(c->Version()), @@ -347,7 +347,7 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { if ( rpc_call ) { - analyzer->ConnectionEvent(rpc_call, { + analyzer->ConnectionEventFast(rpc_call, { analyzer->BuildConnVal(), val_mgr->GetCount(c->XID()), val_mgr->GetCount(c->Program()), @@ -362,7 +362,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { if ( rpc_reply ) { - analyzer->ConnectionEvent(rpc_reply, { + analyzer->ConnectionEventFast(rpc_reply, { analyzer->BuildConnVal(), val_mgr->GetCount(xid), BifType::Enum::rpc_status->GetVal(status), diff --git a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac index 0cdae1cefb..01eae48d0b 100644 --- a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac @@ -6,8 +6,10 @@ refine connection SMB_Conn += { BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) ) { set_tree_is_pipe(${header.tid}); - BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), - bro_analyzer()->Conn()); + + if ( smb_pipe_connect_heuristic ) + BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), + bro_analyzer()->Conn()); } if ( smb1_nt_create_andx_request ) diff --git a/src/analyzer/protocol/smb/smb1-protocol.pac b/src/analyzer/protocol/smb/smb1-protocol.pac index 4ba86d1b75..d5df7a3fca 100644 --- a/src/analyzer/protocol/smb/smb1-protocol.pac +++ b/src/analyzer/protocol/smb/smb1-protocol.pac @@ -66,9 +66,10 @@ refine connection SMB_Conn += { } else { - BifEvent::generate_smb1_error(bro_analyzer(), - bro_analyzer()->Conn(), - BuildHeaderVal(h), is_orig); + if ( smb1_error ) + BifEvent::generate_smb1_error(bro_analyzer(), + bro_analyzer()->Conn(), + BuildHeaderVal(h), is_orig); } return true; %} diff --git a/src/analyzer/protocol/smb/smb2-com-create.pac b/src/analyzer/protocol/smb/smb2-com-create.pac index 2f7dfc4d26..d3df094f51 100644 --- a/src/analyzer/protocol/smb/smb2-com-create.pac +++ b/src/analyzer/protocol/smb/smb2-com-create.pac @@ -7,8 +7,10 @@ refine connection SMB_Conn += { BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) ) { set_tree_is_pipe(${h.tree_id}); - BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), - bro_analyzer()->Conn()); + + if ( smb_pipe_connect_heuristic ) + BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(), + bro_analyzer()->Conn()); } if ( smb2_create_request ) diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index dff1677fc3..aa049c994b 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -220,7 +220,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( smtp_data && ! skip_data ) { - ConnectionEvent(smtp_data, { + ConnectionEventFast(smtp_data, { BuildConnVal(), val_mgr->GetBool(orig), new StringVal(data_len, line), @@ -350,7 +350,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) break; } - ConnectionEvent(smtp_reply, { + ConnectionEventFast(smtp_reply, { BuildConnVal(), val_mgr->GetBool(orig), val_mgr->GetCount(reply_code), @@ -410,7 +410,8 @@ void SMTP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); - ConnectionEvent(smtp_starttls, {BuildConnVal()}); + if ( smtp_starttls ) + ConnectionEventFast(smtp_starttls, {BuildConnVal()}); } @@ -852,12 +853,14 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, int arg_len, const char* arg) { ProtocolConfirmation(); - ConnectionEvent(smtp_request, { - BuildConnVal(), - val_mgr->GetBool(orig_is_sender), - (new StringVal(cmd_len, cmd))->ToUpper(), - new StringVal(arg_len, arg), - }); + + if ( smtp_request ) + ConnectionEventFast(smtp_request, { + BuildConnVal(), + val_mgr->GetBool(orig_is_sender), + (new StringVal(cmd_len, cmd))->ToUpper(), + new StringVal(arg_len, arg), + }); } void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, @@ -872,7 +875,7 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg, if ( ! orig_is_sender ) is_orig = ! is_orig; - ConnectionEvent(smtp_unexpected, { + ConnectionEventFast(smtp_unexpected, { BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(msg), diff --git a/src/analyzer/protocol/socks/socks-analyzer.pac b/src/analyzer/protocol/socks/socks-analyzer.pac index f625851d0a..b0ec62e2b9 100644 --- a/src/analyzer/protocol/socks/socks-analyzer.pac +++ b/src/analyzer/protocol/socks/socks-analyzer.pac @@ -22,18 +22,22 @@ refine connection SOCKS_Conn += { function socks4_request(request: SOCKS4_Request): bool %{ - RecordVal* sa = new RecordVal(socks_address); - sa->Assign(0, new AddrVal(htonl(${request.addr}))); - if ( ${request.v4a} ) - sa->Assign(1, array_to_string(${request.name})); + if ( socks_request ) + { + RecordVal* sa = new RecordVal(socks_address); + sa->Assign(0, new AddrVal(htonl(${request.addr}))); - BifEvent::generate_socks_request(bro_analyzer(), - bro_analyzer()->Conn(), - 4, - ${request.command}, - sa, - val_mgr->GetPort(${request.port}, TRANSPORT_TCP), - array_to_string(${request.user})); + if ( ${request.v4a} ) + sa->Assign(1, array_to_string(${request.name})); + + BifEvent::generate_socks_request(bro_analyzer(), + bro_analyzer()->Conn(), + 4, + ${request.command}, + sa, + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), + array_to_string(${request.user})); + } static_cast(bro_analyzer())->EndpointDone(true); @@ -42,15 +46,18 @@ refine connection SOCKS_Conn += { function socks4_reply(reply: SOCKS4_Reply): bool %{ - RecordVal* sa = new RecordVal(socks_address); - sa->Assign(0, new AddrVal(htonl(${reply.addr}))); + if ( socks_reply ) + { + RecordVal* sa = new RecordVal(socks_address); + sa->Assign(0, new AddrVal(htonl(${reply.addr}))); - BifEvent::generate_socks_reply(bro_analyzer(), - bro_analyzer()->Conn(), - 4, - ${reply.status}, - sa, - val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + BifEvent::generate_socks_reply(bro_analyzer(), + bro_analyzer()->Conn(), + 4, + ${reply.status}, + sa, + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + } bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); @@ -97,13 +104,16 @@ refine connection SOCKS_Conn += { return false; } - BifEvent::generate_socks_request(bro_analyzer(), - bro_analyzer()->Conn(), - 5, - ${request.command}, - sa, - val_mgr->GetPort(${request.port}, TRANSPORT_TCP), - val_mgr->GetEmptyString()); + if ( socks_request ) + BifEvent::generate_socks_request(bro_analyzer(), + bro_analyzer()->Conn(), + 5, + ${request.command}, + sa, + val_mgr->GetPort(${request.port}, TRANSPORT_TCP), + val_mgr->GetEmptyString()); + else + Unref(sa); static_cast(bro_analyzer())->EndpointDone(true); @@ -136,12 +146,15 @@ refine connection SOCKS_Conn += { return false; } - BifEvent::generate_socks_reply(bro_analyzer(), - bro_analyzer()->Conn(), - 5, - ${reply.reply}, - sa, - val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + if ( socks_reply ) + BifEvent::generate_socks_reply(bro_analyzer(), + bro_analyzer()->Conn(), + 5, + ${reply.reply}, + sa, + val_mgr->GetPort(${reply.port}, TRANSPORT_TCP)); + else + Unref(sa); bro_analyzer()->ProtocolConfirmation(); static_cast(bro_analyzer())->EndpointDone(false); @@ -150,6 +163,9 @@ refine connection SOCKS_Conn += { function socks5_auth_request_userpass(request: SOCKS5_Auth_Request_UserPass_v1): bool %{ + if ( ! socks_login_userpass_request ) + return true; + StringVal* user = new StringVal(${request.username}.length(), (const char*) ${request.username}.begin()); StringVal* pass = new StringVal(${request.password}.length(), (const char*) ${request.password}.begin()); @@ -173,9 +189,10 @@ refine connection SOCKS_Conn += { function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool %{ - BifEvent::generate_socks_login_userpass_reply(bro_analyzer(), - bro_analyzer()->Conn(), - ${reply.code}); + if ( socks_login_userpass_reply ) + BifEvent::generate_socks_login_userpass_reply(bro_analyzer(), + bro_analyzer()->Conn(), + ${reply.code}); return true; %} diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index bf35218873..7d23ecc75e 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -17,8 +17,8 @@ refine connection SSL_Conn += { function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool %{ - BifEvent::generate_ssl_established(bro_analyzer(), - bro_analyzer()->Conn()); + if ( ssl_established ) + BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); return true; %} diff --git a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac index d92f850d28..56573fd48e 100644 --- a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac @@ -31,8 +31,9 @@ refine connection SSL_Conn += { function proc_alert(rec: SSLRecord, level : int, desc : int) : bool %{ - BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, level, desc); + if ( ssl_alert ) + BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, level, desc); return true; %} function proc_unknown_record(rec: SSLRecord) : bool @@ -50,8 +51,8 @@ refine connection SSL_Conn += { established_ == false ) { established_ = true; - BifEvent::generate_ssl_established(bro_analyzer(), - bro_analyzer()->Conn()); + if ( ssl_established ) + BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); } if ( ssl_encrypted_data ) @@ -72,9 +73,10 @@ refine connection SSL_Conn += { function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool %{ - BifEvent::generate_ssl_heartbeat(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, - new StringVal(data.length(), (const char*) data.data())); + if ( ssl_heartbeat ) + BifEvent::generate_ssl_heartbeat(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, + new StringVal(data.length(), (const char*) data.data())); return true; %} @@ -93,8 +95,9 @@ refine connection SSL_Conn += { function proc_ccs(rec: SSLRecord) : bool %{ - BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}); + if ( ssl_change_cipher_spec ) + BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}); return true; %} diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 5cf250c366..ecaaf8c20d 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -72,6 +72,9 @@ refine connection Handshake_Conn += { function proc_ec_point_formats(rec: HandshakeRecord, point_format_list: uint8[]) : bool %{ + if ( ! ssl_extension_ec_point_formats ) + return true; + VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( point_format_list ) @@ -88,6 +91,9 @@ refine connection Handshake_Conn += { function proc_elliptic_curves(rec: HandshakeRecord, list: uint16[]) : bool %{ + if ( ! ssl_extension_elliptic_curves ) + return true; + VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( list ) @@ -104,6 +110,9 @@ refine connection Handshake_Conn += { function proc_client_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry[]) : bool %{ + if ( ! ssl_extension_key_share ) + return true; + VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( keyshare ) @@ -113,11 +122,15 @@ refine connection Handshake_Conn += { } BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist); + return true; %} function proc_server_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry) : bool %{ + if ( ! ssl_extension_key_share ) + return true; + VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType()); nglist->Assign(0u, val_mgr->GetCount(keyshare->namedgroup())); @@ -127,6 +140,9 @@ refine connection Handshake_Conn += { function proc_signature_algorithm(rec: HandshakeRecord, supported_signature_algorithms: SignatureAndHashAlgorithm[]) : bool %{ + if ( ! ssl_extension_signature_algorithm ) + return true; + VectorVal* slist = new VectorVal(internal_type("signature_and_hashalgorithm_vec")->AsVectorType()); if ( supported_signature_algorithms ) @@ -147,6 +163,9 @@ refine connection Handshake_Conn += { function proc_apnl(rec: HandshakeRecord, protocols: ProtocolName[]) : bool %{ + if ( ! ssl_extension_application_layer_protocol_negotiation ) + return true; + VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType()); if ( protocols ) @@ -183,14 +202,20 @@ refine connection Handshake_Conn += { } } - BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, servers); + if ( ssl_extension_server_name ) + BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, servers); + else + Unref(servers); return true; %} function proc_supported_versions(rec: HandshakeRecord, versions_list: uint16[]) : bool %{ + if ( ! ssl_extension_supported_versions ) + return true; + VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( versions_list ) @@ -207,6 +232,9 @@ refine connection Handshake_Conn += { function proc_one_supported_version(rec: HandshakeRecord, version: uint16) : bool %{ + if ( ! ssl_extension_supported_versions ) + return true; + VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType()); versions->Assign(0u, val_mgr->GetCount(version)); @@ -218,6 +246,9 @@ refine connection Handshake_Conn += { function proc_psk_key_exchange_modes(rec: HandshakeRecord, mode_list: uint8[]) : bool %{ + if ( ! ssl_extension_psk_key_exchange_modes ) + return true; + VectorVal* modes = new VectorVal(internal_type("index_vec")->AsVectorType()); if ( mode_list ) @@ -272,10 +303,11 @@ refine connection Handshake_Conn += { response.length(), bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), false, file_id, "application/ocsp-response"); - BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, - new StringVal(response.length(), - (const char*) response.data())); + if ( ssl_stapled_ocsp ) + BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), + bro_analyzer()->Conn(), + ${rec.is_orig}, + new StringVal(response.length(), (const char*) response.data())); file_mgr->EndOfFile(file_id); } @@ -288,26 +320,32 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + if ( ssl_server_curve ) + BifEvent::generate_ssl_server_curve(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}); - RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + + if ( ssl_server_signature ) { - ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm})); - } + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + if ( ${kex.signed_params.uses_signature_and_hashalgorithm} ) + { + ha->Assign(0, val_mgr->GetCount(${kex.signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${kex.signed_params.algorithm.SignatureAlgorithm})); + } else - { - // set to impossible value - ha->Assign(0, val_mgr->GetCount(256)); - ha->Assign(1, val_mgr->GetCount(256)); - } + { + // set to impossible value + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); + } - BifEvent::generate_ssl_server_signature(bro_analyzer(), - bro_analyzer()->Conn(), ha, new StringVal(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data())); + BifEvent::generate_ssl_server_signature(bro_analyzer(), + bro_analyzer()->Conn(), ha, new StringVal(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data())); + } return true; %} @@ -317,34 +355,46 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); + if ( ssl_server_curve ) + BifEvent::generate_ssl_server_curve(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}); + + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); return true; %} function proc_rsa_client_key_exchange(rec: HandshakeRecord, rsa_pms: bytestring) : bool %{ - BifEvent::generate_ssl_rsa_client_pms(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(rsa_pms.length(), (const char*)rsa_pms.data())); + if ( ssl_rsa_client_pms ) + BifEvent::generate_ssl_rsa_client_pms(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(rsa_pms.length(), (const char*)rsa_pms.data())); + return true; %} function proc_dh_client_key_exchange(rec: HandshakeRecord, Yc: bytestring) : bool %{ - BifEvent::generate_ssl_dh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(Yc.length(), (const char*)Yc.data())); + if ( ssl_dh_client_params ) + BifEvent::generate_ssl_dh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(Yc.length(), (const char*)Yc.data())); + return true; %} function proc_ecdh_client_key_exchange(rec: HandshakeRecord, point: bytestring) : bool %{ - BifEvent::generate_ssl_ecdh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(point.length(), (const char*)point.data())); + if ( ssl_ecdh_client_params ) + BifEvent::generate_ssl_ecdh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(point.length(), (const char*)point.data())); + return true; %} function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool %{ + if ( ! ssl_extension_signed_certificate_timestamp ) + return true; + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); ha->Assign(0, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm())); ha->Assign(1, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm())); @@ -363,50 +413,56 @@ refine connection Handshake_Conn += { function proc_dhe_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring, signed_params: ServerKeyExchangeSignature) : bool %{ - BifEvent::generate_ssl_dh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), - new StringVal(p.length(), (const char*) p.data()), - new StringVal(g.length(), (const char*) g.data()), - new StringVal(Ys.length(), (const char*) Ys.data()) - ); + if ( ssl_ecdh_server_params ) + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); - RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); - if ( ${signed_params.uses_signature_and_hashalgorithm} ) + if ( ssl_server_signature ) { - ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm})); - ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm})); - } - else - { - // set to impossible value - ha->Assign(0, val_mgr->GetCount(256)); - ha->Assign(1, val_mgr->GetCount(256)); - } + RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm); + if ( ${signed_params.uses_signature_and_hashalgorithm} ) + { + ha->Assign(0, val_mgr->GetCount(${signed_params.algorithm.HashAlgorithm})); + ha->Assign(1, val_mgr->GetCount(${signed_params.algorithm.SignatureAlgorithm})); + } + else + { + // set to impossible value + ha->Assign(0, val_mgr->GetCount(256)); + ha->Assign(1, val_mgr->GetCount(256)); + } - BifEvent::generate_ssl_server_signature(bro_analyzer(), - bro_analyzer()->Conn(), ha, - new StringVal(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data()) - ); + BifEvent::generate_ssl_server_signature(bro_analyzer(), + bro_analyzer()->Conn(), ha, + new StringVal(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data()) + ); + } return true; %} function proc_dh_anon_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool %{ - BifEvent::generate_ssl_dh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), - new StringVal(p.length(), (const char*) p.data()), - new StringVal(g.length(), (const char*) g.data()), - new StringVal(Ys.length(), (const char*) Ys.data()) - ); + if ( ssl_dh_server_params ) + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); return true; %} function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool %{ - BifEvent::generate_ssl_handshake_message(bro_analyzer(), - bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); + if ( ssl_handshake_message ) + BifEvent::generate_ssl_handshake_message(bro_analyzer(), + bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); return true; %} diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index f4b4f78c89..29315faa74 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -140,15 +140,18 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2) return; if ( id2 >= 0 ) - endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); + endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)}); else - endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1)}); + endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1)}); } void SteppingStoneEndpoint::CreateEndpEvent(int is_orig) { - endp->TCP()->ConnectionEvent(stp_create_endp, { + if ( ! stp_create_endp ) + return; + + endp->TCP()->ConnectionEventFast(stp_create_endp, { endp->TCP()->BuildConnVal(), val_mgr->GetInt(stp_id), val_mgr->GetBool(is_orig), diff --git a/src/analyzer/protocol/syslog/syslog-analyzer.pac b/src/analyzer/protocol/syslog/syslog-analyzer.pac index 46e2cc171d..2bbdfd3754 100644 --- a/src/analyzer/protocol/syslog/syslog-analyzer.pac +++ b/src/analyzer/protocol/syslog/syslog-analyzer.pac @@ -11,6 +11,9 @@ flow Syslog_Flow function process_syslog_message(m: Syslog_Message): bool %{ + if ( ! syslog_message ) + return true; + if ( ${m.has_pri} ) BifEvent::generate_syslog_message( connection()->bro_analyzer(), diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index a90e0f32c4..fa2250270a 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -299,7 +299,7 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig, if ( OS_val ) { // found new OS version - tcp->ConnectionEvent(OS_version_found, { + tcp->ConnectionEventFast(OS_version_found, { tcp->BuildConnVal(), src_addr_val->Ref(), OS_val, @@ -965,7 +965,7 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - ConnectionEvent(tcp_packet, { + ConnectionEventFast(tcp_packet, { BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(flags.AsString()), @@ -1280,7 +1280,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( connection_SYN_packet ) { - ConnectionEvent(connection_SYN_packet, { + ConnectionEventFast(connection_SYN_packet, { BuildConnVal(), SYN_vals->Ref(), }); @@ -1500,7 +1500,7 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt, { if ( tcp_option ) { - analyzer->ConnectionEvent(tcp_option, { + analyzer->ConnectionEventFast(tcp_option, { analyzer->BuildConnVal(), val_mgr->GetBool(is_orig), val_mgr->GetCount(opt), @@ -1821,7 +1821,7 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { if ( connection_EOF ) { - ConnectionEvent(connection_EOF, { + ConnectionEventFast(connection_EOF, { BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), }); @@ -2103,7 +2103,7 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, if ( tcp_rexmit ) { - endp->TCP()->ConnectionEvent(tcp_rexmit, { + endp->TCP()->ConnectionEventFast(tcp_rexmit, { endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig()), val_mgr->GetCount(seq), @@ -2158,11 +2158,12 @@ void TCPStats_Analyzer::Done() { TCP_ApplicationAnalyzer::Done(); - ConnectionEvent(conn_stats, { - BuildConnVal(), - orig_stats->BuildStats(), - resp_stats->BuildStats(), - }); + if ( conn_stats ) + ConnectionEventFast(conn_stats, { + BuildConnVal(), + orig_stats->BuildStats(), + resp_stats->BuildStats(), + }); } void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen) diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index ce58398f2d..b588adbe29 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -237,7 +237,7 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_file_write_failure ) { - tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { Conn()->BuildConnVal(), val_mgr->GetBool(IsOrig()), new StringVal(buf), diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 5ad6d2e460..3db1b50352 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -136,7 +136,7 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len) if ( report_gap(endp, endp->peer) ) { - dst_analyzer->ConnectionEvent(content_gap, { + dst_analyzer->ConnectionEventFast(content_gap, { dst_analyzer->BuildConnVal(), val_mgr->GetBool(IsOrig()), val_mgr->GetCount(seq), @@ -335,7 +335,7 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) if ( contents_file_write_failure ) { - tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { Endpoint()->Conn()->BuildConnVal(), val_mgr->GetBool(IsOrig()), new StringVal("TCP reassembler content write failure"), @@ -352,7 +352,7 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) if ( contents_file_write_failure ) { - tcp_analyzer->ConnectionEvent(contents_file_write_failure, { + tcp_analyzer->ConnectionEventFast(contents_file_write_failure, { Endpoint()->Conn()->BuildConnVal(), val_mgr->GetBool(IsOrig()), new StringVal("TCP reassembler gap write failure"), @@ -425,7 +425,7 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - tcp_analyzer->ConnectionEvent(rexmit_inconsistency, { + tcp_analyzer->ConnectionEventFast(rexmit_inconsistency, { tcp_analyzer->BuildConnVal(), new StringVal(b1_s), new StringVal(b2_s), @@ -596,7 +596,7 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data) if ( deliver_tcp_contents ) { - tcp_analyzer->ConnectionEvent(tcp_contents, { + tcp_analyzer->ConnectionEventFast(tcp_contents, { tcp_analyzer->BuildConnVal(), val_mgr->GetBool(IsOrig()), val_mgr->GetCount(seq), diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 6123c42e91..74375e673c 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -157,7 +157,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( do_udp_contents ) { - ConnectionEvent(udp_contents, { + ConnectionEventFast(udp_contents, { BuildConnVal(), val_mgr->GetBool(is_orig), new StringVal(len, (const char*) data), diff --git a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac index 5253ce050b..26a9c69b5b 100644 --- a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac +++ b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac @@ -32,7 +32,8 @@ refine connection XMPP_Conn += { if ( !is_orig && ( token == "proceed" || token_no_ns == "proceed" ) && client_starttls ) { bro_analyzer()->StartTLS(); - BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); + if ( xmpp_starttls ) + BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); } else if ( !is_orig && token == "proceed" ) reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls"); diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index c9d1d7a1e3..96a37490a2 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -1016,7 +1016,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } if ( static_cast(vl.length()) == args.size() ) - mgr.QueueEvent(handler, std::move(vl), SOURCE_BROKER); + mgr.QueueEventFast(handler, std::move(vl), SOURCE_BROKER); else { loop_over_list(vl, i) @@ -1247,6 +1247,9 @@ void Manager::ProcessStatus(broker::status stat) break; } + if ( ! event ) + return; + auto ei = internal_type("Broker::EndpointInfo")->AsRecordType(); auto endpoint_info = new RecordVal(ei); @@ -1275,7 +1278,7 @@ void Manager::ProcessStatus(broker::status stat) auto str = stat.message(); auto msg = new StringVal(str ? *str : ""); - mgr.QueueEvent(event, {endpoint_info, msg}); + mgr.QueueEventFast(event, {endpoint_info, msg}); } void Manager::ProcessError(broker::error err) @@ -1352,7 +1355,7 @@ void Manager::ProcessError(broker::error err) msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); } - mgr.QueueEvent(Broker::error, { + mgr.QueueEventFast(Broker::error, { BifType::Enum::Broker::ErrorCode->GetVal(ec), new StringVal(msg), }); diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index faa6b280b0..b3680c2a2c 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -637,7 +637,7 @@ void File::FileEvent(EventHandlerPtr h, val_list* vl) void File::FileEvent(EventHandlerPtr h, val_list vl) { - mgr.QueueEvent(h, std::move(vl)); + mgr.QueueEventFast(h, std::move(vl)); if ( h == file_new || h == file_over_new_connection || h == file_sniff || diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 134418a476..da6099b1fe 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -443,7 +443,7 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig) EnumVal* tagval = tag.AsEnumVal(); Ref(tagval); - mgr.QueueEvent(get_file_handle, { + mgr.QueueEventFast(get_file_handle, { tagval, c->BuildConnVal(), val_mgr->GetBool(is_orig), diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 8aa688b879..5d692383e1 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -41,7 +41,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) { if ( ! chunk_event ) return true; - mgr.QueueEvent(chunk_event, { + mgr.QueueEventFast(chunk_event, { GetFile()->GetVal()->Ref(), new StringVal(new BroString(data, len, 0)), val_mgr->GetCount(offset), @@ -54,7 +54,7 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len) { if ( ! stream_event ) return true; - mgr.QueueEvent(stream_event, { + mgr.QueueEventFast(stream_event, { GetFile()->GetVal()->Ref(), new StringVal(new BroString(data, len, 0)), }); diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 873b8e2fcf..a0a561a1cc 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -53,6 +53,9 @@ void Entropy::Finalize() if ( ! fed ) return; + if ( ! file_entropy ) + return; + double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; entropy->Get(&ent, &chisq, &mean, &montepi, &scc); @@ -64,7 +67,7 @@ void Entropy::Finalize() ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); - mgr.QueueEvent(file_entropy, { + mgr.QueueEventFast(file_entropy, { GetFile()->GetVal()->Ref(), ent_result, }); diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index 07bcb0babd..7b2ecb5799 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -48,7 +48,10 @@ void Hash::Finalize() if ( ! hash->IsValid() || ! fed ) return; - mgr.QueueEvent(file_hash, { + if ( ! file_hash ) + return; + + mgr.QueueEventFast(file_hash, { GetFile()->GetVal()->Ref(), new StringVal(kind), hash->Get(), diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index ee874c4d37..a4a7da5081 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -81,7 +81,7 @@ refine flow Flow += { ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol})); ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action})); - mgr.QueueEvent(::unified2_event, { + mgr.QueueEventFast(::unified2_event, { connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), ids_event, }, @@ -113,7 +113,7 @@ refine flow Flow += { ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label})); ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id})); - mgr.QueueEvent(::unified2_event, { + mgr.QueueEventFast(::unified2_event, { connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), ids_event, }, @@ -135,7 +135,7 @@ refine flow Flow += { packet->Assign(4, val_mgr->GetCount(${pkt.link_type})); packet->Assign(5, bytestring_to_val(${pkt.packet_data})); - mgr.QueueEvent(::unified2_packet, { + mgr.QueueEventFast(::unified2_packet, { connection()->bro_analyzer()->GetFile()->GetVal()->Ref(), packet, }, diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index 3681c6fd44..d55931c946 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -427,10 +427,11 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) // TODO: try to parse out general name ? #endif - mgr.QueueEvent(ocsp_request, { - GetFile()->GetVal()->Ref(), - val_mgr->GetCount(version), - }); + if ( ocsp_request ) + mgr.QueueEventFast(ocsp_request, { + GetFile()->GetVal()->Ref(), + val_mgr->GetCount(version), + }); BIO *bio = BIO_new(BIO_s_mem()); @@ -470,10 +471,11 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) const char *status_str = OCSP_response_status_str(OCSP_response_status(resp)); StringVal* status_val = new StringVal(strlen(status_str), status_str); - mgr.QueueEvent(ocsp_response_status, { - GetFile()->GetVal()->Ref(), - status_val->Ref(), - }); + if ( ocsp_response_status ) + mgr.QueueEventFast(ocsp_response_status, { + GetFile()->GetVal()->Ref(), + status_val->Ref(), + }); //if (!resp_bytes) // { @@ -491,12 +493,18 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val) // get the basic response basic_resp = OCSP_response_get1_basic(resp); if ( !basic_resp ) + { + Unref(status_val); goto clean_up; + } #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) resp_data = basic_resp->tbsResponseData; if ( !resp_data ) + { + Unref(status_val); goto clean_up; + } #endif vl.append(GetFile()->GetVal()->Ref()); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index c33f20a800..524aae1f27 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -221,16 +221,20 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) if ( constr ) { - RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints); - pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0)); + if ( x509_ext_basic_constraints ) + { + RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints); + pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0)); - if ( constr->pathlen ) - pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); + if ( constr->pathlen ) + pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen))); + + mgr.QueueEventFast(x509_ext_basic_constraints, { + GetFile()->GetVal()->Ref(), + pBasicConstraint, + }); + } - mgr.QueueEvent(x509_ext_basic_constraints, { - GetFile()->GetVal()->Ref(), - pBasicConstraint, - }); BASIC_CONSTRAINTS_free(constr); } diff --git a/src/file_analysis/analyzer/x509/x509-extension.pac b/src/file_analysis/analyzer/x509/x509-extension.pac index 396debbbbe..b6a6611d3c 100644 --- a/src/file_analysis/analyzer/x509/x509-extension.pac +++ b/src/file_analysis/analyzer/x509/x509-extension.pac @@ -35,6 +35,9 @@ refine connection MockConnection += { function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool %{ + if ( ! x509_ocsp_ext_signed_certificate_timestamp ) + return true; + BifEvent::generate_x509_ocsp_ext_signed_certificate_timestamp((analyzer::Analyzer *) bro_analyzer(), bro_analyzer()->GetFile()->GetVal()->Ref(), version, diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 108869be9f..39496671a2 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -715,7 +715,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Raise the log event. if ( stream->event ) - mgr.QueueEvent(stream->event, {columns->Ref()}, SOURCE_LOCAL); + mgr.QueueEventFast(stream->event, {columns->Ref()}, SOURCE_LOCAL); // Send to each of our filters. for ( list::iterator i = stream->filters.begin(); diff --git a/src/main.cc b/src/main.cc index 56300fc1a2..7afdb876bd 100644 --- a/src/main.cc +++ b/src/main.cc @@ -340,7 +340,7 @@ void terminate_bro() EventHandlerPtr bro_done = internal_handler("bro_done"); if ( bro_done ) - mgr.QueueEvent(bro_done, val_list{}); + mgr.QueueEventFast(bro_done, val_list{}); timer_mgr->Expire(); mgr.Drain(); @@ -1138,7 +1138,7 @@ int main(int argc, char** argv) EventHandlerPtr bro_init = internal_handler("bro_init"); if ( bro_init ) - mgr.QueueEvent(bro_init, val_list{}); + mgr.QueueEventFast(bro_init, val_list{}); EventRegistry::string_list* dead_handlers = event_registry->UnusedHandlers(); @@ -1184,16 +1184,19 @@ int main(int argc, char** argv) if ( override_ignore_checksums ) ignore_checksums = 1; - // Queue events reporting loaded scripts. - for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + if ( bro_script_loaded ) { - if ( i->skipped ) - continue; + // Queue events reporting loaded scripts. + for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + { + if ( i->skipped ) + continue; - mgr.QueueEvent(bro_script_loaded, { - new StringVal(i->name.c_str()), - val_mgr->GetCount(i->include_level), - }); + mgr.QueueEventFast(bro_script_loaded, { + new StringVal(i->name.c_str()), + val_mgr->GetCount(i->include_level), + }); + } } reporter->ReportViaEvents(true); From 71446619309a527ccc61ff4b41373eb40ba98bd7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 18 Apr 2019 19:04:39 -0700 Subject: [PATCH 03/51] GH-340: Improve IPv4/IPv6 regexes, extraction, and validity functions * is_valid_ip() is now implemented as a BIF instead of in base/utils/addrs * The IPv4 and IPv6 regular expressions provided by base/utils/addrs have been improved/corrected (previously they could possibly match some invalid IPv4 decimals, or various "zero compressed" IPv6 strings with too many hextets) * extract_ip_addresses() should give better results as a result of the above two points --- doc | 2 +- scripts/base/utils/addrs.zeek | 123 +++++++++--------- src/IPAddr.cc | 66 +++++----- src/IPAddr.h | 29 ++++- src/bro.bif | 13 ++ src/util.cc | 6 +- .../Baseline/scripts.base.utils.addrs/output | 20 ++- testing/btest/scripts/base/utils/addrs.test | 47 ++++++- 8 files changed, 200 insertions(+), 106 deletions(-) diff --git a/doc b/doc index 9b556e5e71..34e9f9add9 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 9b556e5e71d0d8a5c2e7a1d4be4b308d887310f1 +Subproject commit 34e9f9add97e67c9768540433cdccf221b592a4e diff --git a/scripts/base/utils/addrs.zeek b/scripts/base/utils/addrs.zeek index 9d165936ef..070b60ed04 100644 --- a/scripts/base/utils/addrs.zeek +++ b/scripts/base/utils/addrs.zeek @@ -1,31 +1,67 @@ ##! Functions for parsing and manipulating IP and MAC addresses. # Regular expressions for matching IP addresses in strings. -const ipv4_addr_regex = /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/; -const ipv6_8hex_regex = /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/; -const ipv6_compressed_hex_regex = /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/; -const ipv6_hex4dec_regex = /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; -const ipv6_compressed_hex4dec_regex = /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; -# These are commented out until patterns can be constructed this way at init time. -#const ipv6_addr_regex = ipv6_8hex_regex | -# ipv6_compressed_hex_regex | -# ipv6_hex4dec_regex | -# ipv6_compressed_hex4dec_regex; -#const ip_addr_regex = ipv4_addr_regex | ipv6_addr_regex; +const ipv4_decim = /[0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5]/; -const ipv6_addr_regex = - /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/ | - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/ | # IPv6 Compressed Hex - /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ | # 6Hex4Dec - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; # CompressedHex4Dec +const ipv4_addr_regex = ipv4_decim & /\./ & ipv4_decim & /\./ & ipv4_decim & /\./ & ipv4_decim; -const ip_addr_regex = - /[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/ | - /([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}/ | - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)/ | # IPv6 Compressed Hex - /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ | # 6Hex4Dec - /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; # CompressedHex4Dec +const ipv6_hextet = /[0-9A-Fa-f]{1,4}/; + +const ipv6_8hex_regex = /([0-9A-Fa-f]{1,4}:){7}/ & ipv6_hextet; + +const ipv6_hex4dec_regex = /([0-9A-Fa-f]{1,4}:){6}/ & ipv4_addr_regex; + +const ipv6_compressed_lead_hextets0 = /::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,6})?/; + +const ipv6_compressed_lead_hextets1 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?/; + +const ipv6_compressed_lead_hextets2 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?/; + +const ipv6_compressed_lead_hextets3 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?/; + +const ipv6_compressed_lead_hextets4 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?/; + +const ipv6_compressed_lead_hextets5 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?/; + +const ipv6_compressed_lead_hextets6 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?/; + +const ipv6_compressed_lead_hextets7 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){6}::/; + +const ipv6_compressed_hex_regex = ipv6_compressed_lead_hextets0 | + ipv6_compressed_lead_hextets1 | + ipv6_compressed_lead_hextets2 | + ipv6_compressed_lead_hextets3 | + ipv6_compressed_lead_hextets4 | + ipv6_compressed_lead_hextets5 | + ipv6_compressed_lead_hextets6 | + ipv6_compressed_lead_hextets7; + +const ipv6_compressed_hext4dec_lead_hextets0 = /::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets1 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets2 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets3 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets4 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?/ & ipv4_addr_regex; + +const ipv6_compressed_hext4dec_lead_hextets5 = /[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::/ & ipv4_addr_regex; + +const ipv6_compressed_hex4dec_regex = ipv6_compressed_hext4dec_lead_hextets0 | + ipv6_compressed_hext4dec_lead_hextets1 | + ipv6_compressed_hext4dec_lead_hextets2 | + ipv6_compressed_hext4dec_lead_hextets3 | + ipv6_compressed_hext4dec_lead_hextets4 | + ipv6_compressed_hext4dec_lead_hextets5; + +const ipv6_addr_regex = ipv6_8hex_regex | + ipv6_compressed_hex_regex | + ipv6_hex4dec_regex | + ipv6_compressed_hex4dec_regex; + +const ip_addr_regex = ipv4_addr_regex | ipv6_addr_regex; ## Checks if all elements of a string array are a valid octet value. ## @@ -44,49 +80,6 @@ function has_valid_octets(octets: string_vec): bool return T; } -## Checks if a string appears to be a valid IPv4 or IPv6 address. -## -## ip_str: the string to check for valid IP formatting. -## -## Returns: T if the string is a valid IPv4 or IPv6 address format. -function is_valid_ip(ip_str: string): bool - { - local octets: string_vec; - if ( ip_str == ipv4_addr_regex ) - { - octets = split_string(ip_str, /\./); - if ( |octets| != 4 ) - return F; - - return has_valid_octets(octets); - } - else if ( ip_str == ipv6_addr_regex ) - { - if ( ip_str == ipv6_hex4dec_regex || - ip_str == ipv6_compressed_hex4dec_regex ) - { - # the regexes for hybrid IPv6-IPv4 address formats don't for valid - # octets within the IPv4 part, so do that now - octets = split_string(ip_str, /\./); - if ( |octets| != 4 ) - return F; - - # get rid of remaining IPv6 stuff in first octet - local tmp = split_string(octets[0], /:/); - octets[0] = tmp[|tmp| - 1]; - - return has_valid_octets(octets); - } - else - { - # pure IPv6 address formats that only use hex digits don't need - # any additional checks -- the regexes should be complete - return T; - } - } - return F; - } - ## Extracts all IP (v4 or v6) address strings from a given string. ## ## input: a string that may contain an IP address anywhere within it. diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 7917e82c29..c215b463b9 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -101,38 +101,44 @@ void IPAddr::ReverseMask(int top_bits_to_chop) p[i] &= mask_bits[i]; } -void IPAddr::Init(const std::string& s) +bool IPAddr::ConvertString(const char* s, in6_addr* result) { - if ( s.find(':') == std::string::npos ) // IPv4. + for ( auto p = s; *p; ++p ) + if ( *p == ':' ) + // IPv6 + return (inet_pton(AF_INET6, s, result->s6_addr) == 1); + + // IPv4 + // Parse the address directly instead of using inet_pton since + // some platforms have more sensitive implementations than others + // that can't e.g. handle leading zeroes. + int a[4]; + int n = 0; + int match_count = sscanf(s, "%d.%d.%d.%d%n", a+0, a+1, a+2, a+3, &n); + + if ( match_count != 4 ) + return false; + + if ( s[n] != '\0' ) + return false; + + for ( auto i = 0; i < 4; ++i ) + if ( a[i] < 0 || a[i] > 255 ) + return false; + + uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; + addr = htonl(addr); + memcpy(result->s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); + memcpy(&result->s6_addr[12], &addr, sizeof(uint32_t)); + return true; + } + +void IPAddr::Init(const char* s) + { + if ( ! ConvertString(s, &in6) ) { - memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); - - // Parse the address directly instead of using inet_pton since - // some platforms have more sensitive implementations than others - // that can't e.g. handle leading zeroes. - int a[4]; - int n = sscanf(s.c_str(), "%d.%d.%d.%d", a+0, a+1, a+2, a+3); - - if ( n != 4 || a[0] < 0 || a[1] < 0 || a[2] < 0 || a[3] < 0 || - a[0] > 255 || a[1] > 255 || a[2] > 255 || a[3] > 255 ) - { - reporter->Error("Bad IP address: %s", s.c_str()); - memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); - return; - } - - uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; - addr = htonl(addr); - memcpy(&in6.s6_addr[12], &addr, sizeof(uint32_t)); - } - - else - { - if ( inet_pton(AF_INET6, s.c_str(), in6.s6_addr) <=0 ) - { - reporter->Error("Bad IP address: %s", s.c_str()); - memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); - } + reporter->Error("Bad IP address: %s", s); + memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); } } diff --git a/src/IPAddr.h b/src/IPAddr.h index 8ff258a860..1fdff9d979 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -68,7 +68,7 @@ public: */ IPAddr(const std::string& s) { - Init(s); + Init(s.data()); } /** @@ -366,6 +366,29 @@ public: unsigned int MemoryAllocation() const { return padded_sizeof(*this); } + /** + * Converts an IPv4 or IPv6 string into a network address structure + * (IPv6 or v4-to-v6-mapping in network bytes order). + * + * @param s the IPv4 or IPv6 string to convert (ASCII, NUL-terminated). + * + * @param result buffer that the caller supplies to store the result. + * + * @return whether the conversion was successful. + */ + static bool ConvertString(const char* s, in6_addr* result); + + /** + * @param s the IPv4 or IPv6 string to convert (ASCII, NUL-terminated). + * + * @return whether the string is a valid IP address + */ + static bool IsValid(const char* s) + { + in6_addr tmp; + return ConvertString(s, &tmp); + } + private: friend class IPPrefix; @@ -373,9 +396,9 @@ private: * Initializes an address instance from a string representation. * * @param s String containing an IP address as either a dotted IPv4 - * address or a hex IPv6 address. + * address or a hex IPv6 address (ASCII, NUL-terminated). */ - void Init(const std::string& s); + void Init(const char* s); in6_addr in6; // IPv6 or v4-to-v6-mapped address diff --git a/src/bro.bif b/src/bro.bif index 96419ab83d..7ecb688841 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -2409,6 +2409,19 @@ function to_addr%(ip: string%): addr return ret; %} +## Checks if a string is a valid IPv4 or IPv6 address. +## +## ip: the string to check for valid IP formatting. +## +## Returns: T if the string is a valid IPv4 or IPv6 address format. +function is_valid_ip%(ip: string%): bool + %{ + char* s = ip->AsString()->Render(); + auto rval = IPAddr::IsValid(s); + delete [] s; + return val_mgr->GetBool(rval); + %} + ## Converts a :bro:type:`string` to a :bro:type:`subnet`. ## ## sn: The subnet to convert. diff --git a/src/util.cc b/src/util.cc index 0367700ffb..8a8f733223 100644 --- a/src/util.cc +++ b/src/util.cc @@ -53,11 +53,13 @@ #include "iosource/Manager.h" /** - * Return IP address without enclosing brackets and any leading 0x. + * Return IP address without enclosing brackets and any leading 0x. Also + * trims leading/trailing whitespace. */ std::string extract_ip(const std::string& i) { - std::string s(skip_whitespace(i.c_str())); + std::string s(strstrip(i)); + if ( s.size() > 0 && s[0] == '[' ) s.erase(0, 1); diff --git a/testing/btest/Baseline/scripts.base.utils.addrs/output b/testing/btest/Baseline/scripts.base.utils.addrs/output index 37afcb4719..37cd37bbb2 100644 --- a/testing/btest/Baseline/scripts.base.utils.addrs/output +++ b/testing/btest/Baseline/scripts.base.utils.addrs/output @@ -1,4 +1,4 @@ -============ test ipv4 regex +============ test ipv4 regex (good strings) T T T @@ -6,9 +6,24 @@ T T T T +T +T +T +T +T +T +T +============ bad ipv4 decimals F F F +F +F +F +============ too many ipv4 decimals +F +F +============ typical looking ipv4 T T ============ test ipv6 regex @@ -30,6 +45,9 @@ T F F F +F +F ============ test extract_ip_addresses() [1.1.1.1, 2.2.2.2, 3.3.3.3] [1.1.1.1, 0:0:0:0:0:0:0:0, 3.3.3.3] +[6:1:2::3:4:5:6] diff --git a/testing/btest/scripts/base/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test index 224fd9dc62..869d27aab5 100644 --- a/testing/btest/scripts/base/utils/addrs.test +++ b/testing/btest/scripts/base/utils/addrs.test @@ -5,23 +5,54 @@ event bro_init() { + print "============ test ipv4 regex (good strings)"; local ip = "0.0.0.0"; - - print "============ test ipv4 regex"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + ip = "1.1.1.1"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + ip = "9.9.9.9"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "99.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "09.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "009.99.99.99"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + ip = "255.255.255.255"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + print "============ bad ipv4 decimals"; ip = "255.255.255.256"; - print ip == ipv4_addr_regex; # the regex doesn't check for 0-255 - print is_valid_ip(ip); # but is_valid_ip() will + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "255.255.255.295"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + ip = "255.255.255.300"; + print ip == ipv4_addr_regex; + print is_valid_ip(ip); + + print "============ too many ipv4 decimals"; ip = "255.255.255.255.255"; print ip == ipv4_addr_regex; print is_valid_ip(ip); + + print "============ typical looking ipv4"; ip = "192.168.1.100"; print ip == ipv4_addr_regex; print is_valid_ip(ip); @@ -97,8 +128,16 @@ event bro_init() ip = "2001:db8:0:0:0:FFFF:192.168.0.256"; print is_valid_ip(ip); + # These have too many hextets ("::" must expand to at least one hextet) + print is_valid_ip("6:1:2::3:4:5:6:7"); + print is_valid_ip("6:1:2::3:4:5:6:7:8"); + print "============ test extract_ip_addresses()"; print extract_ip_addresses("this is 1.1.1.1 a test 2.2.2.2 string with ip addresses 3.3.3.3"); print extract_ip_addresses("this is 1.1.1.1 a test 0:0:0:0:0:0:0:0 string with ip addresses 3.3.3.3"); + # This will use the leading 6 from "IPv6" (maybe that's not intended + # by a person trying to parse such a string, but that's just what's going + # to happen; it's on them to deal). + print extract_ip_addresses("IPv6:1:2::3:4:5:6:7"); } From f7c1cde7c7fe05eda68bfc24e7f0873c53d84315 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 29 Apr 2019 18:09:29 -0700 Subject: [PATCH 04/51] Remove 'dns_resolver' option, replace w/ ZEEK_DNS_RESOLVER env. var. The later simply doesn't work well in conjunction with hostname literals. i.e. "google.com" (without quotes) needs to be resolved to a set of addresses at parse-time, so if a user wishes to use a custom resolver, we need that to be configured independently from the order in which scripts get parsed. Configuring 'dns_resolver' via scripting "redef" is clearly dependent on parse order. Note 'dns_resolver' hasn't been in any release version yet, so I'm removing it outright, no deprecation. The ZEEK_DNS_RESOLVER environment variable now serves the original purpose. --- doc | 2 +- scripts/base/init-bare.zeek | 6 ---- src/DNS_Mgr.cc | 55 ++++++++++++++++++------------------- src/DNS_Mgr.h | 1 + src/main.cc | 1 + 5 files changed, 29 insertions(+), 36 deletions(-) diff --git a/doc b/doc index 073bb08473..856db2bb40 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 073bb08473b8172b8bb175e0702204f15f522392 +Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 86e3317931..7c4fe2e5b8 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -3743,12 +3743,6 @@ global dns_skip_all_addl = T &redef; ## traffic and do not process it. Set to 0 to turn off this functionality. global dns_max_queries = 25 &redef; -## The address of the DNS resolver to use. If not changed from the -## unspecified address, ``[::]``, the first nameserver from /etc/resolv.conf -## gets used (IPv6 is currently only supported if set via this option, not -## when parsed from the file). -const dns_resolver = [::] &redef; - ## HTTP session statistics. ## ## .. zeek:see:: http_stats diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 2fff6903b0..aa5bbdc849 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -388,6 +388,7 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) num_requests = 0; successful = 0; failed = 0; + nb_dns = nullptr; } DNS_Mgr::~DNS_Mgr() @@ -399,16 +400,21 @@ DNS_Mgr::~DNS_Mgr() delete [] dir; } -void DNS_Mgr::InitPostScript() +void DNS_Mgr::Init() { if ( did_init ) return; - auto dns_resolver_id = global_scope()->Lookup("dns_resolver"); - auto dns_resolver_addr = dns_resolver_id->ID_Val()->AsAddr(); + // Note that Init() may be called by way of LookupHost() during the act of + // parsing a hostname literal (e.g. google.com), so we can't use a + // script-layer option to configure the DNS resolver as it may not be + // configured to the user's desired address at the time when we need to to + // the lookup. + auto dns_resolver = getenv("ZEEK_DNS_RESOLVER"); + auto dns_resolver_addr = dns_resolver ? IPAddr(dns_resolver) : IPAddr(); char err[NB_DNS_ERRSIZE]; - if ( dns_resolver_addr == IPAddr("::") ) + if ( dns_resolver_addr == IPAddr() ) nb_dns = nb_dns_init(err); else { @@ -433,19 +439,11 @@ void DNS_Mgr::InitPostScript() if ( ! nb_dns ) reporter->Warning("problem initializing NB-DNS: %s", err); - const char* cache_dir = dir ? dir : "."; - - if ( mode == DNS_PRIME && ! ensure_dir(cache_dir) ) - { - did_init = 0; - return; - } - - cache_name = new char[strlen(cache_dir) + 64]; - sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache"); - - LoadCache(fopen(cache_name, "r")); + did_init = true; + } +void DNS_Mgr::InitPostScript() + { dns_mapping_valid = internal_handler("dns_mapping_valid"); dns_mapping_unverified = internal_handler("dns_mapping_unverified"); dns_mapping_new_name = internal_handler("dns_mapping_new_name"); @@ -455,14 +453,18 @@ void DNS_Mgr::InitPostScript() dm_rec = internal_type("dns_mapping")->AsRecordType(); - did_init = 1; - + // Registering will call Init() iosource_mgr->Register(this, true); // We never set idle to false, having the main loop only calling us from // time to time. If we're issuing more DNS requests than we can handle // in this way, we are having problems anyway ... SetIdle(true); + + const char* cache_dir = dir ? dir : "."; + cache_name = new char[strlen(cache_dir) + 64]; + sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache"); + LoadCache(fopen(cache_name, "r")); } static TableVal* fake_name_lookup_result(const char* name) @@ -497,12 +499,11 @@ TableVal* DNS_Mgr::LookupHost(const char* name) if ( mode == DNS_FAKE ) return fake_name_lookup_result(name); + Init(); + if ( ! nb_dns ) return empty_addr_set(); - if ( ! did_init ) - Init(); - if ( mode != DNS_PRIME ) { HostMap::iterator it = host_mappings.find(name); @@ -553,8 +554,7 @@ TableVal* DNS_Mgr::LookupHost(const char* name) Val* DNS_Mgr::LookupAddr(const IPAddr& addr) { - if ( ! did_init ) - Init(); + Init(); if ( mode != DNS_PRIME ) { @@ -1072,8 +1072,7 @@ static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback, void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { @@ -1111,8 +1110,7 @@ void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback) void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { @@ -1150,8 +1148,7 @@ void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback) void DNS_Mgr::AsyncLookupNameText(const string& name, LookupCallback* callback) { - if ( ! did_init ) - Init(); + Init(); if ( mode == DNS_FAKE ) { diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 0358ceba18..8da64097e4 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -136,6 +136,7 @@ protected: iosource::FD_Set* except) override; double NextTimestamp(double* network_time) override; void Process() override; + void Init() override; const char* Tag() override { return "DNS_Mgr"; } DNS_MgrMode mode; diff --git a/src/main.cc b/src/main.cc index af29b1e7d7..6a29756bc7 100644 --- a/src/main.cc +++ b/src/main.cc @@ -215,6 +215,7 @@ void usage(int code = 1) fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $ZEEK_DNS_RESOLVER | IPv4/IPv6 address of DNS resolver to use (%s)\n", getenv("ZEEK_DNS_RESOLVER") ? getenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf"); fprintf(stderr, "\n"); From 9a461d26e41f42a3f8f461743120f4d06eb9e6ca Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 29 Apr 2019 18:32:13 -0700 Subject: [PATCH 05/51] Updating CHANGES and VERSION. --- CHANGES | 4 ++++ NEWS | 4 ++++ VERSION | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 18e2d85a74..d082638796 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-250 | 2019-04-29 18:09:29 -0700 + + * Remove 'dns_resolver' option, replace w/ ZEEK_DNS_RESOLVER env. var. (Jon Siwek, Corelight) + 2.6-249 | 2019-04-26 19:26:44 -0700 * Fix parsing of hybrid IPv6-IPv4 addr literals with no zero compression (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index b93aa2300b..ac489af4e8 100644 --- a/NEWS +++ b/NEWS @@ -72,6 +72,10 @@ New Functionality (capital for originator, lowercase responder) to indicate a content gap in the TCP stream. These are recorded logarithmically. +- The ``ZEEK_DNS_RESOLVER`` environment variable now controls + the DNS resolver to use by setting it to an IPv4 or IPv6 address. If + not set, then the first IPv4 address from /etc/resolv.conf gets used. + Changed Functionality --------------------- diff --git a/VERSION b/VERSION index acde488fd3..eaa5476a06 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-249 +2.6-250 From c67da0a3cbe9ac73ba46cec780976b537603dc79 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 29 Apr 2019 19:21:18 -0700 Subject: [PATCH 06/51] Add comments to QueueEvent() and ConnectionEvent() And also their "Fast" variants. --- src/Conn.h | 30 ++++++++++++++++++++++++++++-- src/Event.h | 18 ++++++++++++++++++ 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/src/Conn.h b/src/Conn.h index d19501ff13..fc1baf4b07 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -174,13 +174,39 @@ public: int UnparsedVersionFoundEvent(const IPAddr& addr, const char* full_descr, int len, analyzer::Analyzer* analyzer); + // If a handler exists for 'f', an event will be generated. If 'name' is + // given that event's first argument will be it, and it's second will be + // the connection value. If 'name' is null, then the event's first + // argument is the connection value. void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* name = 0); + + // If a handler exists for 'f', an event will be generated. In any case, + // 'v1' and 'v2' reference counts get decremented. The event's first + // argument is the connection value, second argument is 'v1', and if 'v2' + // is given that will be it's third argument. void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = 0); - void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, - val_list* vl); + // If a handler exists for 'f', an event will be generated. In any case, + // reference count for each element in the 'vl' list are decremented. The + // arguments used for the event are whatevever is provided in 'vl'. void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list vl); + + // Same as ConnectionEvent, except taking the event's argument list via a + // pointer instead of by value. This function takes ownership of the + // memory pointed to by 'vl' and also for decrementing the reference count + // of each of its elements. + void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer, + val_list* vl); + + // Queues an event without first checking if there's any available event + // handlers (or remote consumes). If it turns out there's actually nothing + // that will consume the event, then this may leak memory due to failing to + // decrement the reference count of each element in 'vl'. i.e. use this + // function instead of ConnectionEvent() if you've already guarded against + // the case where there's no handlers (one usually also does that because + // it would be a waste of effort to construct all the event arguments when + // there's no handlers to consume them). void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer, val_list vl); diff --git a/src/Event.h b/src/Event.h index 258b680d49..1b23f304f2 100644 --- a/src/Event.h +++ b/src/Event.h @@ -58,6 +58,14 @@ public: EventMgr(); ~EventMgr() override; + // Queues an event without first checking if there's any available event + // handlers (or remote consumers). If it turns out there's actually + // nothing that will consume the event, then this may leak memory due to + // failing to decrement the reference count of each element in 'vl'. i.e. + // use this function instead of QueueEvent() if you've already guarded + // against the case where there's no handlers (one usually also does that + // because it would be a waste of effort to construct all the event + // arguments when there's no handlers to consume them). void QueueEventFast(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) @@ -65,6 +73,12 @@ public: QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj)); } + // Queues an event if there's an event handler (or remote consumer). This + // function always takes ownership of decrementing the reference count of + // each element of 'vl', even if there's no event handler. If you've + // checked for event handler existence, you may wish to call + // QueueEventFast() instead of this function to prevent the redundant + // existence check. void QueueEvent(const EventHandlerPtr &h, val_list vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) @@ -78,6 +92,10 @@ public: } } + // Same as QueueEvent, except taking the event's argument list via a + // pointer instead of by value. This function takes ownership of the + // memory pointed to by 'vl' as well as decrementing the reference count of + // each of its elements. void QueueEvent(const EventHandlerPtr &h, val_list* vl, SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0, TimerMgr* mgr = 0, BroObj* obj = 0) From 32473b85b0ce84246cccf516627a0e2d8c6b200b Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 30 Apr 2019 20:53:38 -0700 Subject: [PATCH 07/51] Force the Broker IOSource to idle periodically Previously, if there was always input in each Process() call, then the Broker IOSource would never go idle and could completely starve out a packet IOSource since it would always report readiness with a timestamp value of the last known network_time (which prevents selecting a packet IOSource for processing, due to incoming packets likely having timestamps that are later). --- src/broker/Manager.cc | 28 +++++++++++++++++++++++++++- src/broker/Manager.h | 1 + 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index ec69308790..bfaa35b2d0 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -140,6 +140,7 @@ Manager::Manager(bool arg_reading_pcaps) reading_pcaps = arg_reading_pcaps; after_zeek_init = false; peer_count = 0; + times_processed_without_idle = 0; log_topic_func = nullptr; vector_of_data_type = nullptr; log_id_type = nullptr; @@ -942,7 +943,32 @@ void Manager::Process() } } - SetIdle(! had_input); + if ( had_input ) + { + ++times_processed_without_idle; + + // The max number of Process calls allowed to happen in a row without + // idling is chosen a bit arbitrarily, except 12 is around half of the + // SELECT_FREQUENCY (25). + // + // But probably the general idea should be for it to have some relation + // to the SELECT_FREQUENCY: less than it so other busy IOSources can + // fit several Process loops in before the next poll event (e.g. the + // select() call ), but still large enough such that we don't have to + // wait long before the next poll ourselves after being forced to idle. + if ( times_processed_without_idle > 12 ) + { + times_processed_without_idle = 0; + SetIdle(true); + } + else + SetIdle(false); + } + else + { + times_processed_without_idle = 0; + SetIdle(true); + } } diff --git a/src/broker/Manager.h b/src/broker/Manager.h index a0520698da..2310189418 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -382,6 +382,7 @@ private: bool reading_pcaps; bool after_zeek_init; int peer_count; + int times_processed_without_idle; Func* log_topic_func; VectorType* vector_of_data_type; From 375b151a4bcc9cdec32aab953b4b7127095a3aad Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 14:18:05 -0700 Subject: [PATCH 08/51] Update external pointer to zeek-testing repo --- testing/external/commit-hash.zeek-testing | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing index 8322309e89..201a295539 100644 --- a/testing/external/commit-hash.zeek-testing +++ b/testing/external/commit-hash.zeek-testing @@ -1 +1 @@ -1ab5538b8cdb0ef78616d665e02343321f269f3d +050560f19c41650c80fb9a9186ceb3fcac412d80 From 789cb376fdc9375893be5e356f0b580e267f34b6 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 23 Apr 2019 14:25:56 +0200 Subject: [PATCH 09/51] GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. This also installs symlinks from "zeek" and "bro-config" to a wrapper script that prints a deprecation warning. The btests pass, but this is still WIP. broctl renaming is still missing. #239 --- CMakeLists.txt | 41 +++++++++++-------- doc | 2 +- man/{bro.8 => zeek.8} | 0 .../policy/frameworks/control/controllee.zeek | 2 +- .../policy/frameworks/control/controller.zeek | 2 +- src/Attr.cc | 2 +- src/Base64.cc | 2 +- src/BroString.cc | 2 +- src/CCL.cc | 2 +- src/CMakeLists.txt | 28 +++++++------ src/ChunkedIO.cc | 2 +- src/ChunkedIO.h | 2 +- src/CompHash.cc | 2 +- src/Conn.cc | 2 +- src/DFA.cc | 2 +- src/DNS_Mgr.cc | 2 +- src/DbgBreakpoint.cc | 2 +- src/DbgHelp.cc | 2 +- src/DbgWatch.cc | 2 +- src/Debug.cc | 2 +- src/DebugCmds.cc | 2 +- src/Desc.cc | 2 +- src/Dict.cc | 2 +- src/Discard.cc | 2 +- src/EquivClass.cc | 2 +- src/Event.cc | 2 +- src/Expr.cc | 2 +- src/File.cc | 2 +- src/Frag.cc | 2 +- src/Frame.cc | 2 +- src/Func.cc | 2 +- src/Hash.cc | 2 +- src/ID.cc | 2 +- src/IP.h | 2 +- src/IntSet.cc | 2 +- src/List.cc | 2 +- src/NFA.cc | 2 +- src/Net.cc | 2 +- src/NetVar.cc | 2 +- src/Obj.cc | 2 +- src/PacketDumper.cc | 2 +- src/PolicyFile.cc | 2 +- src/PriorityQueue.cc | 2 +- src/Queue.cc | 2 +- src/RE.cc | 2 +- src/Reassem.cc | 2 +- src/RemoteSerializer.cc | 2 +- src/Reporter.cc | 2 +- src/Rule.cc | 2 +- src/RuleAction.cc | 2 +- src/RuleCondition.cc | 2 +- src/RuleMatcher.cc | 2 +- src/Scope.cc | 2 +- src/SerialObj.h | 2 +- src/Sessions.cc | 2 +- src/SmithWaterman.cc | 2 +- src/Stmt.cc | 2 +- src/Tag.h | 2 +- src/Timer.cc | 2 +- src/TunnelEncapsulation.h | 2 +- src/Type.cc | 2 +- src/Val.cc | 2 +- src/Var.cc | 2 +- src/analyzer/Component.h | 2 +- src/analyzer/Tag.h | 2 +- src/analyzer/protocol/arp/ARP.h | 2 +- src/analyzer/protocol/backdoor/BackDoor.cc | 2 +- src/analyzer/protocol/dce-rpc/DCE_RPC.cc | 2 +- src/analyzer/protocol/dns/DNS.cc | 2 +- src/analyzer/protocol/finger/Finger.cc | 2 +- src/analyzer/protocol/ftp/FTP.cc | 2 +- src/analyzer/protocol/gnutella/Gnutella.cc | 2 +- src/analyzer/protocol/http/HTTP.cc | 2 +- src/analyzer/protocol/icmp/ICMP.cc | 2 +- src/analyzer/protocol/ident/Ident.cc | 2 +- src/analyzer/protocol/interconn/InterConn.cc | 2 +- src/analyzer/protocol/login/Login.cc | 2 +- src/analyzer/protocol/login/NVT.cc | 2 +- src/analyzer/protocol/login/RSH.cc | 2 +- src/analyzer/protocol/login/Rlogin.cc | 2 +- src/analyzer/protocol/login/Telnet.cc | 2 +- src/analyzer/protocol/mime/MIME.cc | 2 +- src/analyzer/protocol/ncp/NCP.cc | 2 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 2 +- src/analyzer/protocol/ntp/NTP.cc | 2 +- src/analyzer/protocol/pop3/POP3.cc | 2 +- src/analyzer/protocol/rpc/MOUNT.cc | 2 +- src/analyzer/protocol/rpc/NFS.cc | 2 +- src/analyzer/protocol/rpc/Portmap.cc | 2 +- src/analyzer/protocol/rpc/RPC.cc | 2 +- src/analyzer/protocol/rpc/XDR.cc | 2 +- src/analyzer/protocol/smtp/SMTP.cc | 2 +- .../protocol/stepping-stone/SteppingStone.cc | 2 +- src/analyzer/protocol/udp/UDP.cc | 2 +- src/analyzer/protocol/zip/ZIP.h | 2 +- src/bsd-getopt-long.c | 2 +- src/file_analysis/Component.h | 2 +- src/file_analysis/Tag.h | 2 +- src/input/Tag.h | 2 +- src/input/readers/sqlite/SQLite.cc | 2 +- src/input/readers/sqlite/SQLite.h | 2 +- src/iosource/BPF_Program.cc | 2 +- src/iosource/PktDumper.cc | 2 +- src/iosource/PktSrc.cc | 2 +- src/iosource/pcap/Source.cc | 2 +- src/logging/Tag.h | 2 +- src/logging/writers/sqlite/SQLite.cc | 2 +- src/logging/writers/sqlite/SQLite.h | 2 +- src/main.cc | 2 +- src/nb_dns.c | 2 +- src/net_util.cc | 2 +- src/net_util.h | 2 +- src/plugin/Plugin.h | 2 +- src/rule-parse.y | 2 +- src/setsignal.c | 2 +- src/strsep.c | 2 +- src/threading/BasicThread.cc | 2 +- src/threading/Formatter.cc | 2 +- src/threading/formatters/Ascii.cc | 2 +- src/threading/formatters/JSON.cc | 2 +- src/util.cc | 2 +- src/util.h | 2 +- src/version.c.in | 2 +- testing/btest/Baseline/bifs.lookup_ID/out | 2 +- .../{bro..stdout => zeek..stdout} | 0 .../{bro.output => zeek.output} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro.config.log => zeek.config.log} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stderr => zeek..stderr} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stdout => zeek..stdout} | 0 .../{bro..stdout => zeek..stdout} | 0 .../Baseline/scripts.base.utils.paths/output | 16 ++++---- ...o.weird_stats.log => zeek.weird_stats.log} | 0 testing/btest/bifs/addr_count_conversion.zeek | 2 +- testing/btest/bifs/addr_to_ptr_name.zeek | 2 +- testing/btest/bifs/addr_version.zeek | 2 +- testing/btest/bifs/all_set.zeek | 2 +- testing/btest/bifs/analyzer_name.zeek | 2 +- testing/btest/bifs/any_set.zeek | 2 +- testing/btest/bifs/bloomfilter-seed.zeek | 4 +- testing/btest/bifs/bloomfilter.zeek | 2 +- testing/btest/bifs/bro_version.zeek | 2 +- testing/btest/bifs/bytestring_to_count.zeek | 2 +- testing/btest/bifs/bytestring_to_double.zeek | 2 +- testing/btest/bifs/bytestring_to_hexstr.zeek | 2 +- testing/btest/bifs/capture_state_updates.zeek | 2 +- testing/btest/bifs/cat.zeek | 2 +- testing/btest/bifs/cat_string_array.zeek | 2 +- testing/btest/bifs/check_subnet.zeek | 2 +- testing/btest/bifs/checkpoint_state.zeek | 2 +- testing/btest/bifs/clear_table.zeek | 2 +- testing/btest/bifs/convert_for_pattern.zeek | 2 +- testing/btest/bifs/count_to_addr.zeek | 2 +- testing/btest/bifs/create_file.zeek | 2 +- testing/btest/bifs/current_analyzer.zeek | 2 +- testing/btest/bifs/current_time.zeek | 2 +- testing/btest/bifs/decode_base64.zeek | 2 +- testing/btest/bifs/decode_base64_conn.zeek | 2 +- testing/btest/bifs/directory_operations.zeek | 2 +- testing/btest/bifs/dump_current_packet.zeek | 2 +- testing/btest/bifs/edit.zeek | 2 +- testing/btest/bifs/enable_raw_output.test | 2 +- testing/btest/bifs/encode_base64.zeek | 2 +- testing/btest/bifs/entropy_test.zeek | 2 +- testing/btest/bifs/enum_to_int.zeek | 2 +- testing/btest/bifs/escape_string.zeek | 2 +- testing/btest/bifs/exit.zeek | 2 +- testing/btest/bifs/file_mode.zeek | 2 +- testing/btest/bifs/filter_subnet_table.zeek | 2 +- testing/btest/bifs/find_all.zeek | 2 +- testing/btest/bifs/find_entropy.zeek | 2 +- testing/btest/bifs/find_last.zeek | 2 +- testing/btest/bifs/fmt.zeek | 2 +- testing/btest/bifs/fmt_ftp_port.zeek | 2 +- .../btest/bifs/get_current_packet_header.zeek | 2 +- testing/btest/bifs/get_matcher_stats.zeek | 2 +- .../btest/bifs/get_port_transport_proto.zeek | 2 +- testing/btest/bifs/gethostname.zeek | 2 +- testing/btest/bifs/getpid.zeek | 2 +- testing/btest/bifs/getsetenv.zeek | 2 +- testing/btest/bifs/global_ids.zeek | 2 +- testing/btest/bifs/global_sizes.zeek | 2 +- testing/btest/bifs/haversine_distance.zeek | 2 +- testing/btest/bifs/hexdump.zeek | 2 +- testing/btest/bifs/hexstr_to_bytestring.zeek | 2 +- testing/btest/bifs/hll_cardinality.zeek | 2 +- testing/btest/bifs/hll_large_estimate.zeek | 4 +- testing/btest/bifs/identify_data.zeek | 2 +- .../btest/bifs/install_src_addr_filter.test | 2 +- testing/btest/bifs/is_ascii.zeek | 2 +- testing/btest/bifs/is_local_interface.zeek | 2 +- testing/btest/bifs/is_port.zeek | 2 +- testing/btest/bifs/join_string.zeek | 2 +- testing/btest/bifs/levenshtein_distance.zeek | 2 +- testing/btest/bifs/lookup_ID.zeek | 4 +- testing/btest/bifs/lowerupper.zeek | 2 +- testing/btest/bifs/lstrip.zeek | 2 +- testing/btest/bifs/mask_addr.zeek | 2 +- testing/btest/bifs/matching_subnets.zeek | 2 +- testing/btest/bifs/math.zeek | 2 +- testing/btest/bifs/md5.test | 2 +- testing/btest/bifs/merge_pattern.zeek | 2 +- testing/btest/bifs/net_stats_trace.test | 2 +- testing/btest/bifs/netbios-functions.zeek | 2 +- testing/btest/bifs/order.zeek | 2 +- testing/btest/bifs/parse_ftp.zeek | 2 +- testing/btest/bifs/piped_exec.zeek | 4 +- testing/btest/bifs/ptr_name_to_addr.zeek | 2 +- testing/btest/bifs/rand.zeek | 4 +- testing/btest/bifs/raw_bytes_to_v4_addr.zeek | 2 +- testing/btest/bifs/reading_traces.zeek | 4 +- testing/btest/bifs/record_type_to_vector.zeek | 2 +- testing/btest/bifs/records_fields.zeek | 2 +- testing/btest/bifs/remask_addr.zeek | 2 +- testing/btest/bifs/resize.zeek | 2 +- testing/btest/bifs/reverse.zeek | 2 +- testing/btest/bifs/rotate_file.zeek | 2 +- testing/btest/bifs/rotate_file_by_name.zeek | 2 +- .../btest/bifs/routing0_data_to_addrs.test | 2 +- testing/btest/bifs/rstrip.zeek | 2 +- testing/btest/bifs/safe_shell_quote.zeek | 2 +- testing/btest/bifs/same_object.zeek | 2 +- testing/btest/bifs/sha1.test | 2 +- testing/btest/bifs/sha256.test | 2 +- testing/btest/bifs/sort.zeek | 2 +- testing/btest/bifs/sort_string_array.zeek | 2 +- testing/btest/bifs/split.zeek | 2 +- testing/btest/bifs/split_string.zeek | 2 +- testing/btest/bifs/str_shell_escape.zeek | 2 +- testing/btest/bifs/strcmp.zeek | 2 +- testing/btest/bifs/strftime.zeek | 2 +- testing/btest/bifs/string_fill.zeek | 2 +- testing/btest/bifs/string_to_pattern.zeek | 2 +- testing/btest/bifs/strip.zeek | 2 +- testing/btest/bifs/strptime.zeek | 2 +- testing/btest/bifs/strstr.zeek | 2 +- testing/btest/bifs/sub.zeek | 2 +- testing/btest/bifs/subnet_to_addr.zeek | 2 +- testing/btest/bifs/subnet_version.zeek | 2 +- testing/btest/bifs/subst_string.zeek | 2 +- testing/btest/bifs/system.zeek | 2 +- testing/btest/bifs/system_env.zeek | 2 +- testing/btest/bifs/to_addr.zeek | 2 +- testing/btest/bifs/to_count.zeek | 2 +- testing/btest/bifs/to_double.zeek | 2 +- testing/btest/bifs/to_double_from_string.zeek | 2 +- testing/btest/bifs/to_int.zeek | 2 +- testing/btest/bifs/to_interval.zeek | 2 +- testing/btest/bifs/to_port.zeek | 2 +- testing/btest/bifs/to_subnet.zeek | 2 +- testing/btest/bifs/to_time.zeek | 2 +- testing/btest/bifs/topk.zeek | 2 +- testing/btest/bifs/type_name.zeek | 2 +- testing/btest/bifs/unique_id-pools.zeek | 4 +- testing/btest/bifs/unique_id-rnd.zeek | 4 +- testing/btest/bifs/unique_id.zeek | 2 +- testing/btest/bifs/uuid_to_string.zeek | 2 +- testing/btest/bifs/val_size.zeek | 2 +- testing/btest/bifs/x509_verify.zeek | 2 +- testing/btest/broker/connect-on-retry.zeek | 4 +- testing/btest/broker/disconnect.zeek | 6 +-- testing/btest/broker/error.zeek | 2 +- testing/btest/broker/remote_event.zeek | 4 +- testing/btest/broker/remote_event_any.zeek | 4 +- testing/btest/broker/remote_event_auto.zeek | 4 +- .../btest/broker/remote_event_ssl_auth.zeek | 4 +- .../btest/broker/remote_event_vector_any.zeek | 4 +- testing/btest/broker/remote_id.zeek | 4 +- testing/btest/broker/remote_log.zeek | 4 +- .../btest/broker/remote_log_late_join.zeek | 4 +- testing/btest/broker/remote_log_types.zeek | 4 +- testing/btest/broker/ssl_auth_failure.zeek | 4 +- testing/btest/broker/store/clone.zeek | 4 +- testing/btest/broker/store/local.zeek | 2 +- testing/btest/broker/store/ops.zeek | 2 +- testing/btest/broker/store/record.zeek | 2 +- testing/btest/broker/store/set.zeek | 2 +- testing/btest/broker/store/sqlite.zeek | 4 +- testing/btest/broker/store/table.zeek | 2 +- .../btest/broker/store/type-conversion.zeek | 2 +- testing/btest/broker/store/vector.zeek | 2 +- testing/btest/broker/unpeer.zeek | 4 +- testing/btest/btest.cfg | 5 ++- testing/btest/core/bits_per_uid.zeek | 10 ++--- .../core/check-unused-event-handlers.test | 2 +- testing/btest/core/checksums.test | 38 ++++++++--------- testing/btest/core/cisco-fabric-path.zeek | 2 +- testing/btest/core/conn-size-threshold.zeek | 2 +- testing/btest/core/conn-uid.zeek | 4 +- testing/btest/core/connection_flip_roles.zeek | 2 +- testing/btest/core/disable-mobile-ipv6.test | 2 +- testing/btest/core/discarder.zeek | 8 ++-- testing/btest/core/div-by-zero.zeek | 2 +- testing/btest/core/dns-init.zeek | 2 +- testing/btest/core/embedded-null.zeek | 2 +- testing/btest/core/enum-redef-exists.zeek | 2 +- testing/btest/core/erspan.zeek | 2 +- testing/btest/core/erspanII.zeek | 2 +- testing/btest/core/erspanIII.zeek | 2 +- testing/btest/core/ether-addrs.zeek | 4 +- testing/btest/core/event-arg-reuse.zeek | 2 +- testing/btest/core/expr-exception.zeek | 2 +- testing/btest/core/fake_dns.zeek | 2 +- .../core/file-caching-serialization.test | 4 +- testing/btest/core/global_opaque_val.zeek | 2 +- testing/btest/core/history-flip.zeek | 2 +- testing/btest/core/icmp/icmp-context.test | 6 +-- testing/btest/core/icmp/icmp-events.test | 6 +-- testing/btest/core/icmp/icmp6-context.test | 8 ++-- testing/btest/core/icmp/icmp6-events.test | 20 ++++----- testing/btest/core/icmp/icmp6-nd-options.test | 4 +- testing/btest/core/icmp/icmp_sent.zeek | 2 +- testing/btest/core/init-error.zeek | 2 +- testing/btest/core/ip-broken-header.zeek | 2 +- testing/btest/core/ipv6-atomic-frag.test | 2 +- testing/btest/core/ipv6-flow-labels.test | 2 +- testing/btest/core/ipv6-frag.test | 2 +- testing/btest/core/ipv6_esp.test | 2 +- testing/btest/core/ipv6_ext_headers.test | 2 +- testing/btest/core/ipv6_zero_len_ah.test | 2 +- testing/btest/core/leaks/ayiya.test | 4 +- testing/btest/core/leaks/basic-cluster.zeek | 8 ++-- testing/btest/core/leaks/bloomfilter.zeek | 4 +- .../btest/core/leaks/broker/clone_store.zeek | 6 +-- testing/btest/core/leaks/broker/data.zeek | 6 +-- .../btest/core/leaks/broker/master_store.zeek | 4 +- .../btest/core/leaks/broker/remote_event.test | 6 +-- .../btest/core/leaks/broker/remote_log.test | 6 +-- testing/btest/core/leaks/dns-nsec3.zeek | 4 +- testing/btest/core/leaks/dns-txt.zeek | 4 +- testing/btest/core/leaks/dns.zeek | 4 +- testing/btest/core/leaks/dtls.zeek | 4 +- testing/btest/core/leaks/exec.test | 4 +- .../core/leaks/file-analysis-http-get.zeek | 4 +- testing/btest/core/leaks/gridftp.test | 4 +- testing/btest/core/leaks/gtp_opt_header.test | 4 +- testing/btest/core/leaks/hll_cluster.zeek | 10 ++--- testing/btest/core/leaks/hook.zeek | 4 +- testing/btest/core/leaks/http-connect.zeek | 4 +- testing/btest/core/leaks/incr-vec-expr.test | 4 +- testing/btest/core/leaks/input-basic.zeek | 4 +- testing/btest/core/leaks/input-errors.zeek | 4 +- .../btest/core/leaks/input-missing-enum.zeek | 4 +- .../core/leaks/input-optional-event.zeek | 4 +- .../core/leaks/input-optional-table.zeek | 4 +- testing/btest/core/leaks/input-raw.zeek | 8 ++-- testing/btest/core/leaks/input-reread.zeek | 12 +++--- testing/btest/core/leaks/input-sqlite.zeek | 4 +- .../btest/core/leaks/input-with-remove.zeek | 4 +- testing/btest/core/leaks/ip-in-ip.test | 8 ++-- .../btest/core/leaks/ipv6_ext_headers.test | 4 +- testing/btest/core/leaks/irc.test | 4 +- .../btest/core/leaks/krb-service-name.test | 4 +- testing/btest/core/leaks/krb.test | 4 +- testing/btest/core/leaks/kv-iteration.zeek | 4 +- testing/btest/core/leaks/mysql.test | 4 +- testing/btest/core/leaks/pattern.zeek | 4 +- testing/btest/core/leaks/pe.test | 4 +- testing/btest/core/leaks/radius.test | 4 +- testing/btest/core/leaks/returnwhen.zeek | 4 +- testing/btest/core/leaks/set.zeek | 4 +- testing/btest/core/leaks/sip.test | 4 +- testing/btest/core/leaks/smtp_attachment.test | 4 +- testing/btest/core/leaks/snmp.test | 4 +- testing/btest/core/leaks/ssh.test | 4 +- testing/btest/core/leaks/stats.zeek | 4 +- testing/btest/core/leaks/string-indexing.zeek | 4 +- .../btest/core/leaks/switch-statement.zeek | 4 +- testing/btest/core/leaks/teredo.zeek | 4 +- testing/btest/core/leaks/test-all.zeek | 4 +- testing/btest/core/leaks/vector-val-bifs.test | 4 +- testing/btest/core/leaks/while.zeek | 4 +- .../btest/core/leaks/x509_ocsp_verify.zeek | 4 +- testing/btest/core/leaks/x509_verify.zeek | 4 +- testing/btest/core/load-duplicates.zeek | 12 +++--- .../load-explicit-bro-suffix-fallback.zeek | 2 +- testing/btest/core/load-file-extension.zeek | 18 ++++---- testing/btest/core/load-pkg.zeek | 6 +-- testing/btest/core/load-prefixes.zeek | 2 +- testing/btest/core/load-relative.zeek | 2 +- testing/btest/core/load-unload.zeek | 4 +- testing/btest/core/mobile-ipv6-home-addr.test | 2 +- testing/btest/core/mobile-ipv6-routing.test | 2 +- testing/btest/core/mobility-checksums.test | 12 +++--- testing/btest/core/mobility_msg.test | 16 ++++---- testing/btest/core/mpls-in-vlan.zeek | 2 +- testing/btest/core/negative-time.test | 2 +- testing/btest/core/nflog.zeek | 2 +- testing/btest/core/nop.zeek | 2 +- testing/btest/core/old_comm_usage.zeek | 2 +- testing/btest/core/option-errors.zeek | 2 +- testing/btest/core/option-priorities.zeek | 2 +- testing/btest/core/option-redef.zeek | 2 +- testing/btest/core/option-runtime-errors.zeek | 2 +- testing/btest/core/pcap/dumper.zeek | 2 +- testing/btest/core/pcap/dynamic-filter.zeek | 2 +- testing/btest/core/pcap/filter-error.zeek | 4 +- testing/btest/core/pcap/input-error.zeek | 4 +- testing/btest/core/pcap/pseudo-realtime.zeek | 2 +- .../core/pcap/read-trace-with-filter.zeek | 2 +- testing/btest/core/pppoe-over-qinq.zeek | 2 +- testing/btest/core/pppoe.test | 2 +- testing/btest/core/print-bpf-filters.zeek | 10 ++--- testing/btest/core/q-in-q.zeek | 2 +- testing/btest/core/radiotap.zeek | 2 +- testing/btest/core/raw_packet.zeek | 4 +- testing/btest/core/reassembly.zeek | 10 ++--- testing/btest/core/recursive-event.zeek | 2 +- .../btest/core/reporter-error-in-handler.zeek | 2 +- testing/btest/core/reporter-fmt-strings.zeek | 2 +- testing/btest/core/reporter-parse-error.zeek | 2 +- .../btest/core/reporter-runtime-error.zeek | 2 +- .../core/reporter-shutdown-order-errors.zeek | 2 +- .../btest/core/reporter-type-mismatch.zeek | 2 +- .../core/reporter-weird-sampling-disable.zeek | 2 +- .../btest/core/reporter-weird-sampling.zeek | 2 +- testing/btest/core/reporter.zeek | 2 +- testing/btest/core/tcp/fin-retransmit.zeek | 2 +- .../btest/core/tcp/large-file-reassembly.zeek | 2 +- testing/btest/core/tcp/miss-end-data.zeek | 2 +- testing/btest/core/tcp/missing-syn.zeek | 2 +- testing/btest/core/tcp/quantum-insert.zeek | 2 +- testing/btest/core/tcp/rst-after-syn.zeek | 2 +- testing/btest/core/tcp/rxmit-history.zeek | 4 +- testing/btest/core/tcp/truncated-header.zeek | 2 +- testing/btest/core/truncation.test | 18 ++++---- testing/btest/core/tunnels/ayiya.test | 2 +- testing/btest/core/tunnels/false-teredo.zeek | 2 +- testing/btest/core/tunnels/gre-in-gre.test | 2 +- testing/btest/core/tunnels/gre-pptp.test | 2 +- testing/btest/core/tunnels/gre.test | 2 +- .../core/tunnels/gtp/different_dl_and_ul.test | 2 +- .../btest/core/tunnels/gtp/ext_header.test | 2 +- testing/btest/core/tunnels/gtp/false_gtp.test | 2 +- .../btest/core/tunnels/gtp/inner_ipv6.test | 2 +- .../btest/core/tunnels/gtp/inner_teredo.test | 2 +- .../btest/core/tunnels/gtp/non_recursive.test | 2 +- .../core/tunnels/gtp/not_user_plane_data.test | 2 +- .../btest/core/tunnels/gtp/opt_header.test | 2 +- .../btest/core/tunnels/gtp/outer_ip_frag.test | 2 +- .../core/tunnels/gtp/pdp_ctx_messages.test | 2 +- .../tunnels/gtp/unknown_or_too_short.test | 2 +- .../btest/core/tunnels/ip-in-ip-version.zeek | 4 +- testing/btest/core/tunnels/ip-in-ip.test | 12 +++--- testing/btest/core/tunnels/ip-tunnel-uid.test | 2 +- .../core/tunnels/teredo-known-services.test | 2 +- testing/btest/core/tunnels/teredo.zeek | 2 +- .../tunnels/teredo_bubble_with_payload.test | 2 +- testing/btest/core/tunnels/vxlan.zeek | 2 +- testing/btest/core/vector-assignment.zeek | 2 +- testing/btest/core/vlan-mpls.zeek | 2 +- .../core/when-interpreter-exceptions.zeek | 4 +- testing/btest/core/wlanmon.zeek | 2 +- testing/btest/core/x509-generalizedtime.zeek | 4 +- .../btest/coverage/bare-load-baseline.test | 2 +- testing/btest/coverage/bare-mode-errors.test | 6 +-- .../btest/coverage/coverage-blacklist.zeek | 2 +- .../btest/coverage/default-load-baseline.test | 2 +- testing/btest/coverage/find-bro-logs.test | 2 +- testing/btest/coverage/init-default.test | 6 +-- testing/btest/coverage/test-all-policy.test | 4 +- testing/btest/doc/record-add.zeek | 2 +- testing/btest/doc/record-attr-check.zeek | 2 +- testing/btest/doc/zeexygen/command_line.zeek | 2 +- .../doc/zeexygen/comment_retrieval_bifs.zeek | 2 +- testing/btest/doc/zeexygen/enums.zeek | 2 +- testing/btest/doc/zeexygen/example.zeek | 2 +- testing/btest/doc/zeexygen/func-params.zeek | 2 +- testing/btest/doc/zeexygen/identifier.zeek | 2 +- testing/btest/doc/zeexygen/package.zeek | 2 +- testing/btest/doc/zeexygen/package_index.zeek | 2 +- testing/btest/doc/zeexygen/records.zeek | 2 +- testing/btest/doc/zeexygen/script_index.zeek | 2 +- .../btest/doc/zeexygen/script_summary.zeek | 2 +- testing/btest/doc/zeexygen/type-aliases.zeek | 2 +- testing/btest/doc/zeexygen/vectors.zeek | 2 +- testing/btest/language/addr.zeek | 2 +- testing/btest/language/any.zeek | 2 +- testing/btest/language/at-deprecated.zeek | 2 +- testing/btest/language/at-dir.zeek | 4 +- testing/btest/language/at-filename.zeek | 2 +- testing/btest/language/at-if-event.zeek | 2 +- testing/btest/language/at-if-invalid.zeek | 2 +- testing/btest/language/at-if.zeek | 2 +- testing/btest/language/at-ifdef.zeek | 2 +- testing/btest/language/at-ifndef.zeek | 2 +- testing/btest/language/at-load.zeek | 4 +- .../btest/language/attr-default-coercion.zeek | 2 +- .../attr-default-global-set-error.zeek | 2 +- testing/btest/language/bool.zeek | 2 +- testing/btest/language/common-mistakes.zeek | 6 +-- .../language/conditional-expression.zeek | 2 +- testing/btest/language/const.zeek | 4 +- .../btest/language/container-ctor-scope.zeek | 2 +- testing/btest/language/copy.zeek | 2 +- testing/btest/language/count.zeek | 2 +- .../btest/language/cross-product-init.zeek | 2 +- testing/btest/language/default-params.zeek | 2 +- testing/btest/language/delete-field-set.zeek | 2 +- testing/btest/language/delete-field.zeek | 2 +- testing/btest/language/deprecated.zeek | 2 +- testing/btest/language/double.zeek | 2 +- testing/btest/language/enum-desc.zeek | 2 +- testing/btest/language/enum-scope.zeek | 2 +- testing/btest/language/enum.zeek | 2 +- testing/btest/language/eof-parse-errors.zeek | 4 +- testing/btest/language/event-local-var.zeek | 2 +- testing/btest/language/event.zeek | 2 +- testing/btest/language/expire-expr-error.zeek | 2 +- testing/btest/language/expire-func-undef.zeek | 2 +- testing/btest/language/expire-redef.zeek | 2 +- testing/btest/language/expire-type-error.zeek | 2 +- testing/btest/language/expire_func.test | 2 +- testing/btest/language/expire_func_mod.zeek | 2 +- testing/btest/language/expire_multiple.test | 2 +- testing/btest/language/expire_subnet.test | 2 +- testing/btest/language/file.zeek | 2 +- testing/btest/language/for.zeek | 2 +- testing/btest/language/func-assignment.zeek | 2 +- testing/btest/language/function.zeek | 2 +- testing/btest/language/hook.zeek | 2 +- testing/btest/language/hook_calls.zeek | 4 +- testing/btest/language/if.zeek | 2 +- testing/btest/language/incr-vec-expr.test | 2 +- .../language/index-assignment-invalid.zeek | 2 +- .../btest/language/init-in-anon-function.zeek | 2 +- testing/btest/language/int.zeek | 2 +- testing/btest/language/interval.zeek | 2 +- testing/btest/language/invalid_index.zeek | 2 +- testing/btest/language/ipv6-literals.zeek | 2 +- testing/btest/language/key-value-for.zeek | 2 +- testing/btest/language/module.zeek | 2 +- .../btest/language/named-record-ctors.zeek | 2 +- testing/btest/language/named-set-ctors.zeek | 2 +- testing/btest/language/named-table-ctors.zeek | 2 +- .../btest/language/named-vector-ctors.zeek | 2 +- testing/btest/language/nested-sets.zeek | 2 +- testing/btest/language/next-test.zeek | 2 +- testing/btest/language/no-module.zeek | 2 +- testing/btest/language/null-statement.zeek | 2 +- .../btest/language/outer_param_binding.zeek | 2 +- testing/btest/language/pattern.zeek | 2 +- testing/btest/language/port.zeek | 2 +- testing/btest/language/precedence.zeek | 4 +- testing/btest/language/raw_output_attr.test | 2 +- testing/btest/language/rec-comp-init.zeek | 2 +- testing/btest/language/rec-nested-opt.zeek | 2 +- testing/btest/language/rec-of-tbl.zeek | 2 +- testing/btest/language/rec-table-default.zeek | 2 +- testing/btest/language/record-bad-ctor.zeek | 2 +- testing/btest/language/record-bad-ctor2.zeek | 2 +- .../btest/language/record-ceorce-orphan.zeek | 2 +- .../btest/language/record-coerce-clash.zeek | 2 +- .../language/record-default-coercion.zeek | 2 +- .../language/record-default-set-mismatch.zeek | 2 +- testing/btest/language/record-extension.zeek | 2 +- .../language/record-function-recursion.zeek | 2 +- .../language/record-index-complex-fields.zeek | 2 +- .../language/record-recursive-coercion.zeek | 2 +- .../language/record-redef-after-init.zeek | 2 +- testing/btest/language/record-ref-assign.zeek | 2 +- .../btest/language/record-type-checking.zeek | 2 +- .../language/redef-same-prefixtable-idx.zeek | 2 +- testing/btest/language/redef-vector.zeek | 2 +- testing/btest/language/returnwhen.zeek | 4 +- .../btest/language/set-opt-record-index.zeek | 2 +- testing/btest/language/set-type-checking.zeek | 2 +- testing/btest/language/set.zeek | 2 +- testing/btest/language/short-circuit.zeek | 2 +- testing/btest/language/sizeof.zeek | 2 +- .../btest/language/smith-waterman-test.zeek | 2 +- testing/btest/language/string-indexing.zeek | 2 +- testing/btest/language/string.zeek | 2 +- testing/btest/language/strings.zeek | 2 +- testing/btest/language/subnet-errors.zeek | 2 +- testing/btest/language/subnet.zeek | 2 +- .../btest/language/switch-error-mixed.zeek | 2 +- testing/btest/language/switch-incomplete.zeek | 2 +- testing/btest/language/switch-statement.zeek | 2 +- .../switch-types-error-duplicate.zeek | 2 +- .../switch-types-error-unsupported.zeek | 2 +- testing/btest/language/switch-types-vars.zeek | 2 +- testing/btest/language/switch-types.zeek | 2 +- .../btest/language/table-default-record.zeek | 2 +- testing/btest/language/table-init-attrs.zeek | 2 +- .../language/table-init-container-ctors.zeek | 2 +- .../btest/language/table-init-record-idx.zeek | 2 +- testing/btest/language/table-init.zeek | 2 +- testing/btest/language/table-redef.zeek | 2 +- .../btest/language/table-type-checking.zeek | 2 +- testing/btest/language/table.zeek | 2 +- .../language/ternary-record-mismatch.zeek | 2 +- testing/btest/language/time.zeek | 2 +- testing/btest/language/timeout.zeek | 2 +- testing/btest/language/type-cast-any.zeek | 2 +- .../language/type-cast-error-dynamic.zeek | 2 +- .../language/type-cast-error-static.zeek | 2 +- testing/btest/language/type-cast-same.zeek | 2 +- testing/btest/language/type-check-any.zeek | 2 +- testing/btest/language/type-check-vector.zeek | 2 +- testing/btest/language/type-type-error.zeek | 2 +- .../language/undefined-delete-field.zeek | 2 +- .../btest/language/uninitialized-local.zeek | 2 +- .../btest/language/uninitialized-local2.zeek | 2 +- testing/btest/language/vector-any-append.zeek | 2 +- .../btest/language/vector-coerce-expr.zeek | 2 +- .../btest/language/vector-in-operator.zeek | 2 +- .../language/vector-list-init-records.zeek | 2 +- .../btest/language/vector-type-checking.zeek | 2 +- .../btest/language/vector-unspecified.zeek | 2 +- testing/btest/language/vector.zeek | 2 +- .../btest/language/when-unitialized-rhs.zeek | 2 +- testing/btest/language/when.zeek | 2 +- testing/btest/language/while.zeek | 2 +- .../btest/language/wrong-delete-field.zeek | 2 +- .../language/wrong-record-extension.zeek | 2 +- testing/btest/language/zeek_init.zeek | 2 +- .../btest/language/zeek_script_loaded.zeek | 2 +- .../btest/plugins/bifs-and-scripts-install.sh | 4 +- testing/btest/plugins/bifs-and-scripts.sh | 16 ++++---- testing/btest/plugins/file.zeek | 4 +- testing/btest/plugins/hooks.zeek | 2 +- testing/btest/plugins/init-plugin.zeek | 4 +- testing/btest/plugins/logging-hooks.zeek | 2 +- testing/btest/plugins/pktdumper.zeek | 4 +- testing/btest/plugins/pktsrc.zeek | 4 +- .../btest/plugins/plugin-nopatchversion.zeek | 2 +- .../plugins/plugin-withpatchversion.zeek | 2 +- testing/btest/plugins/protocol.zeek | 4 +- testing/btest/plugins/reader.zeek | 4 +- testing/btest/plugins/reporter-hook.zeek | 2 +- testing/btest/plugins/writer.zeek | 4 +- .../scripts/base/files/data_event/basic.zeek | 2 +- .../scripts/base/files/entropy/basic.test | 2 +- .../scripts/base/files/extract/limit.zeek | 6 +-- .../btest/scripts/base/files/pe/basic.test | 2 +- .../scripts/base/files/unified2/alert.zeek | 2 +- .../btest/scripts/base/files/x509/1999.test | 2 +- .../x509/signed_certificate_timestamp.test | 2 +- .../signed_certificate_timestamp_ocsp.test | 2 +- .../frameworks/analyzer/disable-analyzer.zeek | 6 +-- .../frameworks/analyzer/enable-analyzer.zeek | 4 +- .../analyzer/register-for-port.zeek | 8 ++-- .../analyzer/schedule-analyzer.zeek | 2 +- .../cluster/custom_pool_exclusivity.zeek | 6 +-- .../cluster/custom_pool_limits.zeek | 6 +-- .../base/frameworks/cluster/forwarding.zeek | 10 ++--- .../frameworks/cluster/log_distribution.zeek | 8 ++-- .../cluster/start-it-up-logger.zeek | 12 +++--- .../base/frameworks/cluster/start-it-up.zeek | 10 ++--- .../cluster/topic_distribution.zeek | 6 +-- .../cluster/topic_distribution_bifs.zeek | 6 +-- .../scripts/base/frameworks/config/basic.zeek | 6 +-- .../base/frameworks/config/basic_cluster.zeek | 6 +-- .../frameworks/config/cluster_resend.zeek | 6 +-- .../base/frameworks/config/read_config.zeek | 4 +- .../config/read_config_cluster.zeek | 6 +-- .../base/frameworks/config/several-files.zeek | 4 +- .../base/frameworks/config/updates.zeek | 10 ++--- .../scripts/base/frameworks/config/weird.zeek | 2 +- .../control/configuration_update.zeek | 4 +- .../base/frameworks/control/id_value.zeek | 4 +- .../base/frameworks/control/shutdown.zeek | 4 +- .../file-analysis/actions/data_event.zeek | 2 +- .../bifs/file_exists_lookup_file.zeek | 2 +- .../bifs/register_mime_type.zeek | 2 +- .../file-analysis/bifs/remove_action.zeek | 2 +- .../bifs/set_timeout_interval.zeek | 4 +- .../frameworks/file-analysis/bifs/stop.zeek | 2 +- .../file-analysis/big-bof-buffer.zeek | 2 +- .../frameworks/file-analysis/byteranges.zeek | 2 +- .../base/frameworks/file-analysis/ftp.zeek | 2 +- .../frameworks/file-analysis/http/get.zeek | 4 +- .../file-analysis/http/multipart.zeek | 2 +- .../file-analysis/http/partial-content.zeek | 6 +-- .../file-analysis/http/pipeline.zeek | 2 +- .../frameworks/file-analysis/http/post.zeek | 2 +- .../frameworks/file-analysis/input/basic.zeek | 6 +-- .../base/frameworks/file-analysis/irc.zeek | 2 +- .../frameworks/file-analysis/logging.zeek | 2 +- .../base/frameworks/file-analysis/smtp.zeek | 2 +- .../scripts/base/frameworks/input/basic.zeek | 2 +- .../base/frameworks/input/bignumber.zeek | 2 +- .../scripts/base/frameworks/input/binary.zeek | 2 +- .../base/frameworks/input/config/basic.zeek | 2 +- .../base/frameworks/input/config/errors.zeek | 2 +- .../base/frameworks/input/config/spaces.zeek | 2 +- .../base/frameworks/input/default.zeek | 2 +- .../input/empty-values-hashing.zeek | 4 +- .../base/frameworks/input/emptyvals.zeek | 2 +- .../scripts/base/frameworks/input/errors.zeek | 2 +- .../scripts/base/frameworks/input/event.zeek | 2 +- .../base/frameworks/input/invalid-lines.zeek | 2 +- .../base/frameworks/input/invalidnumbers.zeek | 2 +- .../base/frameworks/input/invalidset.zeek | 2 +- .../base/frameworks/input/invalidtext.zeek | 2 +- .../base/frameworks/input/missing-enum.zeek | 6 +-- .../input/missing-file-initially.zeek | 10 ++--- .../base/frameworks/input/missing-file.zeek | 4 +- .../frameworks/input/onecolumn-norecord.zeek | 2 +- .../frameworks/input/onecolumn-record.zeek | 2 +- .../base/frameworks/input/optional.zeek | 2 +- .../input/path-prefix/absolute-prefix.zeek | 4 +- .../input/path-prefix/absolute-source.zeek | 4 +- .../input/path-prefix/no-paths.zeek | 2 +- .../input/path-prefix/relative-prefix.zeek | 2 +- .../base/frameworks/input/port-embedded.zeek | 6 +-- .../scripts/base/frameworks/input/port.zeek | 2 +- .../frameworks/input/predicate-stream.zeek | 4 +- .../base/frameworks/input/predicate.zeek | 2 +- .../frameworks/input/predicatemodify.zeek | 2 +- .../input/predicatemodifyandreread.zeek | 10 ++--- .../predicaterefusesecondsamerecord.zeek | 2 +- .../base/frameworks/input/raw/basic.zeek | 2 +- .../base/frameworks/input/raw/execute.zeek | 2 +- .../frameworks/input/raw/executestdin.zeek | 2 +- .../frameworks/input/raw/executestream.zeek | 6 +-- .../base/frameworks/input/raw/long.zeek | 2 +- .../base/frameworks/input/raw/offset.zeek | 4 +- .../base/frameworks/input/raw/rereadraw.zeek | 2 +- .../base/frameworks/input/raw/stderr.zeek | 2 +- .../base/frameworks/input/raw/streamraw.zeek | 6 +-- .../scripts/base/frameworks/input/repeat.zeek | 2 +- .../scripts/base/frameworks/input/reread.zeek | 10 ++--- .../scripts/base/frameworks/input/set.zeek | 2 +- .../base/frameworks/input/setseparator.zeek | 2 +- .../frameworks/input/setspecialcases.zeek | 2 +- .../base/frameworks/input/sqlite/basic.zeek | 2 +- .../base/frameworks/input/sqlite/error.zeek | 2 +- .../base/frameworks/input/sqlite/port.zeek | 2 +- .../base/frameworks/input/sqlite/types.zeek | 2 +- .../scripts/base/frameworks/input/stream.zeek | 6 +-- .../frameworks/input/subrecord-event.zeek | 2 +- .../base/frameworks/input/subrecord.zeek | 2 +- .../base/frameworks/input/tableevent.zeek | 2 +- .../base/frameworks/input/twotables.zeek | 4 +- .../frameworks/input/unsupported_types.zeek | 2 +- .../base/frameworks/input/windows.zeek | 2 +- .../cluster-transparency-with-proxy.zeek | 8 ++-- .../intel/cluster-transparency.zeek | 6 +-- .../base/frameworks/intel/expire-item.zeek | 2 +- .../base/frameworks/intel/filter-item.zeek | 2 +- .../frameworks/intel/input-and-match.zeek | 2 +- .../base/frameworks/intel/match-subnet.zeek | 2 +- .../input-intel-absolute-prefixes.zeek | 4 +- .../input-intel-relative-prefixes.zeek | 2 +- .../intel/path-prefix/input-prefix.zeek | 2 +- .../intel/path-prefix/no-paths.zeek | 2 +- .../intel/read-file-dist-cluster.zeek | 6 +-- .../frameworks/intel/remove-item-cluster.zeek | 4 +- .../frameworks/intel/remove-non-existing.zeek | 2 +- .../base/frameworks/intel/updated-match.zeek | 10 ++--- .../base/frameworks/logging/adapt-filter.zeek | 2 +- .../base/frameworks/logging/ascii-binary.zeek | 2 +- .../base/frameworks/logging/ascii-double.zeek | 4 +- .../base/frameworks/logging/ascii-empty.zeek | 2 +- .../logging/ascii-escape-binary.zeek | 2 +- .../logging/ascii-escape-empty-str.zeek | 2 +- .../logging/ascii-escape-notset-str.zeek | 2 +- .../logging/ascii-escape-odd-url.zeek | 2 +- .../logging/ascii-escape-set-separator.zeek | 2 +- .../base/frameworks/logging/ascii-escape.zeek | 2 +- .../frameworks/logging/ascii-gz-rotate.zeek | 2 +- .../base/frameworks/logging/ascii-gz.zeek | 2 +- .../logging/ascii-json-iso-timestamps.zeek | 2 +- .../logging/ascii-json-optional.zeek | 2 +- .../base/frameworks/logging/ascii-json.zeek | 2 +- .../logging/ascii-line-like-comment.zeek | 2 +- .../frameworks/logging/ascii-options.zeek | 2 +- .../frameworks/logging/ascii-timestamps.zeek | 2 +- .../base/frameworks/logging/ascii-tsv.zeek | 2 +- .../base/frameworks/logging/attr-extend.zeek | 2 +- .../scripts/base/frameworks/logging/attr.zeek | 2 +- .../frameworks/logging/disable-stream.zeek | 2 +- .../base/frameworks/logging/empty-event.zeek | 2 +- .../frameworks/logging/enable-stream.zeek | 2 +- .../base/frameworks/logging/env-ext.test | 2 +- .../base/frameworks/logging/events.zeek | 2 +- .../base/frameworks/logging/exclude.zeek | 2 +- .../field-extension-cluster-error.zeek | 4 +- .../logging/field-extension-cluster.zeek | 4 +- .../logging/field-extension-complex.zeek | 2 +- .../logging/field-extension-invalid.zeek | 2 +- .../logging/field-extension-optional.zeek | 2 +- .../logging/field-extension-table.zeek | 2 +- .../frameworks/logging/field-extension.zeek | 2 +- .../frameworks/logging/field-name-map.zeek | 2 +- .../frameworks/logging/field-name-map2.zeek | 2 +- .../scripts/base/frameworks/logging/file.zeek | 2 +- .../base/frameworks/logging/include.zeek | 2 +- .../base/frameworks/logging/no-local.zeek | 2 +- .../base/frameworks/logging/none-debug.zeek | 2 +- .../logging/path-func-column-demote.zeek | 2 +- .../base/frameworks/logging/path-func.zeek | 2 +- .../scripts/base/frameworks/logging/pred.zeek | 2 +- .../base/frameworks/logging/remove.zeek | 2 +- .../frameworks/logging/rotate-custom.zeek | 2 +- .../base/frameworks/logging/rotate.zeek | 2 +- .../base/frameworks/logging/scope_sep.zeek | 2 +- .../logging/scope_sep_and_field_name_map.zeek | 2 +- .../base/frameworks/logging/sqlite/error.zeek | 2 +- .../base/frameworks/logging/sqlite/set.zeek | 2 +- .../logging/sqlite/simultaneous-writes.zeek | 2 +- .../base/frameworks/logging/sqlite/types.zeek | 2 +- .../frameworks/logging/sqlite/wikipedia.zeek | 2 +- .../base/frameworks/logging/stdout.zeek | 2 +- .../base/frameworks/logging/test-logging.zeek | 2 +- .../base/frameworks/logging/types.zeek | 2 +- .../base/frameworks/logging/unset-record.zeek | 2 +- .../scripts/base/frameworks/logging/vec.zeek | 2 +- .../logging/writer-path-conflict.zeek | 2 +- .../base/frameworks/netcontrol/acld-hook.zeek | 4 +- .../base/frameworks/netcontrol/acld.zeek | 4 +- .../frameworks/netcontrol/basic-cluster.zeek | 6 +-- .../base/frameworks/netcontrol/basic.zeek | 2 +- .../base/frameworks/netcontrol/broker.zeek | 4 +- .../catch-and-release-forgotten.zeek | 2 +- .../netcontrol/catch-and-release.zeek | 2 +- .../netcontrol/delete-internal-state.zeek | 2 +- .../base/frameworks/netcontrol/duplicate.zeek | 2 +- .../frameworks/netcontrol/find-rules.zeek | 2 +- .../base/frameworks/netcontrol/hook.zeek | 2 +- .../base/frameworks/netcontrol/multiple.zeek | 2 +- .../base/frameworks/netcontrol/openflow.zeek | 2 +- .../frameworks/netcontrol/packetfilter.zeek | 2 +- .../netcontrol/quarantine-openflow.zeek | 2 +- .../base/frameworks/netcontrol/timeout.zeek | 2 +- .../base/frameworks/notice/cluster.zeek | 6 +-- .../notice/default-policy-order.test | 6 +-- .../base/frameworks/notice/mail-alarms.zeek | 2 +- .../notice/suppression-cluster.zeek | 8 ++-- .../notice/suppression-disable.zeek | 2 +- .../base/frameworks/notice/suppression.zeek | 2 +- .../frameworks/openflow/broker-basic.zeek | 4 +- .../base/frameworks/openflow/log-basic.zeek | 2 +- .../base/frameworks/openflow/log-cluster.zeek | 4 +- .../base/frameworks/openflow/ryu-basic.zeek | 2 +- .../frameworks/packet-filter/bad-filter.test | 2 +- .../frameworks/reporter/disable-stderr.zeek | 2 +- .../base/frameworks/reporter/stderr.zeek | 2 +- .../frameworks/software/version-parsing.zeek | 2 +- .../frameworks/sumstats/basic-cluster.zeek | 6 +-- .../base/frameworks/sumstats/basic.zeek | 2 +- .../sumstats/cluster-intermediate-update.zeek | 6 +-- .../frameworks/sumstats/last-cluster.zeek | 4 +- .../sumstats/on-demand-cluster.zeek | 6 +-- .../base/frameworks/sumstats/on-demand.zeek | 2 +- .../frameworks/sumstats/sample-cluster.zeek | 6 +-- .../base/frameworks/sumstats/sample.zeek | 2 +- .../frameworks/sumstats/thresholding.zeek | 2 +- .../frameworks/sumstats/topk-cluster.zeek | 6 +-- .../base/frameworks/sumstats/topk.zeek | 2 +- .../base/misc/find-filtered-trace.test | 4 +- testing/btest/scripts/base/misc/version.zeek | 2 +- .../btest/scripts/base/protocols/arp/bad.test | 2 +- .../scripts/base/protocols/arp/basic.test | 2 +- .../scripts/base/protocols/arp/radiotap.test | 2 +- .../scripts/base/protocols/arp/wlanmon.test | 2 +- .../conn/contents-default-extract.test | 2 +- .../conn/new_connection_contents.zeek | 2 +- .../scripts/base/protocols/conn/polling.test | 4 +- .../base/protocols/conn/threshold.zeek | 2 +- .../base/protocols/dce-rpc/context.zeek | 2 +- .../scripts/base/protocols/dce-rpc/mapi.test | 2 +- .../protocols/dhcp/dhcp-ack-msg-types.btest | 2 +- .../protocols/dhcp/dhcp-all-msg-types.btest | 2 +- .../dhcp/dhcp-discover-msg-types.btest | 2 +- .../base/protocols/dhcp/dhcp-sub-opts.btest | 2 +- .../scripts/base/protocols/dhcp/inform.test | 2 +- .../base/protocols/dnp3/dnp3_del_measure.zeek | 2 +- .../base/protocols/dnp3/dnp3_en_spon.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_del.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_read.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_write.zeek | 2 +- .../base/protocols/dnp3/dnp3_link_only.zeek | 2 +- .../base/protocols/dnp3/dnp3_read.zeek | 2 +- .../base/protocols/dnp3/dnp3_rec_time.zeek | 2 +- .../protocols/dnp3/dnp3_select_operate.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_en_spon.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_read.zeek | 2 +- .../dnp3/dnp3_udp_select_operate.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_write.zeek | 2 +- .../base/protocols/dnp3/dnp3_write.zeek | 2 +- .../scripts/base/protocols/dnp3/events.zeek | 2 +- .../btest/scripts/base/protocols/dns/caa.zeek | 2 +- .../scripts/base/protocols/dns/dns-key.zeek | 2 +- .../scripts/base/protocols/dns/dnskey.zeek | 2 +- .../btest/scripts/base/protocols/dns/ds.zeek | 2 +- .../protocols/dns/duplicate-reponses.zeek | 2 +- .../scripts/base/protocols/dns/flip.zeek | 2 +- .../scripts/base/protocols/dns/huge-ttl.zeek | 2 +- .../protocols/dns/multiple-txt-strings.zeek | 2 +- .../scripts/base/protocols/dns/nsec.zeek | 2 +- .../scripts/base/protocols/dns/nsec3.zeek | 2 +- .../scripts/base/protocols/dns/rrsig.zeek | 2 +- .../scripts/base/protocols/dns/tsig.zeek | 2 +- .../base/protocols/dns/zero-responses.zeek | 2 +- .../base/protocols/ftp/cwd-navigation.zeek | 2 +- .../base/protocols/ftp/ftp-get-file-size.zeek | 2 +- .../scripts/base/protocols/ftp/ftp-ipv4.zeek | 2 +- .../scripts/base/protocols/ftp/ftp-ipv6.zeek | 2 +- .../scripts/base/protocols/ftp/gridftp.test | 2 +- .../base/protocols/http/100-continue.zeek | 2 +- .../http/101-switching-protocols.zeek | 2 +- .../http/content-range-gap-skip.zeek | 2 +- .../protocols/http/content-range-gap.zeek | 2 +- .../http/content-range-less-than-len.zeek | 2 +- .../base/protocols/http/entity-gap.zeek | 2 +- .../base/protocols/http/entity-gap2.zeek | 2 +- .../protocols/http/fake-content-length.zeek | 2 +- .../http/http-bad-request-with-version.zeek | 2 +- .../http/http-connect-with-header.zeek | 2 +- .../base/protocols/http/http-connect.zeek | 2 +- .../base/protocols/http/http-filename.zeek | 2 +- .../base/protocols/http/http-header-crlf.zeek | 2 +- .../base/protocols/http/http-methods.zeek | 2 +- .../base/protocols/http/http-pipelining.zeek | 2 +- .../protocols/http/missing-zlib-header.zeek | 2 +- .../protocols/http/multipart-extract.zeek | 2 +- .../protocols/http/multipart-file-limit.zeek | 6 +-- .../scripts/base/protocols/http/no-uri.zeek | 2 +- .../base/protocols/http/no-version.zeek | 2 +- .../protocols/http/percent-end-of-line.zeek | 2 +- .../scripts/base/protocols/http/x-gzip.zeek | 2 +- .../http/zero-length-bodies-with-drops.zeek | 2 +- .../base/protocols/imap/capabilities.test | 2 +- .../scripts/base/protocols/imap/starttls.test | 2 +- .../scripts/base/protocols/irc/basic.test | 2 +- .../scripts/base/protocols/irc/events.test | 6 +-- .../scripts/base/protocols/irc/longline.test | 2 +- .../base/protocols/irc/names-weird.zeek | 2 +- .../scripts/base/protocols/irc/starttls.test | 2 +- .../scripts/base/protocols/krb/kinit.test | 2 +- .../scripts/base/protocols/krb/smb2_krb.test | 2 +- .../base/protocols/krb/smb2_krb_nokeytab.test | 2 +- .../base/protocols/krb/smb_gssapi.test | 2 +- .../btest/scripts/base/protocols/krb/tgs.test | 2 +- .../protocols/modbus/coil_parsing_big.zeek | 2 +- .../protocols/modbus/coil_parsing_small.zeek | 2 +- .../scripts/base/protocols/modbus/events.zeek | 2 +- .../protocols/modbus/exception_handling.test | 2 +- .../protocols/modbus/length_mismatch.zeek | 2 +- .../scripts/base/protocols/modbus/policy.zeek | 2 +- .../protocols/modbus/register_parsing.zeek | 2 +- .../scripts/base/protocols/mount/basic.test | 2 +- .../scripts/base/protocols/mysql/auth.test | 2 +- .../base/protocols/mysql/encrypted.test | 2 +- .../base/protocols/mysql/wireshark.test | 2 +- .../scripts/base/protocols/ncp/event.zeek | 2 +- .../base/protocols/ncp/frame_size_tuning.zeek | 2 +- .../scripts/base/protocols/nfs/basic.test | 2 +- .../scripts/base/protocols/pop3/starttls.zeek | 2 +- .../scripts/base/protocols/radius/auth.test | 2 +- .../radius/radius-multiple-attempts.test | 2 +- .../rdp/rdp-proprietary-encryption.zeek | 2 +- .../base/protocols/rdp/rdp-to-ssl.zeek | 2 +- .../scripts/base/protocols/rdp/rdp-x509.zeek | 2 +- .../rfb/rfb-apple-remote-desktop.test | 2 +- .../base/protocols/rfb/vnc-mac-to-linux.test | 2 +- .../scripts/base/protocols/sip/wireshark.test | 2 +- .../base/protocols/smb/disabled-dce-rpc.test | 2 +- .../scripts/base/protocols/smb/raw-ntlm.test | 2 +- .../smb/smb1-transaction-dcerpc.test | 2 +- .../smb/smb1-transaction-request.test | 2 +- .../smb/smb1-transaction-response.test | 2 +- .../smb1-transaction-secondary-request.test | 2 +- .../smb/smb1-transaction2-request.test | 2 +- .../smb1-transaction2-secondary-request.test | 2 +- .../scripts/base/protocols/smb/smb1.test | 2 +- .../base/protocols/smb/smb2-read-write.zeek | 2 +- .../protocols/smb/smb2-write-response.test | 2 +- .../scripts/base/protocols/smb/smb2.test | 2 +- .../scripts/base/protocols/smb/smb3.test | 2 +- .../scripts/base/protocols/smb/smb311.test | 2 +- .../base/protocols/smtp/attachment.test | 2 +- .../scripts/base/protocols/smtp/basic.test | 2 +- .../scripts/base/protocols/smtp/one-side.test | 2 +- .../scripts/base/protocols/smtp/starttls.test | 2 +- .../base/protocols/snmp/snmp-addr.zeek | 2 +- .../btest/scripts/base/protocols/snmp/v1.zeek | 8 ++-- .../btest/scripts/base/protocols/snmp/v2.zeek | 6 +-- .../btest/scripts/base/protocols/snmp/v3.zeek | 2 +- .../base/protocols/socks/socks-auth.zeek | 2 +- .../scripts/base/protocols/socks/trace1.test | 2 +- .../scripts/base/protocols/socks/trace2.test | 2 +- .../scripts/base/protocols/socks/trace3.test | 2 +- .../scripts/base/protocols/ssh/basic.test | 2 +- .../base/protocols/ssh/curve25519_kex.test | 2 +- .../protocols/ssh/one-auth-fail-only.test | 2 +- .../scripts/base/protocols/ssl/basic.test | 2 +- .../base/protocols/ssl/common_name.test | 4 +- .../base/protocols/ssl/comp_methods.test | 2 +- .../base/protocols/ssl/cve-2015-3194.test | 2 +- .../btest/scripts/base/protocols/ssl/dhe.test | 2 +- .../btest/scripts/base/protocols/ssl/dpd.test | 10 ++--- .../base/protocols/ssl/dtls-no-dtls.test | 2 +- .../base/protocols/ssl/dtls-stun-dpd.test | 2 +- .../scripts/base/protocols/ssl/dtls.test | 4 +- .../scripts/base/protocols/ssl/ecdhe.test | 2 +- .../scripts/base/protocols/ssl/ecdsa.test | 2 +- .../scripts/base/protocols/ssl/fragment.test | 2 +- .../base/protocols/ssl/handshake-events.test | 2 +- .../base/protocols/ssl/keyexchange.test | 12 +++--- .../base/protocols/ssl/ocsp-http-get.test | 2 +- .../base/protocols/ssl/ocsp-request-only.test | 2 +- .../protocols/ssl/ocsp-request-response.test | 2 +- .../protocols/ssl/ocsp-response-only.test | 2 +- .../base/protocols/ssl/ocsp-revoked.test | 2 +- .../base/protocols/ssl/ocsp-stapling.test | 2 +- .../ssl/signed_certificate_timestamp.test | 4 +- .../base/protocols/ssl/tls-1.2-ciphers.test | 2 +- .../ssl/tls-1.2-handshake-failure.test | 2 +- .../base/protocols/ssl/tls-1.2-random.test | 2 +- .../scripts/base/protocols/ssl/tls-1.2.test | 2 +- .../protocols/ssl/tls-extension-events.test | 4 +- .../base/protocols/ssl/tls13-experiment.test | 2 +- .../base/protocols/ssl/tls13-version.test | 2 +- .../scripts/base/protocols/ssl/tls13.test | 8 ++-- .../scripts/base/protocols/ssl/tls1_1.test | 2 +- .../protocols/ssl/x509-invalid-extension.test | 2 +- .../base/protocols/ssl/x509_extensions.test | 2 +- .../base/protocols/syslog/missing-pri.zeek | 2 +- .../scripts/base/protocols/syslog/trace.test | 2 +- .../scripts/base/protocols/tcp/pending.zeek | 2 +- .../base/protocols/xmpp/client-dpd.test | 2 +- .../protocols/xmpp/server-dialback-dpd.test | 2 +- .../scripts/base/protocols/xmpp/starttls.test | 2 +- .../btest/scripts/base/utils/active-http.test | 4 +- testing/btest/scripts/base/utils/addrs.test | 2 +- .../btest/scripts/base/utils/conn-ids.test | 2 +- .../scripts/base/utils/decompose_uri.zeek | 2 +- testing/btest/scripts/base/utils/dir.test | 8 ++-- .../base/utils/directions-and-hosts.test | 2 +- testing/btest/scripts/base/utils/exec.test | 4 +- testing/btest/scripts/base/utils/files.test | 2 +- .../btest/scripts/base/utils/hash_hrw.zeek | 2 +- testing/btest/scripts/base/utils/json.test | 2 +- testing/btest/scripts/base/utils/numbers.test | 2 +- testing/btest/scripts/base/utils/paths.test | 14 +++---- testing/btest/scripts/base/utils/pattern.test | 2 +- testing/btest/scripts/base/utils/queue.test | 2 +- testing/btest/scripts/base/utils/site.test | 2 +- testing/btest/scripts/base/utils/strings.test | 2 +- .../btest/scripts/base/utils/thresholds.test | 2 +- testing/btest/scripts/base/utils/urls.test | 2 +- .../btest/scripts/check-test-all-policy.zeek | 4 +- .../policy/frameworks/files/extract-all.zeek | 2 +- .../policy/frameworks/intel/removal.zeek | 2 +- .../policy/frameworks/intel/seen/certs.zeek | 4 +- .../policy/frameworks/intel/seen/smb.zeek | 2 +- .../policy/frameworks/intel/seen/smtp.zeek | 2 +- .../policy/frameworks/intel/whitelisting.zeek | 2 +- .../frameworks/software/version-changes.zeek | 2 +- .../frameworks/software/vulnerable.zeek | 2 +- .../scripts/policy/misc/dump-events.zeek | 6 +-- .../policy/misc/weird-stats-cluster.zeek | 6 +-- .../scripts/policy/misc/weird-stats.zeek | 4 +- .../policy/protocols/conn/known-hosts.zeek | 8 ++-- .../policy/protocols/conn/known-services.zeek | 8 ++-- .../policy/protocols/conn/mac-logging.zeek | 6 +-- .../policy/protocols/conn/vlan-logging.zeek | 2 +- .../policy/protocols/dns/inverse-request.zeek | 2 +- .../policy/protocols/http/flash-version.zeek | 2 +- .../policy/protocols/http/header-names.zeek | 2 +- .../http/test-sql-injection-regex.zeek | 2 +- .../policy/protocols/krb/ticket-logging.zeek | 2 +- .../protocols/ssh/detect-bruteforcing.zeek | 2 +- .../policy/protocols/ssl/expiring-certs.zeek | 2 +- .../protocols/ssl/extract-certs-pem.zeek | 2 +- .../policy/protocols/ssl/heartbleed.zeek | 10 ++--- .../policy/protocols/ssl/known-certs.zeek | 2 +- .../protocols/ssl/log-hostcerts-only.zeek | 2 +- .../ssl/validate-certs-no-cache.zeek | 2 +- .../policy/protocols/ssl/validate-certs.zeek | 4 +- .../policy/protocols/ssl/validate-ocsp.zeek | 6 +-- .../policy/protocols/ssl/validate-sct.zeek | 4 +- .../policy/protocols/ssl/weak-keys.zeek | 6 +-- testing/btest/scripts/site/local-compat.test | 4 +- testing/btest/scripts/site/local.test | 2 +- .../btest/signatures/bad-eval-condition.zeek | 2 +- testing/btest/signatures/dpd.zeek | 8 ++-- testing/btest/signatures/dst-ip-cidr-v4.zeek | 2 +- .../dst-ip-header-condition-v4-masks.zeek | 14 +++---- .../dst-ip-header-condition-v4.zeek | 14 +++---- .../dst-ip-header-condition-v6-masks.zeek | 14 +++---- .../dst-ip-header-condition-v6.zeek | 14 +++---- .../signatures/dst-port-header-condition.zeek | 36 ++++++++-------- .../eval-condition-no-return-value.zeek | 2 +- testing/btest/signatures/eval-condition.zeek | 2 +- .../signatures/header-header-condition.zeek | 16 ++++---- testing/btest/signatures/id-lookup.zeek | 2 +- .../signatures/ip-proto-header-condition.zeek | 14 +++---- testing/btest/signatures/load-sigs.zeek | 2 +- .../src-ip-header-condition-v4-masks.zeek | 14 +++---- .../src-ip-header-condition-v4.zeek | 14 +++---- .../src-ip-header-condition-v6-masks.zeek | 14 +++---- .../src-ip-header-condition-v6.zeek | 14 +++---- .../signatures/src-port-header-condition.zeek | 36 ++++++++-------- .../signatures/udp-packetwise-match.zeek | 2 +- .../btest/signatures/udp-payload-size.zeek | 2 +- testing/scripts/gen-zeexygen-docs.sh | 4 +- testing/scripts/has-writer | 4 +- testing/scripts/travis-job | 2 +- bro-config.h.in => zeek-config.h.in | 0 bro-config.in => zeek-config.in | 8 ++-- bro-path-dev.in => zeek-path-dev.in | 0 zeek-wrapper.in | 27 ++++++++++++ 1119 files changed, 1686 insertions(+), 1647 deletions(-) rename man/{bro.8 => zeek.8} (100%) rename testing/btest/Baseline/core.leaks.broker.data/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/core.when-interpreter-exceptions/{bro.output => zeek.output} (100%) rename testing/btest/Baseline/language.returnwhen/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.basic/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.basic/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.read_config/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.several-files/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.config.updates/{bro.config.log => zeek.config.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.missing-file/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/{bro..stderr => zeek..stderr} (100%) rename testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.utils.dir/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.base.utils.exec/{bro..stdout => zeek..stdout} (100%) rename testing/btest/Baseline/scripts.policy.misc.weird-stats/{bro.weird_stats.log => zeek.weird_stats.log} (100%) rename bro-config.h.in => zeek-config.h.in (100%) rename bro-config.in => zeek-config.in (80%) rename bro-path-dev.in => zeek-path-dev.in (100%) create mode 100755 zeek-wrapper.in diff --git a/CMakeLists.txt b/CMakeLists.txt index cfe0b29ed9..ac8f1b3a3b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -39,15 +39,15 @@ get_filename_component(BRO_SCRIPT_INSTALL_PATH ${BRO_SCRIPT_INSTALL_PATH} set(BRO_PLUGIN_INSTALL_PATH ${BRO_ROOT_DIR}/lib/bro/plugins CACHE STRING "Installation path for plugins" FORCE) -configure_file(bro-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev) +configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev) -file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.sh - "export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" +file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh + "export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "export BRO_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n" "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") -file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.csh - "setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" +file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh + "setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "setenv BRO_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n" "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") @@ -254,36 +254,43 @@ if ( NOT BINARY_PACKAGING_MODE ) endif () string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER) -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.h.in - ${CMAKE_CURRENT_BINARY_DIR}/bro-config.h) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.h.in + ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h) include_directories(${CMAKE_CURRENT_BINARY_DIR}) -install(FILES ${CMAKE_CURRENT_BINARY_DIR}/bro-config.h DESTINATION include/bro) +install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h DESTINATION include/bro) if ( CAF_ROOT_DIR ) - set(BRO_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR}) + set(ZEEK_CONFIG_CAF_ROOT_DIR ${CAF_ROOT_DIR}) else () - set(BRO_CONFIG_CAF_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_CAF_ROOT_DIR ${BRO_ROOT_DIR}) endif () if ( BinPAC_ROOT_DIR ) - set(BRO_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR}) + set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR}) else () - set(BRO_CONFIG_BINPAC_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BRO_ROOT_DIR}) endif () if ( BROKER_ROOT_DIR ) - set(BRO_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR}) + set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BROKER_ROOT_DIR}) else () - set(BRO_CONFIG_BROKER_ROOT_DIR ${BRO_ROOT_DIR}) + set(ZEEK_CONFIG_BROKER_ROOT_DIR ${BRO_ROOT_DIR}) endif () -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.in - ${CMAKE_CURRENT_BINARY_DIR}/bro-config @ONLY) -install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/bro-config DESTINATION bin) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in + ${CMAKE_CURRENT_BINARY_DIR}/zeek-config @ONLY) +install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/zeek-config DESTINATION bin) install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cmake DESTINATION share/bro USE_SOURCE_PERMISSIONS) +# Install wrapper script for Bro-to-Zeek renaming. +include(InstallShellScript) +include(InstallSymlink) +InstallShellScript("bin" "zeek-wrapper.in" "zeek-wrapper") +InstallSymlink("${CMAKE_INSTALL_PREFIX}/bin/zeek-wrapper" "${CMAKE_INSTALL_PREFIX}/bin/bro-config") +InstallSymlink("${CMAKE_INSTALL_PREFIX}/include/bro/zeek-config.h" "${CMAKE_INSTALL_PREFIX}/include/bro/bro-config.h") + ######################################################################## ## Recurse on sub-directories diff --git a/doc b/doc index 856db2bb40..d9cf0d7a24 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e +Subproject commit d9cf0d7a242b6924797aea0a70bd87879b8f1e17 diff --git a/man/bro.8 b/man/zeek.8 similarity index 100% rename from man/bro.8 rename to man/zeek.8 diff --git a/scripts/policy/frameworks/control/controllee.zeek b/scripts/policy/frameworks/control/controllee.zeek index 89768ef997..784cad52f9 100644 --- a/scripts/policy/frameworks/control/controllee.zeek +++ b/scripts/policy/frameworks/control/controllee.zeek @@ -5,7 +5,7 @@ ##! to the specific analysis scripts desired. It may also need a node ##! configured as a controller node in the communications nodes configuration:: ##! -##! bro frameworks/control/controllee +##! zeek frameworks/control/controllee @load base/frameworks/control @load base/frameworks/broker diff --git a/scripts/policy/frameworks/control/controller.zeek b/scripts/policy/frameworks/control/controller.zeek index 6befe70fe8..1e58f68821 100644 --- a/scripts/policy/frameworks/control/controller.zeek +++ b/scripts/policy/frameworks/control/controller.zeek @@ -4,7 +4,7 @@ ##! ##! It's intended to be used from the command line like this:: ##! -##! bro frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] +##! zeek frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] @load base/frameworks/control @load base/frameworks/broker diff --git a/src/Attr.cc b/src/Attr.cc index d3a347e8d1..71b85f2c01 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Attr.h" #include "Expr.h" diff --git a/src/Base64.cc b/src/Base64.cc index 3644740c7e..f7915d8678 100644 --- a/src/Base64.cc +++ b/src/Base64.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "Base64.h" #include diff --git a/src/BroString.cc b/src/BroString.cc index 3dca28439c..b7e93bdde9 100644 --- a/src/BroString.cc +++ b/src/BroString.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/CCL.cc b/src/CCL.cc index a725257c75..86ca2a03da 100644 --- a/src/CCL.cc +++ b/src/CCL.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "CCL.h" #include "RE.h" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94aca30eb9..f067c5ebc1 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -353,24 +353,28 @@ set(bro_SRCS collect_headers(bro_HEADERS ${bro_SRCS}) if ( bro_HAVE_OBJECT_LIBRARIES ) - add_executable(bro ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS}) - target_link_libraries(bro ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) + add_executable(zeek ${bro_SRCS} ${bro_HEADERS} ${bro_SUBDIRS}) + target_link_libraries(zeek ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) else () - add_executable(bro ${bro_SRCS} ${bro_HEADERS}) - target_link_libraries(bro ${bro_SUBDIRS} ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) + add_executable(zeek ${bro_SRCS} ${bro_HEADERS}) + target_link_libraries(zeek ${bro_SUBDIRS} ${brodeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) endif () if ( NOT "${bro_LINKER_FLAGS}" STREQUAL "" ) - set_target_properties(bro PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}") + set_target_properties(zeek PROPERTIES LINK_FLAGS "${bro_LINKER_FLAGS}") endif () -install(TARGETS bro DESTINATION bin) +install(TARGETS zeek DESTINATION bin) -set(BRO_EXE bro - CACHE STRING "Bro executable binary" FORCE) +# Install wrapper script for Bro-to-Zeek renaming. +include(InstallSymlink) +InstallSymlink("${CMAKE_INSTALL_PREFIX}/bin/zeek-wrapper" "${CMAKE_INSTALL_PREFIX}/bin/bro") -set(BRO_EXE_PATH ${CMAKE_CURRENT_BINARY_DIR}/bro - CACHE STRING "Path to Bro executable binary" FORCE) +set(BRO_EXE zeek + CACHE STRING "Zeek executable binary" FORCE) + +set(BRO_EXE_PATH ${CMAKE_CURRENT_BINARY_DIR}/zeek + CACHE STRING "Path to Zeek executable binary" FORCE) # Target to create all the autogenerated files. add_custom_target(generate_outputs_stage1) @@ -389,12 +393,12 @@ add_dependencies(generate_outputs generate_outputs_stage2a generate_outputs_stag # Build __load__.zeek files for standard *.bif.zeek. bro_bif_create_loader(bif_loader "${bro_BASE_BIF_SCRIPTS}") add_dependencies(bif_loader ${bro_SUBDIRS}) -add_dependencies(bro bif_loader) +add_dependencies(zeek bif_loader) # Build __load__.zeek files for plugins/*.bif.zeek. bro_bif_create_loader(bif_loader_plugins "${bro_PLUGIN_BIF_SCRIPTS}") add_dependencies(bif_loader_plugins ${bro_SUBDIRS}) -add_dependencies(bro bif_loader_plugins) +add_dependencies(zeek bif_loader_plugins) # Install *.bif.zeek. install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index d2cdbc6425..602342e759 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -11,7 +11,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "ChunkedIO.h" #include "NetVar.h" #include "RemoteSerializer.h" diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h index e9b41476df..24c7a489d2 100644 --- a/src/ChunkedIO.h +++ b/src/ChunkedIO.h @@ -3,7 +3,7 @@ #ifndef CHUNKEDIO_H #define CHUNKEDIO_H -#include "bro-config.h" +#include "zeek-config.h" #include "List.h" #include "util.h" #include "Flare.h" diff --git a/src/CompHash.cc b/src/CompHash.cc index cc3ad8cb72..ac2df02722 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "CompHash.h" #include "Val.h" diff --git a/src/Conn.cc b/src/Conn.cc index 83ad6c08f6..51125a5ef8 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/DFA.cc b/src/DFA.cc index 00f56ef16e..448307e3fe 100644 --- a/src/DFA.cc +++ b/src/DFA.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "EquivClass.h" #include "DFA.h" diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index b92c057eba..1e4d65bf8a 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/DbgBreakpoint.cc b/src/DbgBreakpoint.cc index c573a8d3b8..b1223486d3 100644 --- a/src/DbgBreakpoint.cc +++ b/src/DbgBreakpoint.cc @@ -1,6 +1,6 @@ // Implementation of breakpoints. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/DbgHelp.cc b/src/DbgHelp.cc index 6bbf9c6ecb..d7d11de3f0 100644 --- a/src/DbgHelp.cc +++ b/src/DbgHelp.cc @@ -1,5 +1,5 @@ // Bro Debugger Help -#include "bro-config.h" +#include "zeek-config.h" #include "Debug.h" diff --git a/src/DbgWatch.cc b/src/DbgWatch.cc index c34144dc1f..8ea7d96fa1 100644 --- a/src/DbgWatch.cc +++ b/src/DbgWatch.cc @@ -1,6 +1,6 @@ // Implementation of watches -#include "bro-config.h" +#include "zeek-config.h" #include "Debug.h" #include "DbgWatch.h" diff --git a/src/Debug.cc b/src/Debug.cc index a45c27888e..5493b20797 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -1,6 +1,6 @@ // Debugging support for Bro policy files. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/DebugCmds.cc b/src/DebugCmds.cc index 4e856b00f5..d11efb0390 100644 --- a/src/DebugCmds.cc +++ b/src/DebugCmds.cc @@ -1,7 +1,7 @@ // Support routines to help deal with Bro debugging commands and // implementation of most commands. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/Desc.cc b/src/Desc.cc index b64bcec8d8..f10f61fa77 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Dict.cc b/src/Dict.cc index d639b0c912..02886c6d5d 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #ifdef HAVE_MEMORY_H #include diff --git a/src/Discard.cc b/src/Discard.cc index d1acd80b4d..f84e901143 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "Var.h" diff --git a/src/EquivClass.cc b/src/EquivClass.cc index 7f54f07060..6b2a7aa593 100644 --- a/src/EquivClass.cc +++ b/src/EquivClass.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "EquivClass.h" diff --git a/src/Event.cc b/src/Event.cc index 8b87caa9b1..252ca2195b 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Event.h" #include "Func.h" diff --git a/src/Expr.cc b/src/Expr.cc index ff039ece35..25306b39d0 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Expr.h" #include "Event.h" diff --git a/src/File.cc b/src/File.cc index d7a213237f..710693fe0b 100644 --- a/src/File.cc +++ b/src/File.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #ifdef TIME_WITH_SYS_TIME diff --git a/src/Frag.cc b/src/Frag.cc index 842059e218..c6a5b3ba0d 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Hash.h" diff --git a/src/Frame.cc b/src/Frame.cc index f30312aaec..d065fb440a 100644 --- a/src/Frame.cc +++ b/src/Frame.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Frame.h" #include "Stmt.h" diff --git a/src/Func.cc b/src/Func.cc index cbbbef6fa5..3f7efc2018 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Hash.cc b/src/Hash.cc index bb1c103677..1955684738 100644 --- a/src/Hash.cc +++ b/src/Hash.cc @@ -15,7 +15,7 @@ // for the adversary to construct conflicts, though I do not know if // HMAC/MD5 is provably universal. -#include "bro-config.h" +#include "zeek-config.h" #include "Hash.h" #include "Reporter.h" diff --git a/src/ID.cc b/src/ID.cc index 0ae1656533..754746b309 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "ID.h" #include "Expr.h" diff --git a/src/IP.h b/src/IP.h index 8be2d3e609..3d5c7bfe96 100644 --- a/src/IP.h +++ b/src/IP.h @@ -3,7 +3,7 @@ #ifndef ip_h #define ip_h -#include "bro-config.h" +#include "zeek-config.h" #include "net_util.h" #include "IPAddr.h" #include "Reporter.h" diff --git a/src/IntSet.cc b/src/IntSet.cc index f5b004666c..afc538d6ff 100644 --- a/src/IntSet.cc +++ b/src/IntSet.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #ifdef HAVE_MEMORY_H #include diff --git a/src/List.cc b/src/List.cc index 86129ccfa0..1b8c2fd5e5 100644 --- a/src/List.cc +++ b/src/List.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/NFA.cc b/src/NFA.cc index c53aa4304b..cf2650b21d 100644 --- a/src/NFA.cc +++ b/src/NFA.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NFA.h" #include "EquivClass.h" diff --git a/src/Net.cc b/src/Net.cc index b61d365a2a..c6b285c6c6 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #ifdef TIME_WITH_SYS_TIME diff --git a/src/NetVar.cc b/src/NetVar.cc index 57a5452123..3aded363c4 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Var.h" #include "NetVar.h" diff --git a/src/Obj.cc b/src/Obj.cc index 023fa0d237..9c3b50a950 100644 --- a/src/Obj.cc +++ b/src/Obj.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/PacketDumper.cc b/src/PacketDumper.cc index 1a53550dfd..0d64c89290 100644 --- a/src/PacketDumper.cc +++ b/src/PacketDumper.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/PolicyFile.cc b/src/PolicyFile.cc index 22f09e6970..a6f93c8d88 100644 --- a/src/PolicyFile.cc +++ b/src/PolicyFile.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/PriorityQueue.cc b/src/PriorityQueue.cc index 5fe0cbef81..9d5278108b 100644 --- a/src/PriorityQueue.cc +++ b/src/PriorityQueue.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Queue.cc b/src/Queue.cc index 587e37063f..90f63a85be 100644 --- a/src/Queue.cc +++ b/src/Queue.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/RE.cc b/src/RE.cc index 517fab4c91..b994f16cc2 100644 --- a/src/RE.cc +++ b/src/RE.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Reassem.cc b/src/Reassem.cc index 0cdeadf80d..7fa70091e0 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "Reassem.h" #include "Serializer.h" diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 3abd8e6423..5f2d88b93a 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -159,7 +159,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #ifdef TIME_WITH_SYS_TIME # include # include diff --git a/src/Reporter.cc b/src/Reporter.cc index cc0542eaac..09a4aa03b5 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -4,7 +4,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Reporter.h" #include "Event.h" #include "NetVar.h" diff --git a/src/Rule.cc b/src/Rule.cc index c483527c63..57cb82f65e 100644 --- a/src/Rule.cc +++ b/src/Rule.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "Rule.h" #include "RuleMatcher.h" diff --git a/src/RuleAction.cc b/src/RuleAction.cc index 3d22e3b56f..edfe2497a2 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -1,7 +1,7 @@ #include using std::string; -#include "bro-config.h" +#include "zeek-config.h" #include "RuleAction.h" #include "RuleMatcher.h" diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index fdb35f5d06..6cd2e9e4c1 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "RuleCondition.h" #include "analyzer/protocol/tcp/TCP.h" diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 5b72264926..6fd13d2db7 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -1,7 +1,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "analyzer/Analyzer.h" #include "RuleMatcher.h" diff --git a/src/Scope.cc b/src/Scope.cc index e260ea3ca7..5107bd8e9a 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "ID.h" #include "Val.h" diff --git a/src/SerialObj.h b/src/SerialObj.h index b502414f71..84334716de 100644 --- a/src/SerialObj.h +++ b/src/SerialObj.h @@ -37,7 +37,7 @@ #include "DebugLogger.h" #include "Continuation.h" #include "SerialTypes.h" -#include "bro-config.h" +#include "zeek-config.h" #if SIZEOF_LONG_LONG < 8 # error "Serialization requires that sizeof(long long) is at least 8. (Remove this message only if you know what you're doing.)" diff --git a/src/Sessions.cc b/src/Sessions.cc index 3507c46e53..04f8ddfa13 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index fba3abfc13..857e45bb9b 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Stmt.cc b/src/Stmt.cc index 6dba9eb251..ca43db96d7 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Expr.h" #include "Event.h" diff --git a/src/Tag.h b/src/Tag.h index efc3e359c2..78fe333e12 100644 --- a/src/Tag.h +++ b/src/Tag.h @@ -3,7 +3,7 @@ #ifndef TAG_H #define TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Type.h" diff --git a/src/Timer.cc b/src/Timer.cc index 101733028c..f6c9bf5894 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "Timer.h" diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h index 27729e56b7..5e83d91691 100644 --- a/src/TunnelEncapsulation.h +++ b/src/TunnelEncapsulation.h @@ -3,7 +3,7 @@ #ifndef TUNNELS_H #define TUNNELS_H -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "IPAddr.h" #include "Val.h" diff --git a/src/Type.cc b/src/Type.cc index 78c75a12df..64af7db717 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Type.h" #include "Attr.h" diff --git a/src/Val.cc b/src/Val.cc index 9bc53665fc..592daf7745 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/Var.cc b/src/Var.cc index fb27b7261f..b8f2b7b35d 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Var.h" #include "Func.h" diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index c52bf05fc6..74224e4ba4 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -7,7 +7,7 @@ #include "plugin/Component.h" #include "plugin/TaggedComponent.h" -#include "../bro-config.h" +#include "../zeek-config.h" #include "../util.h" class Connection; diff --git a/src/analyzer/Tag.h b/src/analyzer/Tag.h index 926196c747..92aff38189 100644 --- a/src/analyzer/Tag.h +++ b/src/analyzer/Tag.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_TAG_H #define ANALYZER_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/analyzer/protocol/arp/ARP.h b/src/analyzer/protocol/arp/ARP.h index 86ea14d694..34c944724a 100644 --- a/src/analyzer/protocol/arp/ARP.h +++ b/src/analyzer/protocol/arp/ARP.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_PROTOCOL_ARP_ARP_H #define ANALYZER_PROTOCOL_ARP_ARP_H -#include "bro-config.h" +#include "zeek-config.h" #include #include #include diff --git a/src/analyzer/protocol/backdoor/BackDoor.cc b/src/analyzer/protocol/backdoor/BackDoor.cc index 81b4c0e9a5..2e8d47d1d0 100644 --- a/src/analyzer/protocol/backdoor/BackDoor.cc +++ b/src/analyzer/protocol/backdoor/BackDoor.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "BackDoor.h" #include "Event.h" diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc index f7a96fbb6e..0f401d75de 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index f99a7ca1e9..c9e2c61cd7 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index fcc778f151..127ab048e1 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index d4a659124e..a6f41a6b66 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index 0b0ebadf03..7cc6285c8c 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index cc6403cb3e..291990119a 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 0acbbd9731..3c65a2a831 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "NetVar.h" diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index ba00d9215b..b24675ee53 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/interconn/InterConn.cc b/src/analyzer/protocol/interconn/InterConn.cc index 057280a0fa..e9a9378c90 100644 --- a/src/analyzer/protocol/interconn/InterConn.cc +++ b/src/analyzer/protocol/interconn/InterConn.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "InterConn.h" #include "Event.h" diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 31aba64755..277bb752ff 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index ea651ece42..9f2e6a2de4 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index b3cca3f5c4..9485e6269e 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "Event.h" diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 0c7386e59f..62b391849b 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "Event.h" diff --git a/src/analyzer/protocol/login/Telnet.cc b/src/analyzer/protocol/login/Telnet.cc index 78a3289931..5a187a8221 100644 --- a/src/analyzer/protocol/login/Telnet.cc +++ b/src/analyzer/protocol/login/Telnet.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "Telnet.h" #include "NVT.h" diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 35b9832020..8fb027f8e8 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1,4 +1,4 @@ -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "MIME.h" diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index de13e4a6e7..e8407b9fc4 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index c643f8ced7..94812d816c 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index a4c147b464..61fd92ee84 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "NTP.h" diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index d8601ed3ba..62b57674e1 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -1,7 +1,7 @@ // This code contributed to Bro by Florian Schimandl, Hugh Dollman and // Robin Sommer. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 4473826830..643aa21891 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 089d89ea98..9eb9e88d95 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index cb3944519f..eb26991921 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index be0be02232..587050f897 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -4,7 +4,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "NetVar.h" #include "XDR.h" diff --git a/src/analyzer/protocol/rpc/XDR.cc b/src/analyzer/protocol/rpc/XDR.cc index 9ae1ba1236..33973327ee 100644 --- a/src/analyzer/protocol/rpc/XDR.cc +++ b/src/analyzer/protocol/rpc/XDR.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "XDR.h" diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index aa049c994b..2ba011b8ef 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 29315faa74..d3844846b9 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 74375e673c..8cbb400b9f 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Net.h" #include "NetVar.h" diff --git a/src/analyzer/protocol/zip/ZIP.h b/src/analyzer/protocol/zip/ZIP.h index de22803b26..89838729cd 100644 --- a/src/analyzer/protocol/zip/ZIP.h +++ b/src/analyzer/protocol/zip/ZIP.h @@ -3,7 +3,7 @@ #ifndef ANALYZER_PROTOCOL_ZIP_ZIP_H #define ANALYZER_PROTOCOL_ZIP_ZIP_H -#include "bro-config.h" +#include "zeek-config.h" #include "zlib.h" #include "analyzer/protocol/tcp/TCP.h" diff --git a/src/bsd-getopt-long.c b/src/bsd-getopt-long.c index 65a3d94093..dc880f87dd 100644 --- a/src/bsd-getopt-long.c +++ b/src/bsd-getopt-long.c @@ -54,7 +54,7 @@ #define IN_GETOPT_LONG_C 1 -#include +#include #include #include #include diff --git a/src/file_analysis/Component.h b/src/file_analysis/Component.h index b4bcbb9552..85e53a5cde 100644 --- a/src/file_analysis/Component.h +++ b/src/file_analysis/Component.h @@ -9,7 +9,7 @@ #include "Val.h" -#include "../bro-config.h" +#include "../zeek-config.h" #include "../util.h" namespace file_analysis { diff --git a/src/file_analysis/Tag.h b/src/file_analysis/Tag.h index 9d131fa808..a0f6634f64 100644 --- a/src/file_analysis/Tag.h +++ b/src/file_analysis/Tag.h @@ -3,7 +3,7 @@ #ifndef FILE_ANALYZER_TAG_H #define FILE_ANALYZER_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/input/Tag.h b/src/input/Tag.h index 91d7539a39..1d4bcc2f9f 100644 --- a/src/input/Tag.h +++ b/src/input/Tag.h @@ -3,7 +3,7 @@ #ifndef INPUT_TAG_H #define INPUT_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/input/readers/sqlite/SQLite.cc b/src/input/readers/sqlite/SQLite.cc index 40c0f8a063..1d016867b2 100644 --- a/src/input/readers/sqlite/SQLite.cc +++ b/src/input/readers/sqlite/SQLite.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/input/readers/sqlite/SQLite.h b/src/input/readers/sqlite/SQLite.h index 2aa01017e1..4255a2841f 100644 --- a/src/input/readers/sqlite/SQLite.h +++ b/src/input/readers/sqlite/SQLite.h @@ -3,7 +3,7 @@ #ifndef INPUT_READERS_SQLITE_H #define INPUT_READERS_SQLITE_H -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/iosource/BPF_Program.cc b/src/iosource/BPF_Program.cc index ca5a6eef54..901010e9bc 100644 --- a/src/iosource/BPF_Program.cc +++ b/src/iosource/BPF_Program.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "BPF_Program.h" diff --git a/src/iosource/PktDumper.cc b/src/iosource/PktDumper.cc index 10c95e8021..863c46ec81 100644 --- a/src/iosource/PktDumper.cc +++ b/src/iosource/PktDumper.cc @@ -4,7 +4,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "PktDumper.h" diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index 343801ab7d..faa12a020b 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -3,7 +3,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "PktSrc.h" diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index fb9954981c..119280f1e5 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -2,7 +2,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "Source.h" #include "iosource/Packet.h" diff --git a/src/logging/Tag.h b/src/logging/Tag.h index ab0a702d47..07c45826b8 100644 --- a/src/logging/Tag.h +++ b/src/logging/Tag.h @@ -3,7 +3,7 @@ #ifndef LOGGING_TAG_H #define LOGGING_TAG_H -#include "bro-config.h" +#include "zeek-config.h" #include "util.h" #include "../Tag.h" #include "plugin/TaggedComponent.h" diff --git a/src/logging/writers/sqlite/SQLite.cc b/src/logging/writers/sqlite/SQLite.cc index 977a0c6089..3374c05c9c 100644 --- a/src/logging/writers/sqlite/SQLite.cc +++ b/src/logging/writers/sqlite/SQLite.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/logging/writers/sqlite/SQLite.h b/src/logging/writers/sqlite/SQLite.h index 3ad535e543..7e8ff739b3 100644 --- a/src/logging/writers/sqlite/SQLite.h +++ b/src/logging/writers/sqlite/SQLite.h @@ -5,7 +5,7 @@ #ifndef LOGGING_WRITER_SQLITE_H #define LOGGING_WRITER_SQLITE_H -#include "bro-config.h" +#include "zeek-config.h" #include "logging/WriterBackend.h" #include "threading/formatters/Ascii.h" diff --git a/src/main.cc b/src/main.cc index afd3106986..ae406ea1d9 100644 --- a/src/main.cc +++ b/src/main.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/nb_dns.c b/src/nb_dns.c index f8abc167b5..f8d939b4ab 100644 --- a/src/nb_dns.c +++ b/src/nb_dns.c @@ -11,7 +11,7 @@ * crack reply buffers is private. */ -#include "bro-config.h" /* must appear before first ifdef */ +#include "zeek-config.h" /* must appear before first ifdef */ #include #include diff --git a/src/net_util.cc b/src/net_util.cc index 9f93296d39..6f195a495f 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/net_util.h b/src/net_util.h index 52ee53f1dd..a5e11da74b 100644 --- a/src/net_util.h +++ b/src/net_util.h @@ -3,7 +3,7 @@ #ifndef netutil_h #define netutil_h -#include "bro-config.h" +#include "zeek-config.h" // Define first. typedef enum { diff --git a/src/plugin/Plugin.h b/src/plugin/Plugin.h index 369da09037..4ce2a87dc0 100644 --- a/src/plugin/Plugin.h +++ b/src/plugin/Plugin.h @@ -7,7 +7,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "analyzer/Component.h" #include "file_analysis/Component.h" #include "iosource/Component.h" diff --git a/src/rule-parse.y b/src/rule-parse.y index 3e9c8d7ddf..769fb503e6 100644 --- a/src/rule-parse.y +++ b/src/rule-parse.y @@ -2,7 +2,7 @@ #include #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "RuleMatcher.h" #include "Reporter.h" #include "IPAddr.h" diff --git a/src/setsignal.c b/src/setsignal.c index 6344820398..d740cc8215 100644 --- a/src/setsignal.c +++ b/src/setsignal.c @@ -2,7 +2,7 @@ * See the file "COPYING" in the main distribution directory for copyright. */ -#include "bro-config.h" /* must appear before first ifdef */ +#include "zeek-config.h" /* must appear before first ifdef */ #include diff --git a/src/strsep.c b/src/strsep.c index 8540ac3688..0c65402441 100644 --- a/src/strsep.c +++ b/src/strsep.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -#include "bro-config.h" +#include "zeek-config.h" #ifndef HAVE_STRSEP diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index 95bfd8acd0..67434957e5 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -1,7 +1,7 @@ #include -#include "bro-config.h" +#include "zeek-config.h" #include "BasicThread.h" #include "Manager.h" #include "pthread.h" diff --git a/src/threading/Formatter.cc b/src/threading/Formatter.cc index b881962732..395a7fefa6 100644 --- a/src/threading/Formatter.cc +++ b/src/threading/Formatter.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/threading/formatters/Ascii.cc b/src/threading/formatters/Ascii.cc index 94d450a86f..147305485b 100644 --- a/src/threading/formatters/Ascii.cc +++ b/src/threading/formatters/Ascii.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include #include diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc index 73e9489dc5..a324a08530 100644 --- a/src/threading/formatters/JSON.cc +++ b/src/threading/formatters/JSON.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS diff --git a/src/util.cc b/src/util.cc index 0367700ffb..3279641138 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "bro-config.h" +#include "zeek-config.h" #include "util-config.h" #ifdef TIME_WITH_SYS_TIME diff --git a/src/util.h b/src/util.h index b63b74a3f7..d4ff325eda 100644 --- a/src/util.h +++ b/src/util.h @@ -34,7 +34,7 @@ #include #include -#include "bro-config.h" +#include "zeek-config.h" #include "siphash24.h" #ifdef DEBUG diff --git a/src/version.c.in b/src/version.c.in index 65df65da00..1b7676bf3a 100644 --- a/src/version.c.in +++ b/src/version.c.in @@ -1,5 +1,5 @@ -#include "bro-config.h" +#include "zeek-config.h" char version[] = "@VERSION@"; diff --git a/testing/btest/Baseline/bifs.lookup_ID/out b/testing/btest/Baseline/bifs.lookup_ID/out index 64b6379deb..40170b1f7c 100644 --- a/testing/btest/Baseline/bifs.lookup_ID/out +++ b/testing/btest/Baseline/bifs.lookup_ID/out @@ -1,4 +1,4 @@ -bro test +zeek test diff --git a/testing/btest/Baseline/core.leaks.broker.data/bro..stdout b/testing/btest/Baseline/core.leaks.broker.data/zeek..stdout similarity index 100% rename from testing/btest/Baseline/core.leaks.broker.data/bro..stdout rename to testing/btest/Baseline/core.leaks.broker.data/zeek..stdout diff --git a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output b/testing/btest/Baseline/core.when-interpreter-exceptions/zeek.output similarity index 100% rename from testing/btest/Baseline/core.when-interpreter-exceptions/bro.output rename to testing/btest/Baseline/core.when-interpreter-exceptions/zeek.output diff --git a/testing/btest/Baseline/language.returnwhen/bro..stdout b/testing/btest/Baseline/language.returnwhen/zeek..stdout similarity index 100% rename from testing/btest/Baseline/language.returnwhen/bro..stdout rename to testing/btest/Baseline/language.returnwhen/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.read_config/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.read_config/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.several-files/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.several-files/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.updates/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.config.updates/bro.config.log rename to testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.file-analysis.input.basic/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-file/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-file/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.missing-file/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.missing-file/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stderr similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr rename to testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stderr diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout rename to testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.dir/bro..stdout b/testing/btest/Baseline/scripts.base.utils.dir/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.utils.dir/bro..stdout rename to testing/btest/Baseline/scripts.base.utils.dir/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.exec/bro..stdout b/testing/btest/Baseline/scripts.base.utils.exec/zeek..stdout similarity index 100% rename from testing/btest/Baseline/scripts.base.utils.exec/bro..stdout rename to testing/btest/Baseline/scripts.base.utils.exec/zeek..stdout diff --git a/testing/btest/Baseline/scripts.base.utils.paths/output b/testing/btest/Baseline/scripts.base.utils.paths/output index e5693546da..1bf7f738a3 100644 --- a/testing/btest/Baseline/scripts.base.utils.paths/output +++ b/testing/btest/Baseline/scripts.base.utils.paths/output @@ -62,9 +62,9 @@ Expect: /this/is/a/dir\ is\ current\ directory Result: /this/is/a/dir\ is\ current\ directory Result: SUCCESS =============================== -Given : hey, /foo/bar/baz.bro is a cool script -Expect: /foo/bar/baz.bro -Result: /foo/bar/baz.bro +Given : hey, /foo/bar/baz.zeek is a cool script +Expect: /foo/bar/baz.zeek +Result: /foo/bar/baz.zeek Result: SUCCESS =============================== Given : here's two dirs: /foo/bar and /foo/baz @@ -74,11 +74,11 @@ Result: SUCCESS =============================== test build_path_compressed() =============================== -/home/bro/policy/somefile.bro -/usr/local/bro/share/bro/somefile.bro -/usr/local/bro/somefile.bro +/home/bro/policy/somefile.zeek +/usr/local/bro/share/bro/somefile.zeek +/usr/local/bro/somefile.zeek =============================== test build_full_path() =============================== -/home/bro//policy/somefile.bro -/usr/local/bro/share/bro/somefile.bro +/home/bro//policy/somefile.zeek +/usr/local/bro/share/bro/somefile.zeek diff --git a/testing/btest/Baseline/scripts.policy.misc.weird-stats/bro.weird_stats.log b/testing/btest/Baseline/scripts.policy.misc.weird-stats/zeek.weird_stats.log similarity index 100% rename from testing/btest/Baseline/scripts.policy.misc.weird-stats/bro.weird_stats.log rename to testing/btest/Baseline/scripts.policy.misc.weird-stats/zeek.weird_stats.log diff --git a/testing/btest/bifs/addr_count_conversion.zeek b/testing/btest/bifs/addr_count_conversion.zeek index fb87a0c6a3..c27d154932 100644 --- a/testing/btest/bifs/addr_count_conversion.zeek +++ b/testing/btest/bifs/addr_count_conversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global v: index_vec; diff --git a/testing/btest/bifs/addr_to_ptr_name.zeek b/testing/btest/bifs/addr_to_ptr_name.zeek index ac2391cf9b..113750cb4e 100644 --- a/testing/btest/bifs/addr_to_ptr_name.zeek +++ b/testing/btest/bifs/addr_to_ptr_name.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print addr_to_ptr_name([2607:f8b0:4009:802::1012]); diff --git a/testing/btest/bifs/addr_version.zeek b/testing/btest/bifs/addr_version.zeek index bf96c0d1f3..ca3e4a3100 100644 --- a/testing/btest/bifs/addr_version.zeek +++ b/testing/btest/bifs/addr_version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print is_v4_addr(1.2.3.4); diff --git a/testing/btest/bifs/all_set.zeek b/testing/btest/bifs/all_set.zeek index 86a56ed9fa..70a5ea0ecd 100644 --- a/testing/btest/bifs/all_set.zeek +++ b/testing/btest/bifs/all_set.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/analyzer_name.zeek b/testing/btest/bifs/analyzer_name.zeek index b763aabe08..fc896dc417 100644 --- a/testing/btest/bifs/analyzer_name.zeek +++ b/testing/btest/bifs/analyzer_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/any_set.zeek b/testing/btest/bifs/any_set.zeek index e19a467206..b64fbb461d 100644 --- a/testing/btest/bifs/any_set.zeek +++ b/testing/btest/bifs/any_set.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/bloomfilter-seed.zeek b/testing/btest/bifs/bloomfilter-seed.zeek index 24531de915..bfa0b0795f 100644 --- a/testing/btest/bifs/bloomfilter-seed.zeek +++ b/testing/btest/bifs/bloomfilter-seed.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT global_hash_seed="foo" >>output -# @TEST-EXEC: bro -b %INPUT global_hash_seed="my_seed" >>output +# @TEST-EXEC: zeek -b %INPUT global_hash_seed="foo" >>output +# @TEST-EXEC: zeek -b %INPUT global_hash_seed="my_seed" >>output # @TEST-EXEC: btest-diff output type Foo: record diff --git a/testing/btest/bifs/bloomfilter.zeek b/testing/btest/bifs/bloomfilter.zeek index dbad5acf5a..6b7abf3a17 100644 --- a/testing/btest/bifs/bloomfilter.zeek +++ b/testing/btest/bifs/bloomfilter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output function test_basic_bloom_filter() diff --git a/testing/btest/bifs/bro_version.zeek b/testing/btest/bifs/bro_version.zeek index f4de22e09d..84d485a292 100644 --- a/testing/btest/bifs/bro_version.zeek +++ b/testing/btest/bifs/bro_version.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/bytestring_to_count.zeek b/testing/btest/bifs/bytestring_to_count.zeek index 5d15bde38b..2368533432 100644 --- a/testing/btest/bifs/bytestring_to_count.zeek +++ b/testing/btest/bifs/bytestring_to_count.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/bifs/bytestring_to_double.zeek b/testing/btest/bifs/bytestring_to_double.zeek index 6ebcbe503b..ef6890bd61 100644 --- a/testing/btest/bifs/bytestring_to_double.zeek +++ b/testing/btest/bifs/bytestring_to_double.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/bytestring_to_hexstr.zeek b/testing/btest/bifs/bytestring_to_hexstr.zeek index 0b3e8154ab..ec0e23005e 100644 --- a/testing/btest/bifs/bytestring_to_hexstr.zeek +++ b/testing/btest/bifs/bytestring_to_hexstr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/capture_state_updates.zeek b/testing/btest/bifs/capture_state_updates.zeek index 17d015a661..b9a802a53d 100644 --- a/testing/btest/bifs/capture_state_updates.zeek +++ b/testing/btest/bifs/capture_state_updates.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: test -f testfile diff --git a/testing/btest/bifs/cat.zeek b/testing/btest/bifs/cat.zeek index 5e811f147e..5540ebf106 100644 --- a/testing/btest/bifs/cat.zeek +++ b/testing/btest/bifs/cat.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/cat_string_array.zeek b/testing/btest/bifs/cat_string_array.zeek index f9aa3f266d..70c1b78029 100644 --- a/testing/btest/bifs/cat_string_array.zeek +++ b/testing/btest/bifs/cat_string_array.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/check_subnet.zeek b/testing/btest/bifs/check_subnet.zeek index d476be1bc8..5dfe2c1f72 100644 --- a/testing/btest/bifs/check_subnet.zeek +++ b/testing/btest/bifs/check_subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testt: set[subnet] = { diff --git a/testing/btest/bifs/checkpoint_state.zeek b/testing/btest/bifs/checkpoint_state.zeek index e9eeeccb75..dc49ab5e98 100644 --- a/testing/btest/bifs/checkpoint_state.zeek +++ b/testing/btest/bifs/checkpoint_state.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test -f .state/state.bst event zeek_init() diff --git a/testing/btest/bifs/clear_table.zeek b/testing/btest/bifs/clear_table.zeek index a6c2e67341..08c91e9908 100644 --- a/testing/btest/bifs/clear_table.zeek +++ b/testing/btest/bifs/clear_table.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/convert_for_pattern.zeek b/testing/btest/bifs/convert_for_pattern.zeek index 1828284f37..0962abfe31 100644 --- a/testing/btest/bifs/convert_for_pattern.zeek +++ b/testing/btest/bifs/convert_for_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/count_to_addr.zeek b/testing/btest/bifs/count_to_addr.zeek index 4abbaf8d1e..8229f9a4a9 100644 --- a/testing/btest/bifs/count_to_addr.zeek +++ b/testing/btest/bifs/count_to_addr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/create_file.zeek b/testing/btest/bifs/create_file.zeek index db7d38d087..0336f9ab33 100644 --- a/testing/btest/bifs/create_file.zeek +++ b/testing/btest/bifs/create_file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff testfile # @TEST-EXEC: btest-diff testfile2 diff --git a/testing/btest/bifs/current_analyzer.zeek b/testing/btest/bifs/current_analyzer.zeek index 8678907320..14acc0d55c 100644 --- a/testing/btest/bifs/current_analyzer.zeek +++ b/testing/btest/bifs/current_analyzer.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/current_time.zeek b/testing/btest/bifs/current_time.zeek index 4d2712ae98..c29ae969f8 100644 --- a/testing/btest/bifs/current_time.zeek +++ b/testing/btest/bifs/current_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/decode_base64.zeek b/testing/btest/bifs/decode_base64.zeek index 2d552a2523..84336b1067 100644 --- a/testing/btest/bifs/decode_base64.zeek +++ b/testing/btest/bifs/decode_base64.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out global default_alphabet: string = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; diff --git a/testing/btest/bifs/decode_base64_conn.zeek b/testing/btest/bifs/decode_base64_conn.zeek index e515ed68ac..57d9af69c9 100644 --- a/testing/btest/bifs/decode_base64_conn.zeek +++ b/testing/btest/bifs/decode_base64_conn.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT >out # @TEST-EXEC: btest-diff weird.log event connection_established(c: connection) diff --git a/testing/btest/bifs/directory_operations.zeek b/testing/btest/bifs/directory_operations.zeek index 0a5a8b0413..e5282eb47b 100644 --- a/testing/btest/bifs/directory_operations.zeek +++ b/testing/btest/bifs/directory_operations.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/dump_current_packet.zeek b/testing/btest/bifs/dump_current_packet.zeek index e61c9585cd..d78252edf4 100644 --- a/testing/btest/bifs/dump_current_packet.zeek +++ b/testing/btest/bifs/dump_current_packet.zeek @@ -1,5 +1,5 @@ # @TEST-REQUIRES: which hexdump -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: hexdump -C 1.pcap >1.hex # @TEST-EXEC: hexdump -C 2.pcap >2.hex # @TEST-EXEC: btest-diff 1.hex diff --git a/testing/btest/bifs/edit.zeek b/testing/btest/bifs/edit.zeek index ba6ebdef38..c33289f0e5 100644 --- a/testing/btest/bifs/edit.zeek +++ b/testing/btest/bifs/edit.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/enable_raw_output.test b/testing/btest/bifs/enable_raw_output.test index 14bd2110ee..c46b6e317f 100644 --- a/testing/btest/bifs/enable_raw_output.test +++ b/testing/btest/bifs/enable_raw_output.test @@ -1,7 +1,7 @@ # Files which enable raw output via the BiF shouldn't interpret NUL characters # in strings that are `print`ed to it. -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: tr '\000' 'X' output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cmp myfile hookfile diff --git a/testing/btest/bifs/encode_base64.zeek b/testing/btest/bifs/encode_base64.zeek index bbad715ecc..435f735c70 100644 --- a/testing/btest/bifs/encode_base64.zeek +++ b/testing/btest/bifs/encode_base64.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out global default_alphabet: string = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; diff --git a/testing/btest/bifs/entropy_test.zeek b/testing/btest/bifs/entropy_test.zeek index 11effd1159..fe1d80cc21 100644 --- a/testing/btest/bifs/entropy_test.zeek +++ b/testing/btest/bifs/entropy_test.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/enum_to_int.zeek b/testing/btest/bifs/enum_to_int.zeek index b48c925c8f..17fd1ff8a9 100644 --- a/testing/btest/bifs/enum_to_int.zeek +++ b/testing/btest/bifs/enum_to_int.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out export { diff --git a/testing/btest/bifs/escape_string.zeek b/testing/btest/bifs/escape_string.zeek index 4ae79a869a..93c593d833 100644 --- a/testing/btest/bifs/escape_string.zeek +++ b/testing/btest/bifs/escape_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/exit.zeek b/testing/btest/bifs/exit.zeek index 03ea13efd3..e9a27f6379 100644 --- a/testing/btest/bifs/exit.zeek +++ b/testing/btest/bifs/exit.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out || test $? -eq 7 +# @TEST-EXEC: zeek -b %INPUT >out || test $? -eq 7 # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/file_mode.zeek b/testing/btest/bifs/file_mode.zeek index de43439080..8fe39b6404 100644 --- a/testing/btest/bifs/file_mode.zeek +++ b/testing/btest/bifs/file_mode.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/filter_subnet_table.zeek b/testing/btest/bifs/filter_subnet_table.zeek index 79829bc252..b11cbf0a8f 100644 --- a/testing/btest/bifs/filter_subnet_table.zeek +++ b/testing/btest/bifs/filter_subnet_table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testa: set[subnet] = { diff --git a/testing/btest/bifs/find_all.zeek b/testing/btest/bifs/find_all.zeek index cb7e7b35d0..c51086ade0 100644 --- a/testing/btest/bifs/find_all.zeek +++ b/testing/btest/bifs/find_all.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/find_entropy.zeek b/testing/btest/bifs/find_entropy.zeek index 771a6221f7..d8be9c08a6 100644 --- a/testing/btest/bifs/find_entropy.zeek +++ b/testing/btest/bifs/find_entropy.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/find_last.zeek b/testing/btest/bifs/find_last.zeek index 0eab201464..1f986cc6cd 100644 --- a/testing/btest/bifs/find_last.zeek +++ b/testing/btest/bifs/find_last.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/fmt.zeek b/testing/btest/bifs/fmt.zeek index 979dbafe67..3f3b58073d 100644 --- a/testing/btest/bifs/fmt.zeek +++ b/testing/btest/bifs/fmt.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type color: enum { Red, Blue }; diff --git a/testing/btest/bifs/fmt_ftp_port.zeek b/testing/btest/bifs/fmt_ftp_port.zeek index b265c0ad67..956b223cf0 100644 --- a/testing/btest/bifs/fmt_ftp_port.zeek +++ b/testing/btest/bifs/fmt_ftp_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/get_current_packet_header.zeek b/testing/btest/bifs/get_current_packet_header.zeek index 24144545ef..8efa727e11 100644 --- a/testing/btest/bifs/get_current_packet_header.zeek +++ b/testing/btest/bifs/get_current_packet_header.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output # @TEST-EXEC: btest-diff output event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) diff --git a/testing/btest/bifs/get_matcher_stats.zeek b/testing/btest/bifs/get_matcher_stats.zeek index 76d019caca..5126f614dd 100644 --- a/testing/btest/bifs/get_matcher_stats.zeek +++ b/testing/btest/bifs/get_matcher_stats.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -s mysig %INPUT +# @TEST-EXEC: zeek -b -s mysig %INPUT @TEST-START-FILE mysig.sig signature my_ftp_client { diff --git a/testing/btest/bifs/get_port_transport_proto.zeek b/testing/btest/bifs/get_port_transport_proto.zeek index 18dfdd4974..8ebbc3adaa 100644 --- a/testing/btest/bifs/get_port_transport_proto.zeek +++ b/testing/btest/bifs/get_port_transport_proto.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/gethostname.zeek b/testing/btest/bifs/gethostname.zeek index b30407190d..dd94b446c6 100644 --- a/testing/btest/bifs/gethostname.zeek +++ b/testing/btest/bifs/gethostname.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/getpid.zeek b/testing/btest/bifs/getpid.zeek index a7348d4743..a1fbcde8bf 100644 --- a/testing/btest/bifs/getpid.zeek +++ b/testing/btest/bifs/getpid.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/getsetenv.zeek b/testing/btest/bifs/getsetenv.zeek index 24fecb7800..63f973e36d 100644 --- a/testing/btest/bifs/getsetenv.zeek +++ b/testing/btest/bifs/getsetenv.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: TESTBRO=testvalue bro -b %INPUT >out +# @TEST-EXEC: TESTBRO=testvalue zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/global_ids.zeek b/testing/btest/bifs/global_ids.zeek index 8875065b3b..b3cf1d3645 100644 --- a/testing/btest/bifs/global_ids.zeek +++ b/testing/btest/bifs/global_ids.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/global_sizes.zeek b/testing/btest/bifs/global_sizes.zeek index 5705ae5e95..373cf74425 100644 --- a/testing/btest/bifs/global_sizes.zeek +++ b/testing/btest/bifs/global_sizes.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/haversine_distance.zeek b/testing/btest/bifs/haversine_distance.zeek index 0d2e7891c0..b1429b13c1 100644 --- a/testing/btest/bifs/haversine_distance.zeek +++ b/testing/btest/bifs/haversine_distance.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test(la1: double, lo1: double, la2: double, lo2: double) diff --git a/testing/btest/bifs/hexdump.zeek b/testing/btest/bifs/hexdump.zeek index 10e1855a19..eae0f58409 100644 --- a/testing/btest/bifs/hexdump.zeek +++ b/testing/btest/bifs/hexdump.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/hexstr_to_bytestring.zeek b/testing/btest/bifs/hexstr_to_bytestring.zeek index 0d41ca00a1..41ca6a4823 100644 --- a/testing/btest/bifs/hexstr_to_bytestring.zeek +++ b/testing/btest/bifs/hexstr_to_bytestring.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/hll_cardinality.zeek b/testing/btest/bifs/hll_cardinality.zeek index 6bb9c83708..5a919a9f2f 100644 --- a/testing/btest/bifs/hll_cardinality.zeek +++ b/testing/btest/bifs/hll_cardinality.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro %INPUT>out +# @TEST-EXEC: zeek %INPUT>out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/hll_large_estimate.zeek b/testing/btest/bifs/hll_large_estimate.zeek index 520b9633e3..9238e13b36 100644 --- a/testing/btest/bifs/hll_large_estimate.zeek +++ b/testing/btest/bifs/hll_large_estimate.zeek @@ -1,8 +1,8 @@ # # Test the quality of HLL once by checking adding a large number of IP entries. # -# @TEST-EXEC: bro -b %INPUT > out -# @TEST-EXEC: BRO_SEED_FILE="" bro -b %INPUT > out2 +# @TEST-EXEC: zeek -b %INPUT > out +# @TEST-EXEC: BRO_SEED_FILE="" zeek -b %INPUT > out2 # @TEST-EXEC: head -n1 out2 >> out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/bifs/identify_data.zeek b/testing/btest/bifs/identify_data.zeek index 283c50fc86..8ea6e267a1 100644 --- a/testing/btest/bifs/identify_data.zeek +++ b/testing/btest/bifs/identify_data.zeek @@ -1,5 +1,5 @@ # Text encodings may vary with libmagic version so don't test that part. -# @TEST-EXEC: bro -b %INPUT | sed 's/; charset=.*//g' >out +# @TEST-EXEC: zeek -b %INPUT | sed 's/; charset=.*//g' >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/install_src_addr_filter.test b/testing/btest/bifs/install_src_addr_filter.test index 0ee0c85c43..95d1f51d54 100644 --- a/testing/btest/bifs/install_src_addr_filter.test +++ b/testing/btest/bifs/install_src_addr_filter.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/bifs/is_ascii.zeek b/testing/btest/bifs/is_ascii.zeek index 7930dafa58..505e21e715 100644 --- a/testing/btest/bifs/is_ascii.zeek +++ b/testing/btest/bifs/is_ascii.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/is_local_interface.zeek b/testing/btest/bifs/is_local_interface.zeek index 8667babb85..f1ee1e9990 100644 --- a/testing/btest/bifs/is_local_interface.zeek +++ b/testing/btest/bifs/is_local_interface.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/is_port.zeek b/testing/btest/bifs/is_port.zeek index 709c142070..28f63f63b6 100644 --- a/testing/btest/bifs/is_port.zeek +++ b/testing/btest/bifs/is_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/join_string.zeek b/testing/btest/bifs/join_string.zeek index 1ea1afa5c2..410ac6e9f0 100644 --- a/testing/btest/bifs/join_string.zeek +++ b/testing/btest/bifs/join_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/levenshtein_distance.zeek b/testing/btest/bifs/levenshtein_distance.zeek index b877a68a22..14aaa78264 100644 --- a/testing/btest/bifs/levenshtein_distance.zeek +++ b/testing/btest/bifs/levenshtein_distance.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/lookup_ID.zeek b/testing/btest/bifs/lookup_ID.zeek index 1d11d1a8cb..534e678729 100644 --- a/testing/btest/bifs/lookup_ID.zeek +++ b/testing/btest/bifs/lookup_ID.zeek @@ -1,8 +1,8 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out -global a = "bro test"; +global a = "zeek test"; event zeek_init() { diff --git a/testing/btest/bifs/lowerupper.zeek b/testing/btest/bifs/lowerupper.zeek index 2cb04bfdaa..dfda21d39e 100644 --- a/testing/btest/bifs/lowerupper.zeek +++ b/testing/btest/bifs/lowerupper.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/lstrip.zeek b/testing/btest/bifs/lstrip.zeek index 850ec90d3f..6674b2a49c 100644 --- a/testing/btest/bifs/lstrip.zeek +++ b/testing/btest/bifs/lstrip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/mask_addr.zeek b/testing/btest/bifs/mask_addr.zeek index e69a55f590..36ac6d91dd 100644 --- a/testing/btest/bifs/mask_addr.zeek +++ b/testing/btest/bifs/mask_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; diff --git a/testing/btest/bifs/matching_subnets.zeek b/testing/btest/bifs/matching_subnets.zeek index 3d38d32182..c51915ec0d 100644 --- a/testing/btest/bifs/matching_subnets.zeek +++ b/testing/btest/bifs/matching_subnets.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global testt: set[subnet] = { diff --git a/testing/btest/bifs/math.zeek b/testing/btest/bifs/math.zeek index 288838ffc1..353704f0f9 100644 --- a/testing/btest/bifs/math.zeek +++ b/testing/btest/bifs/math.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/md5.test b/testing/btest/bifs/md5.test index b022302c59..1d00d3f173 100644 --- a/testing/btest/bifs/md5.test +++ b/testing/btest/bifs/md5.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print md5_hash("one"); diff --git a/testing/btest/bifs/merge_pattern.zeek b/testing/btest/bifs/merge_pattern.zeek index 2d99137b56..2699d58452 100644 --- a/testing/btest/bifs/merge_pattern.zeek +++ b/testing/btest/bifs/merge_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/net_stats_trace.test b/testing/btest/bifs/net_stats_trace.test index 1cc1ba5567..0b593c11e4 100644 --- a/testing/btest/bifs/net_stats_trace.test +++ b/testing/btest/bifs/net_stats_trace.test @@ -1,5 +1,5 @@ # Checks that accurate stats are returned when reading from a trace file. -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace >output %INPUT +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace >output %INPUT # @TEST-EXEC: btest-diff output event zeek_done() diff --git a/testing/btest/bifs/netbios-functions.zeek b/testing/btest/bifs/netbios-functions.zeek index 8e65f1d5ec..c3e951ffa8 100644 --- a/testing/btest/bifs/netbios-functions.zeek +++ b/testing/btest/bifs/netbios-functions.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/order.zeek b/testing/btest/bifs/order.zeek index 34c8e8c101..b989bb6095 100644 --- a/testing/btest/bifs/order.zeek +++ b/testing/btest/bifs/order.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function myfunc1(a: addr, b: addr): int diff --git a/testing/btest/bifs/parse_ftp.zeek b/testing/btest/bifs/parse_ftp.zeek index 1e982def27..47b53284e6 100644 --- a/testing/btest/bifs/parse_ftp.zeek +++ b/testing/btest/bifs/parse_ftp.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/piped_exec.zeek b/testing/btest/bifs/piped_exec.zeek index 70f8d70523..469803735e 100644 --- a/testing/btest/bifs/piped_exec.zeek +++ b/testing/btest/bifs/piped_exec.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff test.txt global cmds = "print \"hello world\";"; cmds = string_cat(cmds, "\nprint \"foobar\";"); -if ( piped_exec("bro", cmds) != T ) +if ( piped_exec("zeek", cmds) != T ) exit(1); # Test null output. diff --git a/testing/btest/bifs/ptr_name_to_addr.zeek b/testing/btest/bifs/ptr_name_to_addr.zeek index d1a7878e3d..7779ec7772 100644 --- a/testing/btest/bifs/ptr_name_to_addr.zeek +++ b/testing/btest/bifs/ptr_name_to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global v6 = ptr_name_to_addr("2.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.2.0.8.0.9.0.0.4.0.b.8.f.7.0.6.2.ip6.arpa"); diff --git a/testing/btest/bifs/rand.zeek b/testing/btest/bifs/rand.zeek index 591f0bf035..b4b0facabc 100644 --- a/testing/btest/bifs/rand.zeek +++ b/testing/btest/bifs/rand.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2 +# @TEST-EXEC: zeek -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT do_seed=F >out.2 # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out.2 diff --git a/testing/btest/bifs/raw_bytes_to_v4_addr.zeek b/testing/btest/bifs/raw_bytes_to_v4_addr.zeek index 9ac266a0bd..1229ac6135 100644 --- a/testing/btest/bifs/raw_bytes_to_v4_addr.zeek +++ b/testing/btest/bifs/raw_bytes_to_v4_addr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/reading_traces.zeek b/testing/btest/bifs/reading_traces.zeek index e6fa21999e..11d1e2a3f7 100644 --- a/testing/btest/bifs/reading_traces.zeek +++ b/testing/btest/bifs/reading_traces.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b %INPUT >out1 +# @TEST-EXEC: zeek -b %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: bro -r $TRACES/web.trace %INPUT >out2 +# @TEST-EXEC: zeek -r $TRACES/web.trace %INPUT >out2 # @TEST-EXEC: btest-diff out2 event zeek_init() diff --git a/testing/btest/bifs/record_type_to_vector.zeek b/testing/btest/bifs/record_type_to_vector.zeek index e5e79a4f49..3b45af835b 100644 --- a/testing/btest/bifs/record_type_to_vector.zeek +++ b/testing/btest/bifs/record_type_to_vector.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type myrecord: record { diff --git a/testing/btest/bifs/records_fields.zeek b/testing/btest/bifs/records_fields.zeek index a130a63267..632bcb2fcf 100644 --- a/testing/btest/bifs/records_fields.zeek +++ b/testing/btest/bifs/records_fields.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type myrec: record { diff --git a/testing/btest/bifs/remask_addr.zeek b/testing/btest/bifs/remask_addr.zeek index 7b7e89c018..1014b22550 100644 --- a/testing/btest/bifs/remask_addr.zeek +++ b/testing/btest/bifs/remask_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; diff --git a/testing/btest/bifs/resize.zeek b/testing/btest/bifs/resize.zeek index 97c3b8c20b..483564ef1f 100644 --- a/testing/btest/bifs/resize.zeek +++ b/testing/btest/bifs/resize.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/reverse.zeek b/testing/btest/bifs/reverse.zeek index b6831ef3a7..9a87704cc0 100644 --- a/testing/btest/bifs/reverse.zeek +++ b/testing/btest/bifs/reverse.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/rotate_file.zeek b/testing/btest/bifs/rotate_file.zeek index a7c3bf3971..028b374653 100644 --- a/testing/btest/bifs/rotate_file.zeek +++ b/testing/btest/bifs/rotate_file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/rotate_file_by_name.zeek b/testing/btest/bifs/rotate_file_by_name.zeek index b02d4011be..985084e6ed 100644 --- a/testing/btest/bifs/rotate_file_by_name.zeek +++ b/testing/btest/bifs/rotate_file_by_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/routing0_data_to_addrs.test b/testing/btest/bifs/routing0_data_to_addrs.test index a20bb3bf59..1c81eb0cd1 100644 --- a/testing/btest/bifs/routing0_data_to_addrs.test +++ b/testing/btest/bifs/routing0_data_to_addrs.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output # @TEST-EXEC: btest-diff output event ipv6_ext_headers(c: connection, p: pkt_hdr) diff --git a/testing/btest/bifs/rstrip.zeek b/testing/btest/bifs/rstrip.zeek index f99ebd5f8d..2f19af4207 100644 --- a/testing/btest/bifs/rstrip.zeek +++ b/testing/btest/bifs/rstrip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/safe_shell_quote.zeek b/testing/btest/bifs/safe_shell_quote.zeek index 9f43fe4089..46940a0976 100644 --- a/testing/btest/bifs/safe_shell_quote.zeek +++ b/testing/btest/bifs/safe_shell_quote.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/same_object.zeek b/testing/btest/bifs/same_object.zeek index 8e38912f58..0afc362f04 100644 --- a/testing/btest/bifs/same_object.zeek +++ b/testing/btest/bifs/same_object.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/sha1.test b/testing/btest/bifs/sha1.test index 7bbd8b002e..1e9396b602 100644 --- a/testing/btest/bifs/sha1.test +++ b/testing/btest/bifs/sha1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print sha1_hash("one"); diff --git a/testing/btest/bifs/sha256.test b/testing/btest/bifs/sha256.test index a1c17f7113..83c937029a 100644 --- a/testing/btest/bifs/sha256.test +++ b/testing/btest/bifs/sha256.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output print sha256_hash("one"); diff --git a/testing/btest/bifs/sort.zeek b/testing/btest/bifs/sort.zeek index 2f3789c8a9..8bfd1c5f5d 100644 --- a/testing/btest/bifs/sort.zeek +++ b/testing/btest/bifs/sort.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function myfunc1(a: addr, b: addr): int diff --git a/testing/btest/bifs/sort_string_array.zeek b/testing/btest/bifs/sort_string_array.zeek index 3d3949d89b..ab783f8150 100644 --- a/testing/btest/bifs/sort_string_array.zeek +++ b/testing/btest/bifs/sort_string_array.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/split.zeek b/testing/btest/bifs/split.zeek index 2485c3af1f..deaa18ed1c 100644 --- a/testing/btest/bifs/split.zeek +++ b/testing/btest/bifs/split.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/split_string.zeek b/testing/btest/bifs/split_string.zeek index 2f67921a04..9692f32da5 100644 --- a/testing/btest/bifs/split_string.zeek +++ b/testing/btest/bifs/split_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function print_string_vector(v: string_vec) diff --git a/testing/btest/bifs/str_shell_escape.zeek b/testing/btest/bifs/str_shell_escape.zeek index 9079ef3953..f3f08b0072 100644 --- a/testing/btest/bifs/str_shell_escape.zeek +++ b/testing/btest/bifs/str_shell_escape.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strcmp.zeek b/testing/btest/bifs/strcmp.zeek index 6893656e69..93528ed8f1 100644 --- a/testing/btest/bifs/strcmp.zeek +++ b/testing/btest/bifs/strcmp.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strftime.zeek b/testing/btest/bifs/strftime.zeek index 8a9f42d8b3..5a68892a22 100644 --- a/testing/btest/bifs/strftime.zeek +++ b/testing/btest/bifs/strftime.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/string_fill.zeek b/testing/btest/bifs/string_fill.zeek index 81a447ed47..9398588b2a 100644 --- a/testing/btest/bifs/string_fill.zeek +++ b/testing/btest/bifs/string_fill.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/string_to_pattern.zeek b/testing/btest/bifs/string_to_pattern.zeek index 089cc3c557..d7e36f7fa8 100644 --- a/testing/btest/bifs/string_to_pattern.zeek +++ b/testing/btest/bifs/string_to_pattern.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strip.zeek b/testing/btest/bifs/strip.zeek index ae80811a30..caed076f2c 100644 --- a/testing/btest/bifs/strip.zeek +++ b/testing/btest/bifs/strip.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strptime.zeek b/testing/btest/bifs/strptime.zeek index c8f57b1dfc..3923ced4c0 100644 --- a/testing/btest/bifs/strptime.zeek +++ b/testing/btest/bifs/strptime.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/strstr.zeek b/testing/btest/bifs/strstr.zeek index 75a362375a..23f8c871ed 100644 --- a/testing/btest/bifs/strstr.zeek +++ b/testing/btest/bifs/strstr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/sub.zeek b/testing/btest/bifs/sub.zeek index f83113ad19..1ad4e60137 100644 --- a/testing/btest/bifs/sub.zeek +++ b/testing/btest/bifs/sub.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/subnet_to_addr.zeek b/testing/btest/bifs/subnet_to_addr.zeek index 02bb6254e0..45cac551d2 100644 --- a/testing/btest/bifs/subnet_to_addr.zeek +++ b/testing/btest/bifs/subnet_to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/subnet_version.zeek b/testing/btest/bifs/subnet_version.zeek index 1efd633f68..a01bc77dd3 100644 --- a/testing/btest/bifs/subnet_version.zeek +++ b/testing/btest/bifs/subnet_version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print is_v4_subnet(1.2.3.4/16); diff --git a/testing/btest/bifs/subst_string.zeek b/testing/btest/bifs/subst_string.zeek index 186ca7f921..7ceb8040a2 100644 --- a/testing/btest/bifs/subst_string.zeek +++ b/testing/btest/bifs/subst_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/system.zeek b/testing/btest/bifs/system.zeek index e488601ee5..7dab420ed0 100644 --- a/testing/btest/bifs/system.zeek +++ b/testing/btest/bifs/system.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/system_env.zeek b/testing/btest/bifs/system_env.zeek index beece2e2c6..7332990fa2 100644 --- a/testing/btest/bifs/system_env.zeek +++ b/testing/btest/bifs/system_env.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testfile event zeek_init() diff --git a/testing/btest/bifs/to_addr.zeek b/testing/btest/bifs/to_addr.zeek index 3a43438bb7..bbef484f72 100644 --- a/testing/btest/bifs/to_addr.zeek +++ b/testing/btest/bifs/to_addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/to_count.zeek b/testing/btest/bifs/to_count.zeek index dc87fe94b9..7489ca8b79 100644 --- a/testing/btest/bifs/to_count.zeek +++ b/testing/btest/bifs/to_count.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_double.zeek b/testing/btest/bifs/to_double.zeek index b2d2d65f4d..d62d30d5af 100644 --- a/testing/btest/bifs/to_double.zeek +++ b/testing/btest/bifs/to_double.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_double_from_string.zeek b/testing/btest/bifs/to_double_from_string.zeek index 781261084f..106a987eb4 100644 --- a/testing/btest/bifs/to_double_from_string.zeek +++ b/testing/btest/bifs/to_double_from_string.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff error diff --git a/testing/btest/bifs/to_int.zeek b/testing/btest/bifs/to_int.zeek index fe7d530835..23e74030ba 100644 --- a/testing/btest/bifs/to_int.zeek +++ b/testing/btest/bifs/to_int.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_interval.zeek b/testing/btest/bifs/to_interval.zeek index b877cedacc..a9bab7b675 100644 --- a/testing/btest/bifs/to_interval.zeek +++ b/testing/btest/bifs/to_interval.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_port.zeek b/testing/btest/bifs/to_port.zeek index 9c53de7297..b1e220f982 100644 --- a/testing/btest/bifs/to_port.zeek +++ b/testing/btest/bifs/to_port.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/to_subnet.zeek b/testing/btest/bifs/to_subnet.zeek index 59064893e1..ebce392c98 100644 --- a/testing/btest/bifs/to_subnet.zeek +++ b/testing/btest/bifs/to_subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: zeek -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff error diff --git a/testing/btest/bifs/to_time.zeek b/testing/btest/bifs/to_time.zeek index b286d92ea4..f2e9032176 100644 --- a/testing/btest/bifs/to_time.zeek +++ b/testing/btest/bifs/to_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/topk.zeek b/testing/btest/bifs/topk.zeek index 06246da4ac..667107cbc0 100644 --- a/testing/btest/bifs/topk.zeek +++ b/testing/btest/bifs/topk.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/type_name.zeek b/testing/btest/bifs/type_name.zeek index 6f9f9c6f32..e78f52af3c 100644 --- a/testing/btest/bifs/type_name.zeek +++ b/testing/btest/bifs/type_name.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type color: enum { Red, Blue }; diff --git a/testing/btest/bifs/unique_id-pools.zeek b/testing/btest/bifs/unique_id-pools.zeek index ba31485dc3..7e615d6625 100644 --- a/testing/btest/bifs/unique_id-pools.zeek +++ b/testing/btest/bifs/unique_id-pools.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro order_rand | sort >out.1 -# @TEST-EXEC: bro order_base | sort >out.2 +# @TEST-EXEC: zeek order_rand | sort >out.1 +# @TEST-EXEC: zeek order_base | sort >out.2 # @TEST-EXEC: cmp out.1 out.2 @TEST-START-FILE order_rand.zeek diff --git a/testing/btest/bifs/unique_id-rnd.zeek b/testing/btest/bifs/unique_id-rnd.zeek index 02be9fcb92..6a694ae588 100644 --- a/testing/btest/bifs/unique_id-rnd.zeek +++ b/testing/btest/bifs/unique_id-rnd.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: BRO_SEED_FILE= bro -b %INPUT >out -# @TEST-EXEC: BRO_SEED_FILE= bro -b %INPUT >>out +# @TEST-EXEC: BRO_SEED_FILE= zeek -b %INPUT >out +# @TEST-EXEC: BRO_SEED_FILE= zeek -b %INPUT >>out # @TEST-EXEC: cat out | sort | uniq | wc -l | sed 's/ //g' >count # @TEST-EXEC: btest-diff count diff --git a/testing/btest/bifs/unique_id.zeek b/testing/btest/bifs/unique_id.zeek index d87c757f3f..db640a6081 100644 --- a/testing/btest/bifs/unique_id.zeek +++ b/testing/btest/bifs/unique_id.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print unique_id("A-"); diff --git a/testing/btest/bifs/uuid_to_string.zeek b/testing/btest/bifs/uuid_to_string.zeek index 2df9d2f0f0..21c29eb3e6 100644 --- a/testing/btest/bifs/uuid_to_string.zeek +++ b/testing/btest/bifs/uuid_to_string.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_init() diff --git a/testing/btest/bifs/val_size.zeek b/testing/btest/bifs/val_size.zeek index 8757bde285..b375c94551 100644 --- a/testing/btest/bifs/val_size.zeek +++ b/testing/btest/bifs/val_size.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT event zeek_init() { diff --git a/testing/btest/bifs/x509_verify.zeek b/testing/btest/bifs/x509_verify.zeek index 2afc735172..2786ee04b4 100644 --- a/testing/btest/bifs/x509_verify.zeek +++ b/testing/btest/bifs/x509_verify.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT # This is a hack: the results of OpenSSL 1.1's vs 1.0's # X509_verify_cert() -> X509_STORE_CTX_get1_chain() calls diff --git a/testing/btest/broker/connect-on-retry.zeek b/testing/btest/broker/connect-on-retry.zeek index ac5caffb69..55e98cb27d 100644 --- a/testing/btest/broker/connect-on-retry.zeek +++ b/testing/btest/broker/connect-on-retry.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/disconnect.zeek b/testing/btest/broker/disconnect.zeek index 7b4d2f7540..c5ad155193 100644 --- a/testing/btest/broker/disconnect.zeek +++ b/testing/btest/broker/disconnect.zeek @@ -1,11 +1,11 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 45 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run recv2 "bro -B broker -b ../recv.zeek >recv2.out" +# @TEST-EXEC: btest-bg-run recv2 "zeek -B broker -b ../recv.zeek >recv2.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff send/send.out diff --git a/testing/btest/broker/error.zeek b/testing/btest/broker/error.zeek index e6b902e6bb..dec46bbbe3 100644 --- a/testing/btest/broker/error.zeek +++ b/testing/btest/broker/error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -B main-loop,broker -b send.zeek >send.out +# @TEST-EXEC: zeek -B main-loop,broker -b send.zeek >send.out # @TEST-EXEC: btest-diff send.out # diff --git a/testing/btest/broker/remote_event.zeek b/testing/btest/broker/remote_event.zeek index b160506f8f..0fec6e4628 100644 --- a/testing/btest/broker/remote_event.zeek +++ b/testing/btest/broker/remote_event.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_any.zeek b/testing/btest/broker/remote_event_any.zeek index b4df830195..d45dcfdee2 100644 --- a/testing/btest/broker/remote_event_any.zeek +++ b/testing/btest/broker/remote_event_any.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_auto.zeek b/testing/btest/broker/remote_event_auto.zeek index dde153d2ad..77d98c389a 100644 --- a/testing/btest/broker/remote_event_auto.zeek +++ b/testing/btest/broker/remote_event_auto.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_ssl_auth.zeek b/testing/btest/broker/remote_event_ssl_auth.zeek index 3e80a98b1e..e5fdfa8fbb 100644 --- a/testing/btest/broker/remote_event_ssl_auth.zeek +++ b/testing/btest/broker/remote_event_ssl_auth.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_event_vector_any.zeek b/testing/btest/broker/remote_event_vector_any.zeek index 93f667791d..4736600429 100644 --- a/testing/btest/broker/remote_event_vector_any.zeek +++ b/testing/btest/broker/remote_event_vector_any.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_id.zeek b/testing/btest/broker/remote_id.zeek index a41675e5e8..faa0980414 100644 --- a/testing/btest/broker/remote_id.zeek +++ b/testing/btest/broker/remote_id.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek test_var=newval >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek test_var=newval >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log.zeek b/testing/btest/broker/remote_log.zeek index 2ab5d71343..fa80475f6f 100644 --- a/testing/btest/broker/remote_log.zeek +++ b/testing/btest/broker/remote_log.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log_late_join.zeek b/testing/btest/broker/remote_log_late_join.zeek index c199c19dcf..86b9a54935 100644 --- a/testing/btest/broker/remote_log_late_join.zeek +++ b/testing/btest/broker/remote_log_late_join.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/remote_log_types.zeek b/testing/btest/broker/remote_log_types.zeek index 153c1c27b3..beff5e997d 100644 --- a/testing/btest/broker/remote_log_types.zeek +++ b/testing/btest/broker/remote_log_types.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/ssl_auth_failure.zeek b/testing/btest/broker/ssl_auth_failure.zeek index 737a8deccc..45c091c1fb 100644 --- a/testing/btest/broker/ssl_auth_failure.zeek +++ b/testing/btest/broker/ssl_auth_failure.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -B broker -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -B broker -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/broker/store/clone.zeek b/testing/btest/broker/store/clone.zeek index 2d68380ba1..8730b017d2 100644 --- a/testing/btest/broker/store/clone.zeek +++ b/testing/btest/broker/store/clone.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run clone "bro -B broker -b ../clone-main.zeek >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -B broker -b ../master-main.zeek >master.out" +# @TEST-EXEC: btest-bg-run clone "zeek -B broker -b ../clone-main.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "zeek -B broker -b ../master-main.zeek >master.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff clone/clone.out diff --git a/testing/btest/broker/store/local.zeek b/testing/btest/broker/store/local.zeek index 1846d8c2c3..9ec3140c10 100644 --- a/testing/btest/broker/store/local.zeek +++ b/testing/btest/broker/store/local.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/ops.zeek b/testing/btest/broker/store/ops.zeek index 4e89f365bf..aed9ab5d9a 100644 --- a/testing/btest/broker/store/ops.zeek +++ b/testing/btest/broker/store/ops.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -B broker -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -B broker -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/record.zeek b/testing/btest/broker/store/record.zeek index 62ee4735ba..374fb7cab3 100644 --- a/testing/btest/broker/store/record.zeek +++ b/testing/btest/broker/store/record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/set.zeek b/testing/btest/broker/store/set.zeek index c2524cec6a..8e4b29b1da 100644 --- a/testing/btest/broker/store/set.zeek +++ b/testing/btest/broker/store/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/sqlite.zeek b/testing/btest/broker/store/sqlite.zeek index 8adde597f5..613f348550 100644 --- a/testing/btest/broker/store/sqlite.zeek +++ b/testing/btest/broker/store/sqlite.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT RUN=1 >out -# @TEST-EXEC: bro -b %INPUT RUN=2 >>out +# @TEST-EXEC: zeek -b %INPUT RUN=1 >out +# @TEST-EXEC: zeek -b %INPUT RUN=2 >>out # @TEST-EXEC: btest-diff out global RUN = 0 &redef; diff --git a/testing/btest/broker/store/table.zeek b/testing/btest/broker/store/table.zeek index 6fdf7615a6..acedef0318 100644 --- a/testing/btest/broker/store/table.zeek +++ b/testing/btest/broker/store/table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/type-conversion.zeek b/testing/btest/broker/store/type-conversion.zeek index fa9e16d587..919bfd91ca 100644 --- a/testing/btest/broker/store/type-conversion.zeek +++ b/testing/btest/broker/store/type-conversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/store/vector.zeek b/testing/btest/broker/store/vector.zeek index 7c44640334..b896524ea8 100644 --- a/testing/btest/broker/store/vector.zeek +++ b/testing/btest/broker/store/vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run master "bro -b %INPUT >out" +# @TEST-EXEC: btest-bg-run master "zeek -b %INPUT >out" # @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out diff --git a/testing/btest/broker/unpeer.zeek b/testing/btest/broker/unpeer.zeek index b03d53925e..dc4f589d4b 100644 --- a/testing/btest/broker/unpeer.zeek +++ b/testing/btest/broker/unpeer.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" # # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 5a570d9021..8c457afee0 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -6,13 +6,13 @@ IgnoreDirs = .svn CVS .tmp IgnoreFiles = *.tmp *.swp #* *.trace .DS_Store [environment] -BROPATH=`bash -c %(testbase)s/../../build/bro-path-dev` +BROPATH=`bash -c %(testbase)s/../../build/zeek-path-dev` BRO_SEED_FILE=%(testbase)s/random.seed BRO_PLUGIN_PATH= TZ=UTC LC_ALL=C BTEST_PATH=%(testbase)s/../../aux/btest -PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/bro-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin +PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/zeek-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin TRACES=%(testbase)s/Traces FILES=%(testbase)s/Files SCRIPTS=%(testbase)s/../scripts @@ -29,3 +29,4 @@ BRO_DEFAULT_LISTEN_RETRY=1 BRO_DEFAULT_CONNECT_RETRY=1 BRO_DISABLE_BROXYGEN=1 ZEEK_ALLOW_INIT_ERRORS=1 +DYLD_LIBRARY_PATH=/opt/local/lib diff --git a/testing/btest/core/bits_per_uid.zeek b/testing/btest/core/bits_per_uid.zeek index 6e997907de..d252eefe23 100644 --- a/testing/btest/core/bits_per_uid.zeek +++ b/testing/btest/core/bits_per_uid.zeek @@ -1,12 +1,12 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 # @TEST-EXEC: btest-diff 32 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 # @TEST-EXEC: btest-diff 64 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 # @TEST-EXEC: btest-diff 96 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 # @TEST-EXEC: btest-diff 128 -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 # @TEST-EXEC: btest-diff 256 # @TEST-EXEC: cmp 128 256 diff --git a/testing/btest/core/check-unused-event-handlers.test b/testing/btest/core/check-unused-event-handlers.test index 3836414054..7d3a581d6c 100644 --- a/testing/btest/core/check-unused-event-handlers.test +++ b/testing/btest/core/check-unused-event-handlers.test @@ -1,5 +1,5 @@ # This test should print a warning that the event handler is never invoked. -# @TEST-EXEC: bro -b %INPUT check_for_unused_event_handlers=T +# @TEST-EXEC: zeek -b %INPUT check_for_unused_event_handlers=T # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderr event this_is_never_used() diff --git a/testing/btest/core/checksums.test b/testing/btest/core/checksums.test index 77fe2a62d3..6d5d286097 100644 --- a/testing/btest/core/checksums.test +++ b/testing/btest/core/checksums.test @@ -1,41 +1,41 @@ -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-bad-chksum.pcap # @TEST-EXEC: mv weird.log bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-good-chksum.pcap # @TEST-EXEC: mv weird.log good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap # @TEST-EXEC: cat weird.log >> good.out # @TEST-EXEC: btest-diff bad.out diff --git a/testing/btest/core/cisco-fabric-path.zeek b/testing/btest/core/cisco-fabric-path.zeek index ff7fa298e3..183c16f84d 100644 --- a/testing/btest/core/cisco-fabric-path.zeek +++ b/testing/btest/core/cisco-fabric-path.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/cisco-fabric-path.pcap +# @TEST-EXEC: zeek -C -r $TRACES/cisco-fabric-path.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/conn-size-threshold.zeek b/testing/btest/core/conn-size-threshold.zeek index ce83e5939d..d886846df5 100644 --- a/testing/btest/core/conn-size-threshold.zeek +++ b/testing/btest/core/conn-size-threshold.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_established(c: connection) diff --git a/testing/btest/core/conn-uid.zeek b/testing/btest/core/conn-uid.zeek index 52ff8fc4d3..40626e27c9 100644 --- a/testing/btest/core/conn-uid.zeek +++ b/testing/btest/core/conn-uid.zeek @@ -1,12 +1,12 @@ # # In "normal" test mode, connection uids should be determistic. # -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # # Without a seed, they should differ each time: # -# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT >output2 +# @TEST-EXEC: unset BRO_SEED_FILE && zeek -C -r $TRACES/wikipedia.trace %INPUT >output2 # @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts # @TEST-EXEC: btest-diff counts diff --git a/testing/btest/core/connection_flip_roles.zeek b/testing/btest/core/connection_flip_roles.zeek index e68d94c5fe..e5e52671eb 100644 --- a/testing/btest/core/connection_flip_roles.zeek +++ b/testing/btest/core/connection_flip_roles.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/handshake-reorder.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/handshake-reorder.trace %INPUT >out # @TEST-EXEC: btest-diff out # This tests the Connection::FlipRoles code path (SYN/SYN-ACK reversal). diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test index 88eb2b853f..b9914f260f 100644 --- a/testing/btest/core/disable-mobile-ipv6.test +++ b/testing/btest/core/disable-mobile-ipv6.test @@ -1,5 +1,5 @@ # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT # @TEST-EXEC: btest-diff weird.log event mobile_ipv6_message(p: pkt_hdr) diff --git a/testing/btest/core/discarder.zeek b/testing/btest/core/discarder.zeek index 454d5a0de1..21bae33541 100644 --- a/testing/btest/core/discarder.zeek +++ b/testing/btest/core/discarder.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-ip.zeek >output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-tcp.zeek >>output -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace discarder-udp.zeek >>output -# @TEST-EXEC: bro -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-ip.zeek >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-tcp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace discarder-udp.zeek >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/icmp/icmp-destunreach-udp.pcap discarder-icmp.zeek >>output # @TEST-EXEC: btest-diff output @TEST-START-FILE discarder-ip.zeek diff --git a/testing/btest/core/div-by-zero.zeek b/testing/btest/core/div-by-zero.zeek index da06569c2f..d1c95db88c 100644 --- a/testing/btest/core/div-by-zero.zeek +++ b/testing/btest/core/div-by-zero.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event div_int(a: int, b: int) diff --git a/testing/btest/core/dns-init.zeek b/testing/btest/core/dns-init.zeek index 5a7efff6fb..0372bbf7b8 100644 --- a/testing/btest/core/dns-init.zeek +++ b/testing/btest/core/dns-init.zeek @@ -1,6 +1,6 @@ # We once had a bug where DNS lookups at init time lead to an immediate crash. # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output const foo: set[addr] = { diff --git a/testing/btest/core/embedded-null.zeek b/testing/btest/core/embedded-null.zeek index c85da21541..bae3767d8c 100644 --- a/testing/btest/core/embedded-null.zeek +++ b/testing/btest/core/embedded-null.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT 2>&1 +# @TEST-EXEC: zeek -b %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/core/enum-redef-exists.zeek b/testing/btest/core/enum-redef-exists.zeek index 69c331c74d..d9b1cc2415 100644 --- a/testing/btest/core/enum-redef-exists.zeek +++ b/testing/btest/core/enum-redef-exists.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output module SSH; diff --git a/testing/btest/core/erspan.zeek b/testing/btest/core/erspan.zeek index eb05cdcf5a..379afb55fb 100644 --- a/testing/btest/core/erspan.zeek +++ b/testing/btest/core/erspan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspan.trace %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspan.trace %INPUT # @TEST-EXEC: btest-diff tunnel.log @load base/frameworks/tunnels diff --git a/testing/btest/core/erspanII.zeek b/testing/btest/core/erspanII.zeek index b59c0ecf08..945a8ff3d2 100644 --- a/testing/btest/core/erspanII.zeek +++ b/testing/btest/core/erspanII.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspanII.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspanII.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/erspanIII.zeek b/testing/btest/core/erspanIII.zeek index 3215f4b9da..de3072e022 100644 --- a/testing/btest/core/erspanIII.zeek +++ b/testing/btest/core/erspanIII.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/erspanIII.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/erspanIII.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/ether-addrs.zeek b/testing/btest/core/ether-addrs.zeek index 2cb1d42b6f..d905d97baa 100644 --- a/testing/btest/core/ether-addrs.zeek +++ b/testing/btest/core/ether-addrs.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/wikipedia.trace %INPUT >>output -# @TEST-EXEC: bro -C -b -r $TRACES/radiotap.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -b -r $TRACES/wikipedia.trace %INPUT >>output +# @TEST-EXEC: zeek -C -b -r $TRACES/radiotap.pcap %INPUT >>output # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/event-arg-reuse.zeek b/testing/btest/core/event-arg-reuse.zeek index 3ad5f82cab..b96f4a5a18 100644 --- a/testing/btest/core/event-arg-reuse.zeek +++ b/testing/btest/core/event-arg-reuse.zeek @@ -1,6 +1,6 @@ # @TEST-DOC: Check that assignment to event parameters isn't visible to other handlers. # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output event f(a: int) &priority=5 diff --git a/testing/btest/core/expr-exception.zeek b/testing/btest/core/expr-exception.zeek index 9e84717935..58eee4a07d 100644 --- a/testing/btest/core/expr-exception.zeek +++ b/testing/btest/core/expr-exception.zeek @@ -1,7 +1,7 @@ # Expressions in an event handler that raise interpreter exceptions # shouldn't abort Bro entirely, but just return from the function body. # -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/fake_dns.zeek b/testing/btest/core/fake_dns.zeek index f5cd4d2067..d16152cb7b 100644 --- a/testing/btest/core/fake_dns.zeek +++ b/testing/btest/core/fake_dns.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: BRO_DNS_FAKE=1 bro -b %INPUT >out +# @TEST-EXEC: BRO_DNS_FAKE=1 zeek -b %INPUT >out # @TEST-EXEC: btest-diff out redef exit_only_after_terminate = T; diff --git a/testing/btest/core/file-caching-serialization.test b/testing/btest/core/file-caching-serialization.test index c6edeb55c2..6588dc96e4 100644 --- a/testing/btest/core/file-caching-serialization.test +++ b/testing/btest/core/file-caching-serialization.test @@ -4,11 +4,11 @@ # second case, files are eventually forced out of the cache and # undergo serialization, which requires re-opening. -# @TEST-EXEC: bro -b %INPUT "test_file_prefix=one" +# @TEST-EXEC: zeek -b %INPUT "test_file_prefix=one" # @TEST-EXEC: btest-diff one0 # @TEST-EXEC: btest-diff one1 # @TEST-EXEC: btest-diff one2 -# @TEST-EXEC: bro -b %INPUT "test_file_prefix=two" "max_files_in_cache=2" +# @TEST-EXEC: zeek -b %INPUT "test_file_prefix=two" "max_files_in_cache=2" # @TEST-EXEC: btest-diff two0 # @TEST-EXEC: btest-diff two1 # @TEST-EXEC: btest-diff two2 diff --git a/testing/btest/core/global_opaque_val.zeek b/testing/btest/core/global_opaque_val.zeek index 0232271ced..4bc0607029 100644 --- a/testing/btest/core/global_opaque_val.zeek +++ b/testing/btest/core/global_opaque_val.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global test = md5_hash_init(); diff --git a/testing/btest/core/history-flip.zeek b/testing/btest/core/history-flip.zeek index e9769d99b5..3895c3e2c6 100644 --- a/testing/btest/core/history-flip.zeek +++ b/testing/btest/core/history-flip.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log @load policy/protocols/conn/mac-logging diff --git a/testing/btest/core/icmp/icmp-context.test b/testing/btest/core/icmp/icmp-context.test index ca7a34c5aa..58e696cf9c 100644 --- a/testing/btest/core/icmp/icmp-context.test +++ b/testing/btest/core/icmp/icmp-context.test @@ -1,8 +1,8 @@ # These tests all check that IPv6 context packet construction for ICMP6 works. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-no-context.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-ip.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-no-context.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-ip.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) diff --git a/testing/btest/core/icmp/icmp-events.test b/testing/btest/core/icmp/icmp-events.test index 1a54f05fba..3aa0ee1177 100644 --- a/testing/btest/core/icmp/icmp-events.test +++ b/testing/btest/core/icmp/icmp-events.test @@ -1,8 +1,8 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-timeexceeded.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp-ping.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-timeexceeded.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-ping.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp6-context.test b/testing/btest/core/icmp/icmp6-context.test index dfa8271cbc..66d57b527b 100644 --- a/testing/btest/core/icmp/icmp6-context.test +++ b/testing/btest/core/icmp/icmp6-context.test @@ -1,9 +1,9 @@ # These tests all check that IPv6 context packet construction for ICMP6 works. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-no-context.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-trunc.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-no-context.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-trunc.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) diff --git a/testing/btest/core/icmp/icmp6-events.test b/testing/btest/core/icmp/icmp6-events.test index 5263dd6e7f..6174e697fd 100644 --- a/testing/btest/core/icmp/icmp6-events.test +++ b/testing/btest/core/icmp/icmp6-events.test @@ -1,15 +1,15 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-toobig.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-timeexceeded.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-paramprob.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-ping.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-router-advert.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-neighbor-advert.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-router-solicit.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext-udp.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-toobig.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-timeexceeded.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-paramprob.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-ping.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-redirect.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-router-advert.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-neighbor-advert.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-router-solicit.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp6-nd-options.test b/testing/btest/core/icmp/icmp6-nd-options.test index 64543852a3..93f1931524 100644 --- a/testing/btest/core/icmp/icmp6-nd-options.test +++ b/testing/btest/core/icmp/icmp6-nd-options.test @@ -1,7 +1,7 @@ # These tests all check that ICMP6 events get raised with correct arguments. -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/icmp/icmp_sent.zeek b/testing/btest/core/icmp/icmp_sent.zeek index 406ca637ba..72e6ab543b 100644 --- a/testing/btest/core/icmp/icmp_sent.zeek +++ b/testing/btest/core/icmp/icmp_sent.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out # @TEST-EXEC: btest-diff out event icmp_sent(c: connection, icmp: icmp_conn) diff --git a/testing/btest/core/init-error.zeek b/testing/btest/core/init-error.zeek index 858fad4eb1..82226e9dfa 100644 --- a/testing/btest/core/init-error.zeek +++ b/testing/btest/core/init-error.zeek @@ -1,6 +1,6 @@ # The default is for an initialization error to be a hard failure. -# @TEST-EXEC-FAIL: unset ZEEK_ALLOW_INIT_ERRORS && bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: unset ZEEK_ALLOW_INIT_ERRORS && zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() &priority=10 diff --git a/testing/btest/core/ip-broken-header.zeek b/testing/btest/core/ip-broken-header.zeek index a539628829..1e2d8c95c6 100644 --- a/testing/btest/core/ip-broken-header.zeek +++ b/testing/btest/core/ip-broken-header.zeek @@ -1,7 +1,7 @@ # This test has a trace that was generated from fuzzing which used to cause # OOB reads in Bro. It has a number of packets broken in weird ways. # -# @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | bro -C -b -r - %INPUT +# @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | zeek -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log @load base/frameworks/notice/weird diff --git a/testing/btest/core/ipv6-atomic-frag.test b/testing/btest/core/ipv6-atomic-frag.test index 8c8fe6ca64..a247d50cec 100644 --- a/testing/btest/core/ipv6-atomic-frag.test +++ b/testing/btest/core/ipv6-atomic-frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/ipv6-flow-labels.test b/testing/btest/core/ipv6-flow-labels.test index 2265cd55d4..332a684cc9 100644 --- a/testing/btest/core/ipv6-flow-labels.test +++ b/testing/btest/core/ipv6-flow-labels.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv6.trace %INPUT >output # @TEST-EXEC: btest-diff output function print_connection(c: connection, event_name: string) diff --git a/testing/btest/core/ipv6-frag.test b/testing/btest/core/ipv6-frag.test index 32c7c0a8c1..815dd9910b 100644 --- a/testing/btest/core/ipv6-frag.test +++ b/testing/btest/core/ipv6-frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/ipv6_esp.test b/testing/btest/core/ipv6_esp.test index 508a4597f2..4f8b3a4b69 100644 --- a/testing/btest/core/ipv6_esp.test +++ b/testing/btest/core/ipv6_esp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ip6_esp.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ip6_esp.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/ipv6_ext_headers.test b/testing/btest/core/ipv6_ext_headers.test index 32a0f5d558..100410510b 100644 --- a/testing/btest/core/ipv6_ext_headers.test +++ b/testing/btest/core/ipv6_ext_headers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/ipv6_zero_len_ah.test b/testing/btest/core/ipv6_zero_len_ah.test index 014ba7b3cc..28c612992f 100644 --- a/testing/btest/core/ipv6_zero_len_ah.test +++ b/testing/btest/core/ipv6_zero_len_ah.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6_zero_len_ah.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6_zero_len_ah.trace %INPUT >output # @TEST-EXEC: btest-diff output # Shouldn't crash, but we also won't have seq and data fields set of the ip6_ah diff --git a/testing/btest/core/leaks/ayiya.test b/testing/btest/core/leaks/ayiya.test index 3572cf98ba..abbf46e6d8 100644 --- a/testing/btest/core/leaks/ayiya.test +++ b/testing/btest/core/leaks/ayiya.test @@ -1,8 +1,8 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/ayiya3.trace +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/ayiya3.trace # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/basic-cluster.zeek b/testing/btest/core/leaks/basic-cluster.zeek index e186b7aa43..7698c46023 100644 --- a/testing/btest/core/leaks/basic-cluster.zeek +++ b/testing/btest/core/leaks/basic-cluster.zeek @@ -5,11 +5,11 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m %INPUT +# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek -m %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE cluster-layout.zeek diff --git a/testing/btest/core/leaks/bloomfilter.zeek b/testing/btest/core/leaks/bloomfilter.zeek index e93bfe23cc..6318251767 100644 --- a/testing/btest/core/leaks/bloomfilter.zeek +++ b/testing/btest/core/leaks/bloomfilter.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_basic_bloom_filter() diff --git a/testing/btest/core/leaks/broker/clone_store.zeek b/testing/btest/core/leaks/broker/clone_store.zeek index a1f1256551..bf8732a60f 100644 --- a/testing/btest/core/leaks/broker/clone_store.zeek +++ b/testing/btest/core/leaks/broker/clone_store.zeek @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.zeek >clone.out" -# @TEST-EXEC: btest-bg-run master "bro -b ../master.zeek >master.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "zeek -m -b ../clone.zeek >clone.out" +# @TEST-EXEC: btest-bg-run master "zeek -b ../master.zeek >master.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out diff --git a/testing/btest/core/leaks/broker/data.zeek b/testing/btest/core/leaks/broker/data.zeek index 590d041ff1..9d4aa120a7 100644 --- a/testing/btest/core/leaks/broker/data.zeek +++ b/testing/btest/core/leaks/broker/data.zeek @@ -1,9 +1,9 @@ -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 45 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout type bro_set: set[string]; type bro_table: table[string] of count; diff --git a/testing/btest/core/leaks/broker/master_store.zeek b/testing/btest/core/leaks/broker/master_store.zeek index 08919bb461..c8527b8d73 100644 --- a/testing/btest/core/leaks/broker/master_store.zeek +++ b/testing/btest/core/leaks/broker/master_store.zeek @@ -1,7 +1,7 @@ -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 45 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/broker/remote_event.test b/testing/btest/core/leaks/broker/remote_event.test index 9983f7871d..470fc0837a 100644 --- a/testing/btest/core/leaks/broker/remote_event.test +++ b/testing/btest/core/leaks/broker/remote_event.test @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "zeek -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "zeek -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/core/leaks/broker/remote_log.test b/testing/btest/core/leaks/broker/remote_log.test index 21d387b15f..2580877de0 100644 --- a/testing/btest/core/leaks/broker/remote_log.test +++ b/testing/btest/core/leaks/broker/remote_log.test @@ -1,9 +1,9 @@ # @TEST-PORT: BROKER_PORT -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-GROUP: leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "bro -m -b ../recv.zeek >recv.out" -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "bro -m -b ../send.zeek >send.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run recv "zeek -m -b ../recv.zeek >recv.out" +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run send "zeek -m -b ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/core/leaks/dns-nsec3.zeek b/testing/btest/core/leaks/dns-nsec3.zeek index 16be0103e6..29b591b0ee 100644 --- a/testing/btest/core/leaks/dns-nsec3.zeek +++ b/testing/btest/core/leaks/dns-nsec3.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 @load policy/protocols/dns/auth-addl diff --git a/testing/btest/core/leaks/dns-txt.zeek b/testing/btest/core/leaks/dns-txt.zeek index c04e5df6ea..93d049a40b 100644 --- a/testing/btest/core/leaks/dns-txt.zeek +++ b/testing/btest/core/leaks/dns-txt.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dns.zeek b/testing/btest/core/leaks/dns.zeek index f16a4ca3bb..e4f8c92cdb 100644 --- a/testing/btest/core/leaks/dns.zeek +++ b/testing/btest/core/leaks/dns.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dtls.zeek b/testing/btest/core/leaks/dtls.zeek index e7f75a530e..b7f27de91d 100644 --- a/testing/btest/core/leaks/dtls.zeek +++ b/testing/btest/core/leaks/dtls.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/exec.test b/testing/btest/core/leaks/exec.test index ec4eb0d75f..793954a9dc 100644 --- a/testing/btest/core/leaks/exec.test +++ b/testing/btest/core/leaks/exec.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b ../exectest.zeek +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE exectest.zeek diff --git a/testing/btest/core/leaks/file-analysis-http-get.zeek b/testing/btest/core/leaks/file-analysis-http-get.zeek index 960a510137..6e0dae16be 100644 --- a/testing/btest/core/leaks/file-analysis-http-get.zeek +++ b/testing/btest/core/leaks/file-analysis-http-get.zeek @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/core/leaks/gridftp.test b/testing/btest/core/leaks/gridftp.test index 4c7d31937d..4028df6b33 100644 --- a/testing/btest/core/leaks/gridftp.test +++ b/testing/btest/core/leaks/gridftp.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/globus-url-copy.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/globus-url-copy.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ftp/gridftp diff --git a/testing/btest/core/leaks/gtp_opt_header.test b/testing/btest/core/leaks/gtp_opt_header.test index 79cc50d752..e11ecf1942 100644 --- a/testing/btest/core/leaks/gtp_opt_header.test +++ b/testing/btest/core/leaks/gtp_opt_header.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out # @TEST-EXEC: btest-bg-wait 60 # Some GTPv1 headers have some optional fields totaling to a 4-byte extension diff --git a/testing/btest/core/leaks/hll_cluster.zeek b/testing/btest/core/leaks/hll_cluster.zeek index 40f964ad3a..a6afed593a 100644 --- a/testing/btest/core/leaks/hll_cluster.zeek +++ b/testing/btest/core/leaks/hll_cluster.zeek @@ -5,12 +5,12 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: bro -m %INPUT>out -# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro -m %INPUT -# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m runnumber=1 %INPUT -# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m runnumber=2 %INPUT +# @TEST-EXEC: zeek -m %INPUT>out +# @TEST-EXEC: btest-bg-run manager-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek -m %INPUT +# @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek -m runnumber=1 %INPUT +# @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek -m runnumber=2 %INPUT # @TEST-EXEC: btest-bg-wait 60 # # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/core/leaks/hook.zeek b/testing/btest/core/leaks/hook.zeek index 0d991bc9a0..5f25a8a011 100644 --- a/testing/btest/core/leaks/hook.zeek +++ b/testing/btest/core/leaks/hook.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 type rec: record { diff --git a/testing/btest/core/leaks/http-connect.zeek b/testing/btest/core/leaks/http-connect.zeek index 8a7f1c8146..c18871c55d 100644 --- a/testing/btest/core/leaks/http-connect.zeek +++ b/testing/btest/core/leaks/http-connect.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/conn diff --git a/testing/btest/core/leaks/incr-vec-expr.test b/testing/btest/core/leaks/incr-vec-expr.test index 42d9d9f820..ff6117feea 100644 --- a/testing/btest/core/leaks/incr-vec-expr.test +++ b/testing/btest/core/leaks/incr-vec-expr.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 type rec: record { diff --git a/testing/btest/core/leaks/input-basic.zeek b/testing/btest/core/leaks/input-basic.zeek index 177cbc5e26..8903fa0409 100644 --- a/testing/btest/core/leaks/input-basic.zeek +++ b/testing/btest/core/leaks/input-basic.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/input-errors.zeek b/testing/btest/core/leaks/input-errors.zeek index 93a143c8d5..7262e16c06 100644 --- a/testing/btest/core/leaks/input-errors.zeek +++ b/testing/btest/core/leaks/input-errors.zeek @@ -3,9 +3,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-missing-enum.zeek b/testing/btest/core/leaks/input-missing-enum.zeek index 5f931a35f3..9c34d163dd 100644 --- a/testing/btest/core/leaks/input-missing-enum.zeek +++ b/testing/btest/core/leaks/input-missing-enum.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-optional-event.zeek b/testing/btest/core/leaks/input-optional-event.zeek index df8d591769..500a076ed6 100644 --- a/testing/btest/core/leaks/input-optional-event.zeek +++ b/testing/btest/core/leaks/input-optional-event.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-optional-table.zeek b/testing/btest/core/leaks/input-optional-table.zeek index f3e4c05fb4..09f50fb8c8 100644 --- a/testing/btest/core/leaks/input-optional-table.zeek +++ b/testing/btest/core/leaks/input-optional-table.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log diff --git a/testing/btest/core/leaks/input-raw.zeek b/testing/btest/core/leaks/input-raw.zeek index 39ab13adfd..938875987c 100644 --- a/testing/btest/core/leaks/input-raw.zeek +++ b/testing/btest/core/leaks/input-raw.zeek @@ -2,13 +2,13 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 60 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 60 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got6 15 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got6 15 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/input-reread.zeek b/testing/btest/core/leaks/input-reread.zeek index c15a91a6aa..6621c14574 100644 --- a/testing/btest/core/leaks/input-reread.zeek +++ b/testing/btest/core/leaks/input-reread.zeek @@ -2,17 +2,17 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 60 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 60 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got6 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got6 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got8 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got8 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp input5.log input.log # @TEST-EXEC: btest-bg-wait 120 diff --git a/testing/btest/core/leaks/input-sqlite.zeek b/testing/btest/core/leaks/input-sqlite.zeek index d278a00533..9606779c7b 100644 --- a/testing/btest/core/leaks/input-sqlite.zeek +++ b/testing/btest/core/leaks/input-sqlite.zeek @@ -2,11 +2,11 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE conn.sql diff --git a/testing/btest/core/leaks/input-with-remove.zeek b/testing/btest/core/leaks/input-with-remove.zeek index 59e3f28c0a..2a55c8a3fa 100644 --- a/testing/btest/core/leaks/input-with-remove.zeek +++ b/testing/btest/core/leaks/input-with-remove.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/frameworks/input diff --git a/testing/btest/core/leaks/ip-in-ip.test b/testing/btest/core/leaks/ip-in-ip.test index 3ceae55d49..8f69f4ddd2 100644 --- a/testing/btest/core/leaks/ip-in-ip.test +++ b/testing/btest/core/leaks/ip-in-ip.test @@ -1,12 +1,12 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 bro -m -b -r $TRACES/tunnels/6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 bro -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 bro -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 zeek -m -b -r $TRACES/tunnels/6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 zeek -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 zeek -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/leaks/ipv6_ext_headers.test b/testing/btest/core/leaks/ipv6_ext_headers.test index 3b6f8d467c..84ad8e69a8 100644 --- a/testing/btest/core/leaks/ipv6_ext_headers.test +++ b/testing/btest/core/leaks/ipv6_ext_headers.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 # Just check that the event is raised correctly for a packet containing diff --git a/testing/btest/core/leaks/irc.test b/testing/btest/core/leaks/irc.test index 7b2ac389d4..7b3130a553 100644 --- a/testing/btest/core/leaks/irc.test +++ b/testing/btest/core/leaks/irc.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) diff --git a/testing/btest/core/leaks/krb-service-name.test b/testing/btest/core/leaks/krb-service-name.test index a0d8a84322..5b07a48633 100644 --- a/testing/btest/core/leaks/krb-service-name.test +++ b/testing/btest/core/leaks/krb-service-name.test @@ -1,8 +1,8 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/krb/optional-service-name.pcap +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/krb/optional-service-name.pcap # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/krb.test b/testing/btest/core/leaks/krb.test index 7bfb7a550d..a16711b850 100644 --- a/testing/btest/core/leaks/krb.test +++ b/testing/btest/core/leaks/krb.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/krb/kinit.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/krb/kinit.trace %INPUT # @TEST-EXEC: btest-bg-wait 30 @load base/protocols/krb \ No newline at end of file diff --git a/testing/btest/core/leaks/kv-iteration.zeek b/testing/btest/core/leaks/kv-iteration.zeek index 5c7a9f1f62..7496698e42 100644 --- a/testing/btest/core/leaks/kv-iteration.zeek +++ b/testing/btest/core/leaks/kv-iteration.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/leaks/mysql.test b/testing/btest/core/leaks/mysql.test index 2e9ec6990f..07f3239885 100644 --- a/testing/btest/core/leaks/mysql.test +++ b/testing/btest/core/leaks/mysql.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/mysql/mysql.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/mysql/mysql.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/mysql diff --git a/testing/btest/core/leaks/pattern.zeek b/testing/btest/core/leaks/pattern.zeek index f48a8f28bd..e223e64b57 100644 --- a/testing/btest/core/leaks/pattern.zeek +++ b/testing/btest/core/leaks/pattern.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_case(msg: string, expect: bool) diff --git a/testing/btest/core/leaks/pe.test b/testing/btest/core/leaks/pe.test index d951cdbd47..3ff64b587f 100644 --- a/testing/btest/core/leaks/pe.test +++ b/testing/btest/core/leaks/pe.test @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ftp diff --git a/testing/btest/core/leaks/radius.test b/testing/btest/core/leaks/radius.test index 228973c47e..e6d1d66bea 100644 --- a/testing/btest/core/leaks/radius.test +++ b/testing/btest/core/leaks/radius.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/radius/radius.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/radius/radius.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/radius diff --git a/testing/btest/core/leaks/returnwhen.zeek b/testing/btest/core/leaks/returnwhen.zeek index 1220a3c371..689adf1256 100644 --- a/testing/btest/core/leaks/returnwhen.zeek +++ b/testing/btest/core/leaks/returnwhen.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: btest-bg-run bro HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b %INPUT +# @TEST-EXEC: btest-bg-run zeek HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local zeek -m -b %INPUT # @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/set.zeek b/testing/btest/core/leaks/set.zeek index b3f2200d28..a902fe9797 100644 --- a/testing/btest/core/leaks/set.zeek +++ b/testing/btest/core/leaks/set.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_case(msg: string, expect: bool) diff --git a/testing/btest/core/leaks/sip.test b/testing/btest/core/leaks/sip.test index 1aac2b30e0..25125e1816 100644 --- a/testing/btest/core/leaks/sip.test +++ b/testing/btest/core/leaks/sip.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/sip/wireshark.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/sip/wireshark.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/sip diff --git a/testing/btest/core/leaks/smtp_attachment.test b/testing/btest/core/leaks/smtp_attachment.test index 3094deb65c..63eb1e8b5c 100644 --- a/testing/btest/core/leaks/smtp_attachment.test +++ b/testing/btest/core/leaks/smtp_attachment.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/smtp diff --git a/testing/btest/core/leaks/snmp.test b/testing/btest/core/leaks/snmp.test index 43112eb9bf..f6769f2602 100644 --- a/testing/btest/core/leaks/snmp.test +++ b/testing/btest/core/leaks/snmp.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.zeek %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/snmp diff --git a/testing/btest/core/leaks/ssh.test b/testing/btest/core/leaks/ssh.test index 714d7bb3eb..a43654705d 100644 --- a/testing/btest/core/leaks/ssh.test +++ b/testing/btest/core/leaks/ssh.test @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/ssh/ssh.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssh diff --git a/testing/btest/core/leaks/stats.zeek b/testing/btest/core/leaks/stats.zeek index 7df104be95..f541b4fb79 100644 --- a/testing/btest/core/leaks/stats.zeek +++ b/testing/btest/core/leaks/stats.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load policy/misc/stats diff --git a/testing/btest/core/leaks/string-indexing.zeek b/testing/btest/core/leaks/string-indexing.zeek index 37f7868190..1ac28efe63 100644 --- a/testing/btest/core/leaks/string-indexing.zeek +++ b/testing/btest/core/leaks/string-indexing.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/switch-statement.zeek b/testing/btest/core/leaks/switch-statement.zeek index e5145f9227..b0c906ec46 100644 --- a/testing/btest/core/leaks/switch-statement.zeek +++ b/testing/btest/core/leaks/switch-statement.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 type MyEnum: enum { diff --git a/testing/btest/core/leaks/teredo.zeek b/testing/btest/core/leaks/teredo.zeek index c83a501705..2841679b0e 100644 --- a/testing/btest/core/leaks/teredo.zeek +++ b/testing/btest/core/leaks/teredo.zeek @@ -1,10 +1,10 @@ # Needs perftools support. # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output # @TEST-EXEC: btest-bg-wait 60 function print_teredo(name: string, outer: connection, inner: teredo_hdr) diff --git a/testing/btest/core/leaks/test-all.zeek b/testing/btest/core/leaks/test-all.zeek index d4f8a040ec..79bc8c916a 100644 --- a/testing/btest/core/leaks/test-all.zeek +++ b/testing/btest/core/leaks/test-all.zeek @@ -2,7 +2,7 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace test-all-policy +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -r $TRACES/wikipedia.trace test-all-policy # @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/vector-val-bifs.test b/testing/btest/core/leaks/vector-val-bifs.test index 9e9caece69..a552279a57 100644 --- a/testing/btest/core/leaks/vector-val-bifs.test +++ b/testing/btest/core/leaks/vector-val-bifs.test @@ -2,13 +2,13 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # # The BIFS used in this test originally didn't call the VectorVal() ctor right, # assuming that it didn't automatically Ref the VectorType argument and thus # leaked that memeory. # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function myfunc(aa: interval, bb: interval): int diff --git a/testing/btest/core/leaks/while.zeek b/testing/btest/core/leaks/while.zeek index 44f17e9b69..f490c9a13d 100644 --- a/testing/btest/core/leaks/while.zeek +++ b/testing/btest/core/leaks/while.zeek @@ -1,7 +1,7 @@ # @TEST-GROUP: leaks -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -m -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 function test_noop() diff --git a/testing/btest/core/leaks/x509_ocsp_verify.zeek b/testing/btest/core/leaks/x509_ocsp_verify.zeek index ab24f28ee8..8d6cd5aa3e 100644 --- a/testing/btest/core/leaks/x509_ocsp_verify.zeek +++ b/testing/btest/core/leaks/x509_ocsp_verify.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/x509_verify.zeek b/testing/btest/core/leaks/x509_verify.zeek index 7db2581a8b..3989c2b850 100644 --- a/testing/btest/core/leaks/x509_verify.zeek +++ b/testing/btest/core/leaks/x509_verify.zeek @@ -2,9 +2,9 @@ # # @TEST-GROUP: leaks # -# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-REQUIRES: zeek --help 2>&1 | grep -q mem-leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek zeek -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT # @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/load-duplicates.zeek b/testing/btest/core/load-duplicates.zeek index 9b3810d40d..3ab98015d5 100644 --- a/testing/btest/core/load-duplicates.zeek +++ b/testing/btest/core/load-duplicates.zeek @@ -5,11 +5,11 @@ # @TEST-EXEC: cp %INPUT foo/bar/test.bro # @TEST-EXEC: cp %INPUT foo/bar/test2.bro # -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro -# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test2 +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro +# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test2 global pi = 3.14; diff --git a/testing/btest/core/load-explicit-bro-suffix-fallback.zeek b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek index 689be5bc03..d2ce412209 100644 --- a/testing/btest/core/load-explicit-bro-suffix-fallback.zeek +++ b/testing/btest/core/load-explicit-bro-suffix-fallback.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # We don't have a foo.bro, but we'll accept foo.zeek. diff --git a/testing/btest/core/load-file-extension.zeek b/testing/btest/core/load-file-extension.zeek index 1b5520c873..3a0f4e64c5 100644 --- a/testing/btest/core/load-file-extension.zeek +++ b/testing/btest/core/load-file-extension.zeek @@ -2,22 +2,22 @@ # # Test that either ".zeek" or ".bro" can be loaded without specifying extension # @TEST-EXEC: cp x/foo.bro . -# @TEST-EXEC: bro -b load_foo > bro_only +# @TEST-EXEC: zeek -b load_foo > bro_only # @TEST-EXEC: btest-diff bro_only # @TEST-EXEC: rm foo.bro # # @TEST-EXEC: cp x/foo.zeek . -# @TEST-EXEC: bro -b load_foo > zeek_only +# @TEST-EXEC: zeek -b load_foo > zeek_only # @TEST-EXEC: btest-diff zeek_only # @TEST-EXEC: rm foo.zeek # # Test that ".zeek" is the preferred file extension, unless ".bro" is specified # @TEST-EXEC: cp x/foo.* . # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > zeek_preferred +# @TEST-EXEC: zeek -b load_foo > zeek_preferred # @TEST-EXEC: btest-diff zeek_preferred # -# @TEST-EXEC: bro -b load_foo_bro > bro_preferred +# @TEST-EXEC: zeek -b load_foo_bro > bro_preferred # @TEST-EXEC: btest-diff bro_preferred # @TEST-EXEC: rm foo* # @@ -25,30 +25,30 @@ # there is no ".zeek" script) # @TEST-EXEC: cp x/foo.bro . # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > bro_preferred_2 +# @TEST-EXEC: zeek -b load_foo > bro_preferred_2 # @TEST-EXEC: btest-diff bro_preferred_2 # @TEST-EXEC: rm foo* # # Test that a script with no file extension can be loaded # @TEST-EXEC: cp x2/foo . -# @TEST-EXEC: bro -b load_foo > no_extension +# @TEST-EXEC: zeek -b load_foo > no_extension # @TEST-EXEC: btest-diff no_extension # @TEST-EXEC: rm foo # # Test that a ".zeek" script is preferred over a script package of same name # @TEST-EXEC: cp -r x/foo* . -# @TEST-EXEC: bro -b load_foo > zeek_script_preferred +# @TEST-EXEC: zeek -b load_foo > zeek_script_preferred # @TEST-EXEC: btest-diff zeek_script_preferred # @TEST-EXEC: rm -r foo* # # Test that unrecognized file extensions can be loaded explicitly # @TEST-EXEC: cp x/foo.* . -# @TEST-EXEC: bro -b load_foo_xyz > xyz_preferred +# @TEST-EXEC: zeek -b load_foo_xyz > xyz_preferred # @TEST-EXEC: btest-diff xyz_preferred # @TEST-EXEC: rm foo.* # # @TEST-EXEC: cp x/foo.xyz . -# @TEST-EXEC-FAIL: bro -b load_foo +# @TEST-EXEC-FAIL: zeek -b load_foo # @TEST-EXEC: rm foo.xyz @TEST-START-FILE load_foo diff --git a/testing/btest/core/load-pkg.zeek b/testing/btest/core/load-pkg.zeek index 8c861f7982..b97211a86a 100644 --- a/testing/btest/core/load-pkg.zeek +++ b/testing/btest/core/load-pkg.zeek @@ -1,17 +1,17 @@ # Test that package loading works when a package loader script is present. # # Test that ".zeek" is loaded when there is also a ".bro" -# @TEST-EXEC: bro -b foo >output +# @TEST-EXEC: zeek -b foo >output # @TEST-EXEC: btest-diff output # # Test that ".bro" is loaded when there is no ".zeek" # @TEST-EXEC: rm foo/__load__.zeek -# @TEST-EXEC: bro -b foo >output2 +# @TEST-EXEC: zeek -b foo >output2 # @TEST-EXEC: btest-diff output2 # # Test that package cannot be loaded when no package loader script exists. # @TEST-EXEC: rm foo/__load__.bro -# @TEST-EXEC-FAIL: bro -b foo +# @TEST-EXEC-FAIL: zeek -b foo @TEST-START-FILE foo/__load__.bro @load ./test diff --git a/testing/btest/core/load-prefixes.zeek b/testing/btest/core/load-prefixes.zeek index c91f278a65..0416319827 100644 --- a/testing/btest/core/load-prefixes.zeek +++ b/testing/btest/core/load-prefixes.zeek @@ -1,6 +1,6 @@ # A test of prefix-based @load'ing -# @TEST-EXEC: bro addprefixes >output +# @TEST-EXEC: zeek addprefixes >output # @TEST-EXEC: btest-diff output @TEST-START-FILE addprefixes.zeek diff --git a/testing/btest/core/load-relative.zeek b/testing/btest/core/load-relative.zeek index 439563c201..8e1e6f8a06 100644 --- a/testing/btest/core/load-relative.zeek +++ b/testing/btest/core/load-relative.zeek @@ -1,6 +1,6 @@ # A test of relative-path-based @load'ing -# @TEST-EXEC: bro -b foo/foo >output +# @TEST-EXEC: zeek -b foo/foo >output # @TEST-EXEC: btest-diff output @TEST-START-FILE foo/foo.zeek diff --git a/testing/btest/core/load-unload.zeek b/testing/btest/core/load-unload.zeek index 6b2614a50c..6199f12e8b 100644 --- a/testing/btest/core/load-unload.zeek +++ b/testing/btest/core/load-unload.zeek @@ -1,13 +1,13 @@ # This tests the @unload directive # # Test that @unload works with ".bro" when there is no ".zeek" script -# @TEST-EXEC: bro -b unloadbro misc/loaded-scripts dontloadmebro > output +# @TEST-EXEC: zeek -b unloadbro misc/loaded-scripts dontloadmebro > output # @TEST-EXEC: btest-diff output # @TEST-EXEC: grep dontloadmebro loaded_scripts.log && exit 1 || exit 0 # # Test that @unload looks for ".zeek" first (assuming no file extension is # specified in the @unload) -# @TEST-EXEC: bro -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 +# @TEST-EXEC: zeek -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 # @TEST-EXEC: btest-diff output2 # @TEST-EXEC: grep dontloadme.bro loaded_scripts.log diff --git a/testing/btest/core/mobile-ipv6-home-addr.test b/testing/btest/core/mobile-ipv6-home-addr.test index e171a07afb..a7e803c24a 100644 --- a/testing/btest/core/mobile-ipv6-home-addr.test +++ b/testing/btest/core/mobile-ipv6-home-addr.test @@ -1,5 +1,5 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the orig of the connection is the Home Address, but the diff --git a/testing/btest/core/mobile-ipv6-routing.test b/testing/btest/core/mobile-ipv6-routing.test index ea99a70706..f394ff865c 100644 --- a/testing/btest/core/mobile-ipv6-routing.test +++ b/testing/btest/core/mobile-ipv6-routing.test @@ -1,5 +1,5 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output # @TEST-EXEC: btest-diff output # Just check that the responder of the connection is the final routing diff --git a/testing/btest/core/mobility-checksums.test b/testing/btest/core/mobility-checksums.test index 42877b63d4..ee849c08a6 100644 --- a/testing/btest/core/mobility-checksums.test +++ b/testing/btest/core/mobility-checksums.test @@ -1,15 +1,15 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -r $TRACES/chksums/mip6-bad-mh-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/mip6-bad-mh-chksum.pcap # @TEST-EXEC: mv weird.log bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap # @TEST-EXEC: cat weird.log >> bad.out # @TEST-EXEC: rm weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/mip6-good-mh-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/mip6-good-mh-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap +# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap # @TEST-EXEC: test ! -e weird.log # @TEST-EXEC: btest-diff bad.out diff --git a/testing/btest/core/mobility_msg.test b/testing/btest/core/mobility_msg.test index 1fde084dc2..f0017e4cdd 100644 --- a/testing/btest/core/mobility_msg.test +++ b/testing/btest/core/mobility_msg.test @@ -1,12 +1,12 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_bu.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_cot.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_coti.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_hot.trace %INPUT >>output -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_hoti.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_bu.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_cot.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_coti.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_hot.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_hoti.trace %INPUT >>output # @TEST-EXEC: btest-diff output event mobile_ipv6_message(p: pkt_hdr) diff --git a/testing/btest/core/mpls-in-vlan.zeek b/testing/btest/core/mpls-in-vlan.zeek index f57c1862ce..9048c34c17 100644 --- a/testing/btest/core/mpls-in-vlan.zeek +++ b/testing/btest/core/mpls-in-vlan.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/mpls-in-vlan.trace +# @TEST-EXEC: zeek -C -r $TRACES/mpls-in-vlan.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/negative-time.test b/testing/btest/core/negative-time.test index 5717df835c..cd1ac20240 100644 --- a/testing/btest/core/negative-time.test +++ b/testing/btest/core/negative-time.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/negative-time.pcap base/frameworks/notice +# @TEST-EXEC: zeek -b -C -r $TRACES/negative-time.pcap base/frameworks/notice # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/nflog.zeek b/testing/btest/core/nflog.zeek index 39186bbbea..e3bb62e4a5 100644 --- a/testing/btest/core/nflog.zeek +++ b/testing/btest/core/nflog.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/nflog-http.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/nflog-http.pcap %INPUT # @TEST-EXEC: btest-diff http.log @load base/protocols/http diff --git a/testing/btest/core/nop.zeek b/testing/btest/core/nop.zeek index e42b5a7821..d1316cdccd 100644 --- a/testing/btest/core/nop.zeek +++ b/testing/btest/core/nop.zeek @@ -1,4 +1,4 @@ # Bro shouldn't crash when doing nothing, nor outputting anything. # -# @TEST-EXEC: cat /dev/null | bro >output 2>&1 +# @TEST-EXEC: cat /dev/null | zeek >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/old_comm_usage.zeek b/testing/btest/core/old_comm_usage.zeek index 8f4e3854aa..3559afee83 100644 --- a/testing/btest/core/old_comm_usage.zeek +++ b/testing/btest/core/old_comm_usage.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/core/option-errors.zeek b/testing/btest/core/option-errors.zeek index 6a9a8f1db6..b08ba17864 100644 --- a/testing/btest/core/option-errors.zeek +++ b/testing/btest/core/option-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro %INPUT +# @TEST-EXEC-FAIL: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr option testbool; diff --git a/testing/btest/core/option-priorities.zeek b/testing/btest/core/option-priorities.zeek index 088d82ea9f..cfc78aafe7 100644 --- a/testing/btest/core/option-priorities.zeek +++ b/testing/btest/core/option-priorities.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout export { diff --git a/testing/btest/core/option-redef.zeek b/testing/btest/core/option-redef.zeek index 30d381306a..e47bd7344e 100644 --- a/testing/btest/core/option-redef.zeek +++ b/testing/btest/core/option-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout # options are allowed to be redef-able. diff --git a/testing/btest/core/option-runtime-errors.zeek b/testing/btest/core/option-runtime-errors.zeek index 8ae4b9ca40..aa7ad77874 100644 --- a/testing/btest/core/option-runtime-errors.zeek +++ b/testing/btest/core/option-runtime-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # Errors that happen during runtime. At least at the moment we are not checking these early enough diff --git a/testing/btest/core/pcap/dumper.zeek b/testing/btest/core/pcap/dumper.zeek index 0f2bdb072e..4602022b45 100644 --- a/testing/btest/core/pcap/dumper.zeek +++ b/testing/btest/core/pcap/dumper.zeek @@ -1,5 +1,5 @@ # @TEST-REQUIRES: which hexdump -# @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace -w dump +# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace -w dump # @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1 # @TEST-EXEC: hexdump -C dump >2 # @TEST-EXEC: diff 1 2 >output || true diff --git a/testing/btest/core/pcap/dynamic-filter.zeek b/testing/btest/core/pcap/dynamic-filter.zeek index caebaf0558..11edf87644 100644 --- a/testing/btest/core/pcap/dynamic-filter.zeek +++ b/testing/btest/core/pcap/dynamic-filter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/pcap/filter-error.zeek b/testing/btest/core/pcap/filter-error.zeek index b83b8879a0..81f4c24cf9 100644 --- a/testing/btest/core/pcap/filter-error.zeek +++ b/testing/btest/core/pcap/filter-error.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/workshop_2011_browse.trace -f "kaputt" >>output 2>&1 +# @TEST-EXEC-FAIL: zeek -r $TRACES/workshop_2011_browse.trace -f "kaputt" >>output 2>&1 # @TEST-EXEC-FAIL: test -e conn.log # @TEST-EXEC: echo ---- >>output -# @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace %INPUT >>output 2>&1 # @TEST-EXEC: test -e conn.log # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/core/pcap/input-error.zeek b/testing/btest/core/pcap/input-error.zeek index 5e469e08e8..8a67293a8b 100644 --- a/testing/btest/core/pcap/input-error.zeek +++ b/testing/btest/core/pcap/input-error.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC-FAIL: bro -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 +# @TEST-EXEC-FAIL: zeek -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 # @TEST-EXEC: cat output | sed 's/(.*)//g' >output2 -# @TEST-EXEC-FAIL: bro -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 +# @TEST-EXEC-FAIL: zeek -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 # @TEST-EXEC: btest-diff output2 redef enum PcapFilterID += { A }; diff --git a/testing/btest/core/pcap/pseudo-realtime.zeek b/testing/btest/core/pcap/pseudo-realtime.zeek index c51b5cc32b..994fb42a65 100644 --- a/testing/btest/core/pcap/pseudo-realtime.zeek +++ b/testing/btest/core/pcap/pseudo-realtime.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output # @TEST-EXEC: btest-diff output global init = F; diff --git a/testing/btest/core/pcap/read-trace-with-filter.zeek b/testing/btest/core/pcap/read-trace-with-filter.zeek index 5878bada64..ba9db2c2a4 100644 --- a/testing/btest/core/pcap/read-trace-with-filter.zeek +++ b/testing/btest/core/pcap/read-trace-with-filter.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace -f "port 50000" +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace -f "port 50000" # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff packet_filter.log diff --git a/testing/btest/core/pppoe-over-qinq.zeek b/testing/btest/core/pppoe-over-qinq.zeek index cdfd4607ae..54cdcba1f7 100644 --- a/testing/btest/core/pppoe-over-qinq.zeek +++ b/testing/btest/core/pppoe-over-qinq.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/pppoe-over-qinq.pcap +# @TEST-EXEC: zeek -C -r $TRACES/pppoe-over-qinq.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/pppoe.test b/testing/btest/core/pppoe.test index 35be84d657..74e3678858 100644 --- a/testing/btest/core/pppoe.test +++ b/testing/btest/core/pppoe.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/pppoe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pppoe.trace %INPUT # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/print-bpf-filters.zeek b/testing/btest/core/print-bpf-filters.zeek index 6e4a4d5c30..fd86ce4f04 100644 --- a/testing/btest/core/print-bpf-filters.zeek +++ b/testing/btest/core/print-bpf-filters.zeek @@ -1,15 +1,15 @@ -# @TEST-EXEC: bro -r $TRACES/empty.trace >output +# @TEST-EXEC: zeek -r $TRACES/empty.trace >output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro -r $TRACES/empty.trace -f "port 42" >>output +# @TEST-EXEC: zeek -r $TRACES/empty.trace -f "port 42" >>output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro -r $TRACES/mixed-vlan-mpls.trace PacketFilter::restricted_filter="vlan" >>output +# @TEST-EXEC: zeek -r $TRACES/mixed-vlan-mpls.trace PacketFilter::restricted_filter="vlan" >>output # @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log # # The order in the output of enable_auto_protocol_capture_filters isn't # stable, for reasons not clear. We canonify it first. -# @TEST-EXEC: bro -r $TRACES/empty.trace PacketFilter::enable_auto_protocol_capture_filters=T -# @TEST-EXEC: cat packet_filter.log | bro-cut filter | sed 's#[()]##g' | tr ' ' '\n' | sort | uniq -c | awk '{print $1, $2}' >output2 +# @TEST-EXEC: zeek -r $TRACES/empty.trace PacketFilter::enable_auto_protocol_capture_filters=T +# @TEST-EXEC: cat packet_filter.log | zeek-cut filter | sed 's#[()]##g' | tr ' ' '\n' | sort | uniq -c | awk '{print $1, $2}' >output2 # @TEST-EXEC: btest-diff output2 diff --git a/testing/btest/core/q-in-q.zeek b/testing/btest/core/q-in-q.zeek index 7444e7b458..e864fdf3b5 100644 --- a/testing/btest/core/q-in-q.zeek +++ b/testing/btest/core/q-in-q.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/q-in-q.trace +# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/radiotap.zeek b/testing/btest/core/radiotap.zeek index 27513990f0..48886297ff 100644 --- a/testing/btest/core/radiotap.zeek +++ b/testing/btest/core/radiotap.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/radiotap.pcap +# @TEST-EXEC: zeek -C -r $TRACES/radiotap.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/raw_packet.zeek b/testing/btest/core/raw_packet.zeek index cb1ee94b0f..15fa7d133b 100644 --- a/testing/btest/core/raw_packet.zeek +++ b/testing/btest/core/raw_packet.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b -r $TRACES/raw_packets.trace %INPUT >output -# @TEST-EXEC: bro -b -r $TRACES/icmp_dot1q.trace %INPUT >>output +# @TEST-EXEC: zeek -b -r $TRACES/raw_packets.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/icmp_dot1q.trace %INPUT >>output # @TEST-EXEC: btest-diff output event raw_packet(p: raw_pkt_hdr) diff --git a/testing/btest/core/reassembly.zeek b/testing/btest/core/reassembly.zeek index 53489008de..db14364331 100644 --- a/testing/btest/core/reassembly.zeek +++ b/testing/btest/core/reassembly.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output -# @TEST-EXEC: bro -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output +# @TEST-EXEC: zeek -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/core/recursive-event.zeek b/testing/btest/core/recursive-event.zeek index 63cb05eb6f..75e3ce46d5 100644 --- a/testing/btest/core/recursive-event.zeek +++ b/testing/btest/core/recursive-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output +# @TEST-EXEC: zeek %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output # @TEST-EXEC: btest-diff output # In old version, the event would keep triggering endlessely, with the network diff --git a/testing/btest/core/reporter-error-in-handler.zeek b/testing/btest/core/reporter-error-in-handler.zeek index fc0517ab2a..e7de8a1a75 100644 --- a/testing/btest/core/reporter-error-in-handler.zeek +++ b/testing/btest/core/reporter-error-in-handler.zeek @@ -2,7 +2,7 @@ # This test procudes a recursive error: the error handler is itself broken. Rather # than looping indefinitly, the error inside the handler should reported to stderr. # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global a: table[count] of count; diff --git a/testing/btest/core/reporter-fmt-strings.zeek b/testing/btest/core/reporter-fmt-strings.zeek index 09c03cf721..087b0e2244 100644 --- a/testing/btest/core/reporter-fmt-strings.zeek +++ b/testing/btest/core/reporter-fmt-strings.zeek @@ -1,7 +1,7 @@ # The format string below should end up as a literal part of the reporter's # error message to stderr and shouldn't be replaced internally. # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event zeek_init() diff --git a/testing/btest/core/reporter-parse-error.zeek b/testing/btest/core/reporter-parse-error.zeek index d57917ff26..dfd9ed6d02 100644 --- a/testing/btest/core/reporter-parse-error.zeek +++ b/testing/btest/core/reporter-parse-error.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event zeek_init() diff --git a/testing/btest/core/reporter-runtime-error.zeek b/testing/btest/core/reporter-runtime-error.zeek index 9caeddb258..63e0437e26 100644 --- a/testing/btest/core/reporter-runtime-error.zeek +++ b/testing/btest/core/reporter-runtime-error.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global a: table[count] of count; diff --git a/testing/btest/core/reporter-shutdown-order-errors.zeek b/testing/btest/core/reporter-shutdown-order-errors.zeek index 6289d47c96..03943679ff 100644 --- a/testing/btest/core/reporter-shutdown-order-errors.zeek +++ b/testing/btest/core/reporter-shutdown-order-errors.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: touch reporter.log && chmod -w reporter.log -# @TEST-EXEC: bro %INPUT >out 2>&1 +# @TEST-EXEC: zeek %INPUT >out 2>&1 # Output doesn't really matter, but we just want to know that Bro shutdowns # without crashing in such scenarios (reporter log not writable diff --git a/testing/btest/core/reporter-type-mismatch.zeek b/testing/btest/core/reporter-type-mismatch.zeek index 1a375ea84b..0fc8d78f6f 100644 --- a/testing/btest/core/reporter-type-mismatch.zeek +++ b/testing/btest/core/reporter-type-mismatch.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC-FAIL: bro %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output event foo(a: string) diff --git a/testing/btest/core/reporter-weird-sampling-disable.zeek b/testing/btest/core/reporter-weird-sampling-disable.zeek index 014e287dab..63b4503004 100644 --- a/testing/btest/core/reporter-weird-sampling-disable.zeek +++ b/testing/btest/core/reporter-weird-sampling-disable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output redef Weird::sampling_threshold = 1; diff --git a/testing/btest/core/reporter-weird-sampling.zeek b/testing/btest/core/reporter-weird-sampling.zeek index d9d99681c4..c3a83a2c8f 100644 --- a/testing/btest/core/reporter-weird-sampling.zeek +++ b/testing/btest/core/reporter-weird-sampling.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output redef Weird::sampling_duration = 5sec; diff --git a/testing/btest/core/reporter.zeek b/testing/btest/core/reporter.zeek index bc79ca73d8..8591096c2b 100644 --- a/testing/btest/core/reporter.zeek +++ b/testing/btest/core/reporter.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro %INPUT >output 2>&1 +# @TEST-EXEC: zeek %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff logger-test.log diff --git a/testing/btest/core/tcp/fin-retransmit.zeek b/testing/btest/core/tcp/fin-retransmit.zeek index 42bf062f5a..a24d253583 100644 --- a/testing/btest/core/tcp/fin-retransmit.zeek +++ b/testing/btest/core/tcp/fin-retransmit.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/fin_retransmission.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/fin_retransmission.pcap %INPUT >out # @TEST-EXEC: btest-diff out event connection_state_remove(c: connection) diff --git a/testing/btest/core/tcp/large-file-reassembly.zeek b/testing/btest/core/tcp/large-file-reassembly.zeek index 655d030d96..ed5d283561 100644 --- a/testing/btest/core/tcp/large-file-reassembly.zeek +++ b/testing/btest/core/tcp/large-file-reassembly.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/bigtransfer.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/ftp/bigtransfer.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff files.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/miss-end-data.zeek b/testing/btest/core/tcp/miss-end-data.zeek index 6cee7577d9..6c802810f1 100644 --- a/testing/btest/core/tcp/miss-end-data.zeek +++ b/testing/btest/core/tcp/miss-end-data.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tcp/miss_end_data.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tcp/miss_end_data.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/missing-syn.zeek b/testing/btest/core/tcp/missing-syn.zeek index f34767eee8..3450941584 100644 --- a/testing/btest/core/tcp/missing-syn.zeek +++ b/testing/btest/core/tcp/missing-syn.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tcp/quantum-insert.zeek b/testing/btest/core/tcp/quantum-insert.zeek index 8b4738c9e1..4e94f488c3 100644 --- a/testing/btest/core/tcp/quantum-insert.zeek +++ b/testing/btest/core/tcp/quantum-insert.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/qi_internet_SYNACK_curl_jsonip.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tcp/qi_internet_SYNACK_curl_jsonip.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # Quantum Insert like attack, overlapping TCP packet with different content diff --git a/testing/btest/core/tcp/rst-after-syn.zeek b/testing/btest/core/tcp/rst-after-syn.zeek index 38976909d7..97075993d9 100644 --- a/testing/btest/core/tcp/rst-after-syn.zeek +++ b/testing/btest/core/tcp/rst-after-syn.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/rst-inject-rae.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tcp/rst-inject-rae.trace %INPUT # @TEST-EXEC: btest-diff .stdout # Mostly just checking that c$resp$size isn't huge due to the injected diff --git a/testing/btest/core/tcp/rxmit-history.zeek b/testing/btest/core/tcp/rxmit-history.zeek index 6413d66041..b63e357633 100644 --- a/testing/btest/core/tcp/rxmit-history.zeek +++ b/testing/btest/core/tcp/rxmit-history.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tcp/retransmit-fast009.trace %INPUT && mv conn.log conn-1.log -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT && mv conn.log conn-2.log +# @TEST-EXEC: zeek -C -r $TRACES/tcp/retransmit-fast009.trace %INPUT && mv conn.log conn-1.log +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT && mv conn.log conn-2.log # @TEST-EXEC: btest-diff conn-1.log # @TEST-EXEC: btest-diff conn-2.log diff --git a/testing/btest/core/tcp/truncated-header.zeek b/testing/btest/core/tcp/truncated-header.zeek index f3ae369b2e..babfd7531c 100644 --- a/testing/btest/core/tcp/truncated-header.zeek +++ b/testing/btest/core/tcp/truncated-header.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tcp/truncated-header.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/truncated-header.pcap %INPUT >out # @TEST-EXEC: btest-diff out event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string) diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test index d819ca1f88..22db760810 100644 --- a/testing/btest/core/truncation.test +++ b/testing/btest/core/truncation.test @@ -1,43 +1,43 @@ # Truncated IP packet's should not be analyzed, and generate truncated_IP weird -# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip4-trunc.pcap # @TEST-EXEC: mv weird.log output -# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-trunc.pcap # @TEST-EXEC: cat weird.log >> output -# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-ext-trunc.pcap # @TEST-EXEC: cat weird.log >> output # If an ICMP packet's payload is truncated due to too small snaplen, # the checksum calculation is bypassed (and Bro doesn't crash, of course). # @TEST-EXEC: rm -f weird.log -# @TEST-EXEC: bro -r $TRACES/trunc/icmp-payload-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-payload-trunc.pcap # @TEST-EXEC: test ! -e weird.log # If an ICMP packet has the ICMP header truncated due to too small snaplen, # an internally_truncated_header weird gets generated. -# @TEST-EXEC: bro -r $TRACES/trunc/icmp-header-trunc.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-header-trunc.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packets where the captured length is less than the length required # for the packet header should also raise a Weird -# @TEST-EXEC: bro -r $TRACES/trunc/trunc-hdr.pcap +# @TEST-EXEC: zeek -r $TRACES/trunc/trunc-hdr.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length -# @TEST-EXEC: bro -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the captured length is big enough for the ip header # struct, but not large enough to capture the full header length (with options) -# @TEST-EXEC: bro -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length inside several tunnels -# @TEST-EXEC: bro -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap +# @TEST-EXEC: zeek -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/tunnels/ayiya.test b/testing/btest/core/tunnels/ayiya.test index 043e06c621..d7a79e6eb2 100644 --- a/testing/btest/core/tunnels/ayiya.test +++ b/testing/btest/core/tunnels/ayiya.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/ayiya3.trace +# @TEST-EXEC: zeek -r $TRACES/tunnels/ayiya3.trace # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/core/tunnels/false-teredo.zeek b/testing/btest/core/tunnels/false-teredo.zeek index 5622e05204..818b543d95 100644 --- a/testing/btest/core/tunnels/false-teredo.zeek +++ b/testing/btest/core/tunnels/false-teredo.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/false-teredo.pcap %INPUT >output # @TEST-EXEC: test ! -e weird.log # @TEST-EXEC: test ! -e dpd.log diff --git a/testing/btest/core/tunnels/gre-in-gre.test b/testing/btest/core/tunnels/gre-in-gre.test index ce85f54dbb..39a7bd774b 100644 --- a/testing/btest/core/tunnels/gre-in-gre.test +++ b/testing/btest/core/tunnels/gre-in-gre.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-within-gre.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-within-gre.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gre-pptp.test b/testing/btest/core/tunnels/gre-pptp.test index a5fa8c0d19..892f105fb2 100644 --- a/testing/btest/core/tunnels/gre-pptp.test +++ b/testing/btest/core/tunnels/gre-pptp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-pptp.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-pptp.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/tunnels/gre.test b/testing/btest/core/tunnels/gre.test index 0ce9a0c8b8..395bcd38bd 100644 --- a/testing/btest/core/tunnels/gre.test +++ b/testing/btest/core/tunnels/gre.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gre-sample.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-sample.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test index 136853c463..aedd6781dd 100644 --- a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test +++ b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/ext_header.test b/testing/btest/core/tunnels/gtp/ext_header.test index 6316acb184..251d8fb9d6 100644 --- a/testing/btest/core/tunnels/gtp/ext_header.test +++ b/testing/btest/core/tunnels/gtp/ext_header.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out # @TEST-EXEC: btest-diff out event gtpv1_message(c: connection, hdr: gtpv1_hdr) diff --git a/testing/btest/core/tunnels/gtp/false_gtp.test b/testing/btest/core/tunnels/gtp/false_gtp.test index 6e84be7323..b38291c8df 100644 --- a/testing/btest/core/tunnels/gtp/false_gtp.test +++ b/testing/btest/core/tunnels/gtp/false_gtp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp3_false_gtp.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp3_false_gtp.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: test ! -e tunnel.log diff --git a/testing/btest/core/tunnels/gtp/inner_ipv6.test b/testing/btest/core/tunnels/gtp/inner_ipv6.test index 97d8562ecc..865401b9df 100644 --- a/testing/btest/core/tunnels/gtp/inner_ipv6.test +++ b/testing/btest/core/tunnels/gtp/inner_ipv6.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/inner_teredo.test b/testing/btest/core/tunnels/gtp/inner_teredo.test index 9161d31229..b6e83a36c3 100644 --- a/testing/btest/core/tunnels/gtp/inner_teredo.test +++ b/testing/btest/core/tunnels/gtp/inner_teredo.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp8_teredo.pcap "Tunnel::delay_teredo_confirmation=F" +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp8_teredo.pcap "Tunnel::delay_teredo_confirmation=F" # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/non_recursive.test b/testing/btest/core/tunnels/gtp/non_recursive.test index 0b03c0d6ae..6f5e6f3c62 100644 --- a/testing/btest/core/tunnels/gtp/non_recursive.test +++ b/testing/btest/core/tunnels/gtp/non_recursive.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp4_udp_2152_inside.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp4_udp_2152_inside.pcap %INPUT >out # @TEST-EXEC: btest-diff out # In telecoms there is never a GTP tunnel within another GTP tunnel. diff --git a/testing/btest/core/tunnels/gtp/not_user_plane_data.test b/testing/btest/core/tunnels/gtp/not_user_plane_data.test index a6a3333360..4edab5ab44 100644 --- a/testing/btest/core/tunnels/gtp/not_user_plane_data.test +++ b/testing/btest/core/tunnels/gtp/not_user_plane_data.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp10_not_0xff.pcap +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp10_not_0xff.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: test ! -e tunnel.log diff --git a/testing/btest/core/tunnels/gtp/opt_header.test b/testing/btest/core/tunnels/gtp/opt_header.test index 32329c7ca8..c1f3d89e03 100644 --- a/testing/btest/core/tunnels/gtp/opt_header.test +++ b/testing/btest/core/tunnels/gtp/opt_header.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/outer_ip_frag.test b/testing/btest/core/tunnels/gtp/outer_ip_frag.test index b2badb9c1b..310c377eed 100644 --- a/testing/btest/core/tunnels/gtp/outer_ip_frag.test +++ b/testing/btest/core/tunnels/gtp/outer_ip_frag.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp1_gn_normal_incl_fragmentation.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp1_gn_normal_incl_fragmentation.pcap # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test index 7405c8d019..06912c1f9d 100644 --- a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test +++ b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/gtp/gtp_control_prime.pcap -r $TRACES/tunnels/gtp/gtp_create_pdp_ctx.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_control_prime.pcap -r $TRACES/tunnels/gtp/gtp_create_pdp_ctx.pcap %INPUT >out # @TEST-EXEC: btest-diff out event gtpv1_message(c: connection, hdr: gtpv1_hdr) diff --git a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test index e1b3d4ba20..0fe72b9ad8 100644 --- a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test +++ b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap # @TEST-EXEC: btest-diff dpd.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/tunnels/ip-in-ip-version.zeek b/testing/btest/core/tunnels/ip-in-ip-version.zeek index 35d633c8fe..f5ff69c21c 100644 --- a/testing/btest/core/tunnels/ip-in-ip-version.zeek +++ b/testing/btest/core/tunnels/ip-in-ip-version.zeek @@ -1,11 +1,11 @@ # Trace in we have mpls->ip6->ip6->ip4 where the ip4 packet # has an invalid IP version. -# @TEST-EXEC: bro -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap # @TEST-EXEC: mv weird.log output # Trace in which we have mpls->ip6->ip6 where the ip6 packet # has an invalid IP version. -# @TEST-EXEC: bro -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/tunnels/ip-in-ip.test b/testing/btest/core/tunnels/ip-in-ip.test index 38f4610445..f003865b2e 100644 --- a/testing/btest/core/tunnels/ip-in-ip.test +++ b/testing/btest/core/tunnels/ip-in-ip.test @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in4.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/4in6.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/4in4.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/4in6.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/4in4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/tunnels/ip-tunnel-uid.test b/testing/btest/core/tunnels/ip-tunnel-uid.test index f86fd126c9..1f50d4baea 100644 --- a/testing/btest/core/tunnels/ip-tunnel-uid.test +++ b/testing/btest/core/tunnels/ip-tunnel-uid.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tunnels/ping6-in-ipv4.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/ping6-in-ipv4.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event new_connection(c: connection) diff --git a/testing/btest/core/tunnels/teredo-known-services.test b/testing/btest/core/tunnels/teredo-known-services.test index db42996eb2..dc5aad52fd 100644 --- a/testing/btest/core/tunnels/teredo-known-services.test +++ b/testing/btest/core/tunnels/teredo-known-services.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" +# @TEST-EXEC: zeek -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" # @TEST-EXEC: test ! -e known_services.log # The first case using Tunnel::delay_teredo_confirmation=T doesn't produce diff --git a/testing/btest/core/tunnels/teredo.zeek b/testing/btest/core/tunnels/teredo.zeek index c457decd98..0a884bc027 100644 --- a/testing/btest/core/tunnels/teredo.zeek +++ b/testing/btest/core/tunnels/teredo.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/Teredo.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/Teredo.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tunnels/teredo_bubble_with_payload.test b/testing/btest/core/tunnels/teredo_bubble_with_payload.test index f45d8ca585..ef72ddf519 100644 --- a/testing/btest/core/tunnels/teredo_bubble_with_payload.test +++ b/testing/btest/core/tunnels/teredo_bubble_with_payload.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/tunnels/vxlan.zeek b/testing/btest/core/tunnels/vxlan.zeek index 50a7b1a24a..5b1b9defaa 100644 --- a/testing/btest/core/tunnels/vxlan.zeek +++ b/testing/btest/core/tunnels/vxlan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tunnels/vxlan.pcap %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/tunnels/vxlan.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/core/vector-assignment.zeek b/testing/btest/core/vector-assignment.zeek index 9c5cc4e0f6..8593562892 100644 --- a/testing/btest/core/vector-assignment.zeek +++ b/testing/btest/core/vector-assignment.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # This regression test checks a special case in the vector code. In this case # UnaryExpr will be called with a Type() of any. Tests succeeds if it does not diff --git a/testing/btest/core/vlan-mpls.zeek b/testing/btest/core/vlan-mpls.zeek index b7a7a351cb..9e345b762a 100644 --- a/testing/btest/core/vlan-mpls.zeek +++ b/testing/btest/core/vlan-mpls.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/mixed-vlan-mpls.trace +# @TEST-EXEC: zeek -C -r $TRACES/mixed-vlan-mpls.trace # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/when-interpreter-exceptions.zeek b/testing/btest/core/when-interpreter-exceptions.zeek index 41f2374c2f..1a713fd1af 100644 --- a/testing/btest/core/when-interpreter-exceptions.zeek +++ b/testing/btest/core/when-interpreter-exceptions.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro "bro -b %INPUT >output 2>&1" +# @TEST-EXEC: btest-bg-run zeek "zeek -b %INPUT >output 2>&1" # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-sort" btest-diff bro/output +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-sort" btest-diff zeek/output # interpreter exceptions in "when" blocks shouldn't cause termination diff --git a/testing/btest/core/wlanmon.zeek b/testing/btest/core/wlanmon.zeek index b227baf7eb..e29613ae56 100644 --- a/testing/btest/core/wlanmon.zeek +++ b/testing/btest/core/wlanmon.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/wlanmon.pcap +# @TEST-EXEC: zeek -C -r $TRACES/wlanmon.pcap # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/x509-generalizedtime.zeek b/testing/btest/core/x509-generalizedtime.zeek index b69ab31743..14e9edbf24 100644 --- a/testing/btest/core/x509-generalizedtime.zeek +++ b/testing/btest/core/x509-generalizedtime.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: bro -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) { diff --git a/testing/btest/coverage/bare-load-baseline.test b/testing/btest/coverage/bare-load-baseline.test index 98ce72e4b8..94fdb04b04 100644 --- a/testing/btest/coverage/bare-load-baseline.test +++ b/testing/btest/coverage/bare-load-baseline.test @@ -7,7 +7,7 @@ # prefix to make the test work everywhere. That's what the sed magic # below does. Don't ask. :-) -# @TEST-EXEC: bro -b misc/loaded-scripts +# @TEST-EXEC: zeek -b misc/loaded-scripts # @TEST-EXEC: test -e loaded_scripts.log # @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | awk 'NR>0{print $1}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix # @TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 6f5e6983f6..fa4c15c120 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -1,9 +1,9 @@ -# Makes sure any given bro script in the scripts/ tree can be loaded in +# Makes sure any given zeek script in the scripts/ tree can be loaded in # bare mode without error. # # Commonly, this test may fail if one forgets to @load some base/ scripts -# when writing a new bro scripts. +# when writing a new zeek scripts. # # @TEST-EXEC: test -d $DIST/scripts -# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do bro -b --parse-only $script >>errors 2>&1; done +# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors diff --git a/testing/btest/coverage/coverage-blacklist.zeek b/testing/btest/coverage/coverage-blacklist.zeek index 30a5f86efa..469a874a69 100644 --- a/testing/btest/coverage/coverage-blacklist.zeek +++ b/testing/btest/coverage/coverage-blacklist.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: BRO_PROFILER_FILE=coverage bro -b %INPUT +# @TEST-EXEC: BRO_PROFILER_FILE=coverage zeek -b %INPUT # @TEST-EXEC: grep %INPUT coverage | sort -k2 >output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/coverage/default-load-baseline.test b/testing/btest/coverage/default-load-baseline.test index 076f26b770..df13444ad7 100644 --- a/testing/btest/coverage/default-load-baseline.test +++ b/testing/btest/coverage/default-load-baseline.test @@ -7,7 +7,7 @@ # prefix to make the test work everywhere. That's what the sed magic # below does. Don't ask. :-) -# @TEST-EXEC: bro misc/loaded-scripts +# @TEST-EXEC: zeek misc/loaded-scripts # @TEST-EXEC: test -e loaded_scripts.log # @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix # @TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix diff --git a/testing/btest/coverage/find-bro-logs.test b/testing/btest/coverage/find-bro-logs.test index ee0e45262b..61d2b13ada 100644 --- a/testing/btest/coverage/find-bro-logs.test +++ b/testing/btest/coverage/find-bro-logs.test @@ -22,7 +22,7 @@ import os, sys scriptdir = sys.argv[1] -# Return a list of all bro script files. +# Return a list of all zeek script files. def find_scripts(): scripts = [] diff --git a/testing/btest/coverage/init-default.test b/testing/btest/coverage/init-default.test index edc0012ef1..f3c1aec31e 100644 --- a/testing/btest/coverage/init-default.test +++ b/testing/btest/coverage/init-default.test @@ -1,16 +1,16 @@ # Makes sure that all base/* scripts are loaded by default via # init-default.zeek; and that all scripts loaded there actually exist. # -# This test will fail if a new bro script is added under the scripts/base/ +# This test will fail if a new zeek script is added under the scripts/base/ # directory and it is not also added as an @load in base/init-default.zeek. -# In some cases, a script in base is loaded based on the bro configuration +# In some cases, a script in base is loaded based on the zeek configuration # (e.g. cluster operation), and in such cases, the missing_loads baseline # can be adjusted to tolerate that. #@TEST-EXEC: test -d $DIST/scripts/base #@TEST-EXEC: test -e $DIST/scripts/base/init-default.zeek #@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.zeek' ) | sort >"all scripts found" -#@TEST-EXEC: bro misc/loaded-scripts +#@TEST-EXEC: zeek misc/loaded-scripts #@TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix #@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.zeek|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp #@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix diff --git a/testing/btest/coverage/test-all-policy.test b/testing/btest/coverage/test-all-policy.test index 61e4297f83..46571d967e 100644 --- a/testing/btest/coverage/test-all-policy.test +++ b/testing/btest/coverage/test-all-policy.test @@ -1,9 +1,9 @@ # Makes sure that all policy/* scripts are loaded in # scripts/test-all-policy.zeek and that all scripts loaded there actually exist. # -# This test will fail if new bro scripts are added to the scripts/policy/ +# This test will fail if new zeek scripts are added to the scripts/policy/ # directory. Correcting that just involves updating -# scripts/test-all-policy.zeek to @load the new bro scripts. +# scripts/test-all-policy.zeek to @load the new zeek scripts. @TEST-EXEC: test -e $DIST/scripts/test-all-policy.zeek @TEST-EXEC: test -d $DIST/scripts diff --git a/testing/btest/doc/record-add.zeek b/testing/btest/doc/record-add.zeek index 284ea22959..baebaaf3f2 100644 --- a/testing/btest/doc/record-add.zeek +++ b/testing/btest/doc/record-add.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # To support documentation of type aliases, Bro clones declared types # (see add_type() in Var.cc) in order to keep track of type names and aliases. diff --git a/testing/btest/doc/record-attr-check.zeek b/testing/btest/doc/record-attr-check.zeek index c7dc74631d..e34b417e57 100644 --- a/testing/btest/doc/record-attr-check.zeek +++ b/testing/btest/doc/record-attr-check.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT type Tag: enum { SOMETHING diff --git a/testing/btest/doc/zeexygen/command_line.zeek b/testing/btest/doc/zeexygen/command_line.zeek index d009667b7e..d8d48e6a44 100644 --- a/testing/btest/doc/zeexygen/command_line.zeek +++ b/testing/btest/doc/zeexygen/command_line.zeek @@ -1,7 +1,7 @@ # Shouldn't emit any warnings about not being able to document something # that's supplied via command line script. -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro %INPUT -e 'redef myvar=10; print myvar' >output 2>&1 +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek %INPUT -e 'redef myvar=10; print myvar' >output 2>&1 # @TEST-EXEC: btest-diff output const myvar = 5 &redef; diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek index f3c1be6b14..5747d80cb6 100644 --- a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek +++ b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b %INPUT >out +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b %INPUT >out # @TEST-EXEC: btest-diff out ##! This is a test script. diff --git a/testing/btest/doc/zeexygen/enums.zeek b/testing/btest/doc/zeexygen/enums.zeek index a385a36a6c..c2c91ff280 100644 --- a/testing/btest/doc/zeexygen/enums.zeek +++ b/testing/btest/doc/zeexygen/enums.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-enums.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/example.zeek b/testing/btest/doc/zeexygen/example.zeek index 53179dac39..ae611bc0a4 100644 --- a/testing/btest/doc/zeexygen/example.zeek +++ b/testing/btest/doc/zeexygen/example.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff example.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/func-params.zeek b/testing/btest/doc/zeexygen/func-params.zeek index 5facba3e05..62d116def5 100644 --- a/testing/btest/doc/zeexygen/func-params.zeek +++ b/testing/btest/doc/zeexygen/func-params.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-func-params.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/identifier.zeek b/testing/btest/doc/zeexygen/identifier.zeek index 38a4f274ad..ee851096ef 100644 --- a/testing/btest/doc/zeexygen/identifier.zeek +++ b/testing/btest/doc/zeexygen/identifier.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/package.zeek b/testing/btest/doc/zeexygen/package.zeek index 7038b5b50a..dcf299fc2b 100644 --- a/testing/btest/doc/zeexygen/package.zeek +++ b/testing/btest/doc/zeexygen/package.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/package_index.zeek b/testing/btest/doc/zeexygen/package_index.zeek index 3a0c92ca71..55e645433e 100644 --- a/testing/btest/doc/zeexygen/package_index.zeek +++ b/testing/btest/doc/zeexygen/package_index.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/records.zeek b/testing/btest/doc/zeexygen/records.zeek index 0c1f668df9..b4243ec58a 100644 --- a/testing/btest/doc/zeexygen/records.zeek +++ b/testing/btest/doc/zeexygen/records.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-records.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/script_index.zeek b/testing/btest/doc/zeexygen/script_index.zeek index f92513d632..d60fa54356 100644 --- a/testing/btest/doc/zeexygen/script_index.zeek +++ b/testing/btest/doc/zeexygen/script_index.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/script_summary.zeek b/testing/btest/doc/zeexygen/script_summary.zeek index 9378417f08..2c8dc5fb36 100644 --- a/testing/btest/doc/zeexygen/script_summary.zeek +++ b/testing/btest/doc/zeexygen/script_summary.zeek @@ -1,5 +1,5 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/type-aliases.zeek b/testing/btest/doc/zeexygen/type-aliases.zeek index 40a6e24417..a505eb0c05 100644 --- a/testing/btest/doc/zeexygen/type-aliases.zeek +++ b/testing/btest/doc/zeexygen/type-aliases.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/doc/zeexygen/vectors.zeek b/testing/btest/doc/zeexygen/vectors.zeek index 8a16a58149..0f1f9a65ad 100644 --- a/testing/btest/doc/zeexygen/vectors.zeek +++ b/testing/btest/doc/zeexygen/vectors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; zeek -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-vectors.rst @TEST-START-FILE zeexygen.config diff --git a/testing/btest/language/addr.zeek b/testing/btest/language/addr.zeek index 8829c20da2..dff331c3fd 100644 --- a/testing/btest/language/addr.zeek +++ b/testing/btest/language/addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/any.zeek b/testing/btest/language/any.zeek index 32daa36903..aebab284c2 100644 --- a/testing/btest/language/any.zeek +++ b/testing/btest/language/any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-deprecated.zeek b/testing/btest/language/at-deprecated.zeek index 271a918e5e..a035f6d24e 100644 --- a/testing/btest/language/at-deprecated.zeek +++ b/testing/btest/language/at-deprecated.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b foo +# @TEST-EXEC: zeek -b foo # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr @TEST-START-FILE foo.zeek diff --git a/testing/btest/language/at-dir.zeek b/testing/btest/language/at-dir.zeek index a366285a5b..35f8894caf 100644 --- a/testing/btest/language/at-dir.zeek +++ b/testing/btest/language/at-dir.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -# @TEST-EXEC: bro -b ./pathtest.zeek >out2 +# @TEST-EXEC: zeek -b ./pathtest.zeek >out2 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out2 print @DIR; diff --git a/testing/btest/language/at-filename.zeek b/testing/btest/language/at-filename.zeek index 83e4e968f3..aa8b924b7e 100644 --- a/testing/btest/language/at-filename.zeek +++ b/testing/btest/language/at-filename.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out print @FILENAME; diff --git a/testing/btest/language/at-if-event.zeek b/testing/btest/language/at-if-event.zeek index 2ac757810d..bd6112f369 100644 --- a/testing/btest/language/at-if-event.zeek +++ b/testing/btest/language/at-if-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # Check if @if can be used to alternative function/event definitions diff --git a/testing/btest/language/at-if-invalid.zeek b/testing/btest/language/at-if-invalid.zeek index e2e5e2c699..8657e3affb 100644 --- a/testing/btest/language/at-if-invalid.zeek +++ b/testing/btest/language/at-if-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function foo(c: count): bool diff --git a/testing/btest/language/at-if.zeek b/testing/btest/language/at-if.zeek index 1aba7b9ded..e6d7f58cae 100644 --- a/testing/btest/language/at-if.zeek +++ b/testing/btest/language/at-if.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-ifdef.zeek b/testing/btest/language/at-ifdef.zeek index ebc59f7056..cbc26b5cfa 100644 --- a/testing/btest/language/at-ifdef.zeek +++ b/testing/btest/language/at-ifdef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-ifndef.zeek b/testing/btest/language/at-ifndef.zeek index 6e4df4dd86..069b51bddc 100644 --- a/testing/btest/language/at-ifndef.zeek +++ b/testing/btest/language/at-ifndef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/at-load.zeek b/testing/btest/language/at-load.zeek index ae14eba436..45df73b05c 100644 --- a/testing/btest/language/at-load.zeek +++ b/testing/btest/language/at-load.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # In this script, we try to access each object defined in a "@load"ed script @@ -18,7 +18,7 @@ event zeek_init() # In this script, we define some objects to be used in another script -# Note: this script is not listed on the bro command-line (instead, it +# Note: this script is not listed on the zeek command-line (instead, it # is "@load"ed from the other script) global test_case: function(msg: string, expect: bool); diff --git a/testing/btest/language/attr-default-coercion.zeek b/testing/btest/language/attr-default-coercion.zeek index 8304169cfb..01adee04e4 100644 --- a/testing/btest/language/attr-default-coercion.zeek +++ b/testing/btest/language/attr-default-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type my_table: table[string] of double; diff --git a/testing/btest/language/attr-default-global-set-error.zeek b/testing/btest/language/attr-default-global-set-error.zeek index 8ee80bccb2..515c71fc24 100644 --- a/testing/btest/language/attr-default-global-set-error.zeek +++ b/testing/btest/language/attr-default-global-set-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global ss: set[string] &default=0; diff --git a/testing/btest/language/bool.zeek b/testing/btest/language/bool.zeek index be54a442d9..e19f5a3714 100644 --- a/testing/btest/language/bool.zeek +++ b/testing/btest/language/bool.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/common-mistakes.zeek b/testing/btest/language/common-mistakes.zeek index 4e9e017fda..b829b5315b 100644 --- a/testing/btest/language/common-mistakes.zeek +++ b/testing/btest/language/common-mistakes.zeek @@ -2,13 +2,13 @@ # handled internally by way of throwing an exception to unwind out # of the current event handler body. -# @TEST-EXEC: bro -b 1.zeek >1.out 2>&1 +# @TEST-EXEC: zeek -b 1.zeek >1.out 2>&1 # @TEST-EXEC: btest-diff 1.out -# @TEST-EXEC: bro -b 2.zeek >2.out 2>&1 +# @TEST-EXEC: zeek -b 2.zeek >2.out 2>&1 # @TEST-EXEC: btest-diff 2.out -# @TEST-EXEC: bro -b 3.zeek >3.out 2>&1 +# @TEST-EXEC: zeek -b 3.zeek >3.out 2>&1 # @TEST-EXEC: btest-diff 3.out @TEST-START-FILE 1.zeek diff --git a/testing/btest/language/conditional-expression.zeek b/testing/btest/language/conditional-expression.zeek index 4938b87b4d..43c5d12a83 100644 --- a/testing/btest/language/conditional-expression.zeek +++ b/testing/btest/language/conditional-expression.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/const.zeek b/testing/btest/language/const.zeek index 6d7b3fe527..38aada2029 100644 --- a/testing/btest/language/const.zeek +++ b/testing/btest/language/const.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -b valid.zeek 2>valid.stderr 1>valid.stdout +# @TEST-EXEC: zeek -b valid.zeek 2>valid.stderr 1>valid.stdout # @TEST-EXEC: btest-diff valid.stderr # @TEST-EXEC: btest-diff valid.stdout -# @TEST-EXEC-FAIL: bro -b invalid.zeek 2>invalid.stderr 1>invalid.stdout +# @TEST-EXEC-FAIL: zeek -b invalid.zeek 2>invalid.stderr 1>invalid.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.stderr # @TEST-EXEC: btest-diff invalid.stdout diff --git a/testing/btest/language/container-ctor-scope.zeek b/testing/btest/language/container-ctor-scope.zeek index fd1939a459..f4f2da92ac 100644 --- a/testing/btest/language/container-ctor-scope.zeek +++ b/testing/btest/language/container-ctor-scope.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out # All various container contructors should work at both global and local scope. diff --git a/testing/btest/language/copy.zeek b/testing/btest/language/copy.zeek index e3d6b80d5b..9ac1e577ea 100644 --- a/testing/btest/language/copy.zeek +++ b/testing/btest/language/copy.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/count.zeek b/testing/btest/language/count.zeek index 6e5dca8bc2..a2d3fb0cc2 100644 --- a/testing/btest/language/count.zeek +++ b/testing/btest/language/count.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/cross-product-init.zeek b/testing/btest/language/cross-product-init.zeek index 8cb9c48367..f5027cfd3c 100644 --- a/testing/btest/language/cross-product-init.zeek +++ b/testing/btest/language/cross-product-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output global my_subs = { 1.2.3.4/19, 5.6.7.8/21 }; diff --git a/testing/btest/language/default-params.zeek b/testing/btest/language/default-params.zeek index c11adbf3b5..c07bdee207 100644 --- a/testing/btest/language/default-params.zeek +++ b/testing/btest/language/default-params.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out ### functions diff --git a/testing/btest/language/delete-field-set.zeek b/testing/btest/language/delete-field-set.zeek index 1f1c5b0c27..8f1482c6c2 100644 --- a/testing/btest/language/delete-field-set.zeek +++ b/testing/btest/language/delete-field-set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type FooBar: record { diff --git a/testing/btest/language/delete-field.zeek b/testing/btest/language/delete-field.zeek index 99136ff2b9..0e5d4e3809 100644 --- a/testing/btest/language/delete-field.zeek +++ b/testing/btest/language/delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/deprecated.zeek b/testing/btest/language/deprecated.zeek index 9ac6996145..6e10d7d744 100644 --- a/testing/btest/language/deprecated.zeek +++ b/testing/btest/language/deprecated.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type blah: string &deprecated; diff --git a/testing/btest/language/double.zeek b/testing/btest/language/double.zeek index f1338ca16d..56ce711da2 100644 --- a/testing/btest/language/double.zeek +++ b/testing/btest/language/double.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/enum-desc.zeek b/testing/btest/language/enum-desc.zeek index 86466e2fc2..c296b76a13 100644 --- a/testing/btest/language/enum-desc.zeek +++ b/testing/btest/language/enum-desc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type test_enum1: enum { ONE }; diff --git a/testing/btest/language/enum-scope.zeek b/testing/btest/language/enum-scope.zeek index 82e7c7fd7c..8c2e20c9b2 100644 --- a/testing/btest/language/enum-scope.zeek +++ b/testing/btest/language/enum-scope.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type foo: enum { a, b } &redef; diff --git a/testing/btest/language/enum.zeek b/testing/btest/language/enum.zeek index c4aa2d71a1..71c354971f 100644 --- a/testing/btest/language/enum.zeek +++ b/testing/btest/language/enum.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/eof-parse-errors.zeek b/testing/btest/language/eof-parse-errors.zeek index 3b6ba8faf5..54fe96df19 100644 --- a/testing/btest/language/eof-parse-errors.zeek +++ b/testing/btest/language/eof-parse-errors.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC-FAIL: bro -b a.zeek >output1 2>&1 -# @TEST-EXEC-FAIL: bro -b a.zeek b.zeek >output2 2>&1 +# @TEST-EXEC-FAIL: zeek -b a.zeek >output1 2>&1 +# @TEST-EXEC-FAIL: zeek -b a.zeek b.zeek >output2 2>&1 # @TEST-EXEC: btest-diff output1 # @TEST-EXEC: btest-diff output2 diff --git a/testing/btest/language/event-local-var.zeek b/testing/btest/language/event-local-var.zeek index 337cd37bac..4d7364cc39 100644 --- a/testing/btest/language/event-local-var.zeek +++ b/testing/btest/language/event-local-var.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT 2> out +# @TEST-EXEC-FAIL: zeek -b %INPUT 2> out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out diff --git a/testing/btest/language/event.zeek b/testing/btest/language/event.zeek index 664bff49ef..39bb36c192 100644 --- a/testing/btest/language/event.zeek +++ b/testing/btest/language/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/expire-expr-error.zeek b/testing/btest/language/expire-expr-error.zeek index b2ac4d7c55..5e6f0b4e6f 100644 --- a/testing/btest/language/expire-expr-error.zeek +++ b/testing/btest/language/expire-expr-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cp .stderr output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/btest/language/expire-func-undef.zeek b/testing/btest/language/expire-func-undef.zeek index 2da735a9be..9198edc6c4 100644 --- a/testing/btest/language/expire-func-undef.zeek +++ b/testing/btest/language/expire-func-undef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rotation.trace -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -r $TRACES/rotation.trace -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output module segfault; diff --git a/testing/btest/language/expire-redef.zeek b/testing/btest/language/expire-redef.zeek index 552e26cce0..3958ef8342 100644 --- a/testing/btest/language/expire-redef.zeek +++ b/testing/btest/language/expire-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output redef exit_only_after_terminate = T; diff --git a/testing/btest/language/expire-type-error.zeek b/testing/btest/language/expire-type-error.zeek index d6d807e22f..2424ca0394 100644 --- a/testing/btest/language/expire-type-error.zeek +++ b/testing/btest/language/expire-type-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global data: table[int] of string &write_expire="kaputt"; diff --git a/testing/btest/language/expire_func.test b/testing/btest/language/expire_func.test index c66a901a4f..016ebe9d88 100644 --- a/testing/btest/language/expire_func.test +++ b/testing/btest/language/expire_func.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output function inform_me(s: set[string], idx: string): interval diff --git a/testing/btest/language/expire_func_mod.zeek b/testing/btest/language/expire_func_mod.zeek index 8b14dad74c..4e64edc968 100644 --- a/testing/btest/language/expire_func_mod.zeek +++ b/testing/btest/language/expire_func_mod.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out module Test; diff --git a/testing/btest/language/expire_multiple.test b/testing/btest/language/expire_multiple.test index 1e4aaa0975..38c552a0e1 100644 --- a/testing/btest/language/expire_multiple.test +++ b/testing/btest/language/expire_multiple.test @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output global s: set[string] &create_expire=1secs &read_expire=1secs; diff --git a/testing/btest/language/expire_subnet.test b/testing/btest/language/expire_subnet.test index f0bf388ad0..9b95f39763 100644 --- a/testing/btest/language/expire_subnet.test +++ b/testing/btest/language/expire_subnet.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output redef table_expire_interval = 1sec; diff --git a/testing/btest/language/file.zeek b/testing/btest/language/file.zeek index 80d10a4d1f..a3691b87da 100644 --- a/testing/btest/language/file.zeek +++ b/testing/btest/language/file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/language/for.zeek b/testing/btest/language/for.zeek index acf9612927..246eb47051 100644 --- a/testing/btest/language/for.zeek +++ b/testing/btest/language/for.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/func-assignment.zeek b/testing/btest/language/func-assignment.zeek index 724eac38ae..febf57e61c 100644 --- a/testing/btest/language/func-assignment.zeek +++ b/testing/btest/language/func-assignment.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function double_string(s: string): string diff --git a/testing/btest/language/function.zeek b/testing/btest/language/function.zeek index db2ac675b0..ff967b897f 100644 --- a/testing/btest/language/function.zeek +++ b/testing/btest/language/function.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/hook.zeek b/testing/btest/language/hook.zeek index c14e153577..01b43e5807 100644 --- a/testing/btest/language/hook.zeek +++ b/testing/btest/language/hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type rec: record { diff --git a/testing/btest/language/hook_calls.zeek b/testing/btest/language/hook_calls.zeek index d465510a34..eee92f1e2a 100644 --- a/testing/btest/language/hook_calls.zeek +++ b/testing/btest/language/hook_calls.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b valid.zeek >valid.out +# @TEST-EXEC: zeek -b valid.zeek >valid.out # @TEST-EXEC: btest-diff valid.out -# @TEST-EXEC-FAIL: bro -b invalid.zeek > invalid.out 2>&1 +# @TEST-EXEC-FAIL: zeek -b invalid.zeek > invalid.out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.out # hook functions must be called using the "hook" keyword as an operator... diff --git a/testing/btest/language/if.zeek b/testing/btest/language/if.zeek index 9f3be4dd1b..1f6f1116e1 100644 --- a/testing/btest/language/if.zeek +++ b/testing/btest/language/if.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/incr-vec-expr.test b/testing/btest/language/incr-vec-expr.test index c9945061a2..1bd3e54129 100644 --- a/testing/btest/language/incr-vec-expr.test +++ b/testing/btest/language/incr-vec-expr.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type rec: record { diff --git a/testing/btest/language/index-assignment-invalid.zeek b/testing/btest/language/index-assignment-invalid.zeek index 662b73ff91..a42c81320b 100644 --- a/testing/btest/language/index-assignment-invalid.zeek +++ b/testing/btest/language/index-assignment-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: grep "error" output >output2 # @TEST-EXEC: for i in 1 2 3 4 5; do cat output2 | cut -d'|' -f$i >>out; done # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out diff --git a/testing/btest/language/init-in-anon-function.zeek b/testing/btest/language/init-in-anon-function.zeek index 4da70dd2f4..f5808c1d99 100644 --- a/testing/btest/language/init-in-anon-function.zeek +++ b/testing/btest/language/init-in-anon-function.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r ${TRACES}/wikipedia.trace %INPUT >out +# @TEST-EXEC: zeek -r ${TRACES}/wikipedia.trace %INPUT >out # @TEST-EXEC: btest-diff http.log module Foo; diff --git a/testing/btest/language/int.zeek b/testing/btest/language/int.zeek index d4314c8367..c9344dd007 100644 --- a/testing/btest/language/int.zeek +++ b/testing/btest/language/int.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/interval.zeek b/testing/btest/language/interval.zeek index c8b975e637..994eb4c769 100644 --- a/testing/btest/language/interval.zeek +++ b/testing/btest/language/interval.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/invalid_index.zeek b/testing/btest/language/invalid_index.zeek index 399865ba23..80f294c68b 100644 --- a/testing/btest/language/invalid_index.zeek +++ b/testing/btest/language/invalid_index.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global foo: vector of count = { 42 }; diff --git a/testing/btest/language/ipv6-literals.zeek b/testing/btest/language/ipv6-literals.zeek index bf888b29e1..e64185d92a 100644 --- a/testing/btest/language/ipv6-literals.zeek +++ b/testing/btest/language/ipv6-literals.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output local v: vector of addr = vector(); diff --git a/testing/btest/language/key-value-for.zeek b/testing/btest/language/key-value-for.zeek index 396c1d0bab..6d3dfc5f7f 100644 --- a/testing/btest/language/key-value-for.zeek +++ b/testing/btest/language/key-value-for.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/module.zeek b/testing/btest/language/module.zeek index 7f2512741f..e714ff22c2 100644 --- a/testing/btest/language/module.zeek +++ b/testing/btest/language/module.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT secondtestfile >out +# @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out # In this source file, we define a module and export some objects diff --git a/testing/btest/language/named-record-ctors.zeek b/testing/btest/language/named-record-ctors.zeek index 40a79d86b3..af2b175266 100644 --- a/testing/btest/language/named-record-ctors.zeek +++ b/testing/btest/language/named-record-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out @load frameworks/software/vulnerable diff --git a/testing/btest/language/named-set-ctors.zeek b/testing/btest/language/named-set-ctors.zeek index 083937c42e..707c8f6fe5 100644 --- a/testing/btest/language/named-set-ctors.zeek +++ b/testing/btest/language/named-set-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/named-table-ctors.zeek b/testing/btest/language/named-table-ctors.zeek index 45d0974832..957ea351da 100644 --- a/testing/btest/language/named-table-ctors.zeek +++ b/testing/btest/language/named-table-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/named-vector-ctors.zeek b/testing/btest/language/named-vector-ctors.zeek index 1e0e1e9e55..775422810b 100644 --- a/testing/btest/language/named-vector-ctors.zeek +++ b/testing/btest/language/named-vector-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { diff --git a/testing/btest/language/nested-sets.zeek b/testing/btest/language/nested-sets.zeek index e33e1ac842..8c4f987075 100644 --- a/testing/btest/language/nested-sets.zeek +++ b/testing/btest/language/nested-sets.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: for i in `seq 21`; do echo 0 >> random.seed; done -# @TEST-EXEC: test `bro -b -G random.seed %INPUT` = "pass" +# @TEST-EXEC: test `zeek -b -G random.seed %INPUT` = "pass" type r: record { b: set[count]; diff --git a/testing/btest/language/next-test.zeek b/testing/btest/language/next-test.zeek index 83523dd59b..3746c4cb09 100644 --- a/testing/btest/language/next-test.zeek +++ b/testing/btest/language/next-test.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # This script tests "next" being called during the last iteration of a diff --git a/testing/btest/language/no-module.zeek b/testing/btest/language/no-module.zeek index 4d1372f10c..3369e9b14e 100644 --- a/testing/btest/language/no-module.zeek +++ b/testing/btest/language/no-module.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT secondtestfile >out +# @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out # This is the same test as "module.bro", but here we omit the module definition diff --git a/testing/btest/language/null-statement.zeek b/testing/btest/language/null-statement.zeek index 69861ce96e..72ceedf293 100644 --- a/testing/btest/language/null-statement.zeek +++ b/testing/btest/language/null-statement.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/outer_param_binding.zeek b/testing/btest/language/outer_param_binding.zeek index a197cb87fb..d3587a7cce 100644 --- a/testing/btest/language/outer_param_binding.zeek +++ b/testing/btest/language/outer_param_binding.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type Foo: record { diff --git a/testing/btest/language/pattern.zeek b/testing/btest/language/pattern.zeek index ae9cb15bf7..05a84e713c 100644 --- a/testing/btest/language/pattern.zeek +++ b/testing/btest/language/pattern.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/port.zeek b/testing/btest/language/port.zeek index 81d7704c14..03a6617eed 100644 --- a/testing/btest/language/port.zeek +++ b/testing/btest/language/port.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/precedence.zeek b/testing/btest/language/precedence.zeek index 9d74c67262..1af4bb6569 100644 --- a/testing/btest/language/precedence.zeek +++ b/testing/btest/language/precedence.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) @@ -7,7 +7,7 @@ function test_case(msg: string, expect: bool) } # This is an incomplete set of tests to demonstrate the order of precedence -# of bro script operators +# of zeek script operators event zeek_init() { diff --git a/testing/btest/language/raw_output_attr.test b/testing/btest/language/raw_output_attr.test index 3af94dc727..ccf616405e 100644 --- a/testing/btest/language/raw_output_attr.test +++ b/testing/btest/language/raw_output_attr.test @@ -1,7 +1,7 @@ # Files with the &raw_output attribute shouldn't interpret NUL characters # in strings that are `print`ed to it. -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: tr '\000' 'X' output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cmp myfile hookfile diff --git a/testing/btest/language/rec-comp-init.zeek b/testing/btest/language/rec-comp-init.zeek index c65ef69097..022f9fd50e 100644 --- a/testing/btest/language/rec-comp-init.zeek +++ b/testing/btest/language/rec-comp-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Make sure composit types in records are initialized. diff --git a/testing/btest/language/rec-nested-opt.zeek b/testing/btest/language/rec-nested-opt.zeek index 3b4a478f6b..be03a4532c 100644 --- a/testing/btest/language/rec-nested-opt.zeek +++ b/testing/btest/language/rec-nested-opt.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type Version: record { diff --git a/testing/btest/language/rec-of-tbl.zeek b/testing/btest/language/rec-of-tbl.zeek index 8d2c9ab0e0..6285680c47 100644 --- a/testing/btest/language/rec-of-tbl.zeek +++ b/testing/btest/language/rec-of-tbl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type x: record { diff --git a/testing/btest/language/rec-table-default.zeek b/testing/btest/language/rec-table-default.zeek index 27e0043dc3..3f14e3ab59 100644 --- a/testing/btest/language/rec-table-default.zeek +++ b/testing/btest/language/rec-table-default.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/record-bad-ctor.zeek b/testing/btest/language/record-bad-ctor.zeek index 6b7ae4ff19..7c465e7dea 100644 --- a/testing/btest/language/record-bad-ctor.zeek +++ b/testing/btest/language/record-bad-ctor.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # At least shouldn't crash Bro, just report the invalid record ctor. diff --git a/testing/btest/language/record-bad-ctor2.zeek b/testing/btest/language/record-bad-ctor2.zeek index 7941c38860..02f4f472d6 100644 --- a/testing/btest/language/record-bad-ctor2.zeek +++ b/testing/btest/language/record-bad-ctor2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # Record ctor's expression list shouldn't accept "expressions that diff --git a/testing/btest/language/record-ceorce-orphan.zeek b/testing/btest/language/record-ceorce-orphan.zeek index d72f447a12..8279da4afb 100644 --- a/testing/btest/language/record-ceorce-orphan.zeek +++ b/testing/btest/language/record-ceorce-orphan.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type myrec: record { diff --git a/testing/btest/language/record-coerce-clash.zeek b/testing/btest/language/record-coerce-clash.zeek index 5dab9ded8a..3b4dcb393e 100644 --- a/testing/btest/language/record-coerce-clash.zeek +++ b/testing/btest/language/record-coerce-clash.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out # Record coercion attempt should report mismatched field types. global wrong = "80/tcp"; diff --git a/testing/btest/language/record-default-coercion.zeek b/testing/btest/language/record-default-coercion.zeek index 9d8babf571..83e48044a3 100644 --- a/testing/btest/language/record-default-coercion.zeek +++ b/testing/btest/language/record-default-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyRecord: record { diff --git a/testing/btest/language/record-default-set-mismatch.zeek b/testing/btest/language/record-default-set-mismatch.zeek index fcf10c1281..8de2459ebd 100644 --- a/testing/btest/language/record-default-set-mismatch.zeek +++ b/testing/btest/language/record-default-set-mismatch.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT 2>out +# @TEST-EXEC-FAIL: zeek -b %INPUT 2>out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type Foo: record { diff --git a/testing/btest/language/record-extension.zeek b/testing/btest/language/record-extension.zeek index 02b4c3bbe7..6dbf2be290 100644 --- a/testing/btest/language/record-extension.zeek +++ b/testing/btest/language/record-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Foo: record { diff --git a/testing/btest/language/record-function-recursion.zeek b/testing/btest/language/record-function-recursion.zeek index d6a1587962..e5168a6e3e 100644 --- a/testing/btest/language/record-function-recursion.zeek +++ b/testing/btest/language/record-function-recursion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT 2>&1 >out +# @TEST-EXEC: zeek -b %INPUT 2>&1 >out # @TEST-EXEC: btest-diff out type Outer: record { diff --git a/testing/btest/language/record-index-complex-fields.zeek b/testing/btest/language/record-index-complex-fields.zeek index ae45648728..eedf777ff6 100644 --- a/testing/btest/language/record-index-complex-fields.zeek +++ b/testing/btest/language/record-index-complex-fields.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # This test checks whether records with complex fields (tables, sets, vectors) diff --git a/testing/btest/language/record-recursive-coercion.zeek b/testing/btest/language/record-recursive-coercion.zeek index 4d17c0dee3..614bd3d92c 100644 --- a/testing/btest/language/record-recursive-coercion.zeek +++ b/testing/btest/language/record-recursive-coercion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Version: record { diff --git a/testing/btest/language/record-redef-after-init.zeek b/testing/btest/language/record-redef-after-init.zeek index 693d8bac76..2ec28c1367 100644 --- a/testing/btest/language/record-redef-after-init.zeek +++ b/testing/btest/language/record-redef-after-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type myrec: record { diff --git a/testing/btest/language/record-ref-assign.zeek b/testing/btest/language/record-ref-assign.zeek index a9539ab716..993d7223e3 100644 --- a/testing/btest/language/record-ref-assign.zeek +++ b/testing/btest/language/record-ref-assign.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type State: record { diff --git a/testing/btest/language/record-type-checking.zeek b/testing/btest/language/record-type-checking.zeek index 5e50a4d8bc..b341414564 100644 --- a/testing/btest/language/record-type-checking.zeek +++ b/testing/btest/language/record-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyRec: record { diff --git a/testing/btest/language/redef-same-prefixtable-idx.zeek b/testing/btest/language/redef-same-prefixtable-idx.zeek index e0e16060f4..c96af48f3e 100644 --- a/testing/btest/language/redef-same-prefixtable-idx.zeek +++ b/testing/btest/language/redef-same-prefixtable-idx.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out const my_table: table[subnet] of subnet &redef; diff --git a/testing/btest/language/redef-vector.zeek b/testing/btest/language/redef-vector.zeek index 26dc2109ba..bf35467424 100644 --- a/testing/btest/language/redef-vector.zeek +++ b/testing/btest/language/redef-vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out const foo: vector of string &redef; diff --git a/testing/btest/language/returnwhen.zeek b/testing/btest/language/returnwhen.zeek index c3d5f17661..8eddd4a30b 100644 --- a/testing/btest/language/returnwhen.zeek +++ b/testing/btest/language/returnwhen.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout redef exit_only_after_terminate = T; diff --git a/testing/btest/language/set-opt-record-index.zeek b/testing/btest/language/set-opt-record-index.zeek index f22c144595..0015c20621 100644 --- a/testing/btest/language/set-opt-record-index.zeek +++ b/testing/btest/language/set-opt-record-index.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Make sure a set can be indexed with a record that has optional fields diff --git a/testing/btest/language/set-type-checking.zeek b/testing/btest/language/set-type-checking.zeek index 3518b8a02d..49674ce870 100644 --- a/testing/btest/language/set-type-checking.zeek +++ b/testing/btest/language/set-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MySet: set[port]; diff --git a/testing/btest/language/set.zeek b/testing/btest/language/set.zeek index 53cf400795..1c3ab85ef2 100644 --- a/testing/btest/language/set.zeek +++ b/testing/btest/language/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/short-circuit.zeek b/testing/btest/language/short-circuit.zeek index 70928f6441..45d1046ab3 100644 --- a/testing/btest/language/short-circuit.zeek +++ b/testing/btest/language/short-circuit.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/sizeof.zeek b/testing/btest/language/sizeof.zeek index 396984780a..fc510afb70 100644 --- a/testing/btest/language/sizeof.zeek +++ b/testing/btest/language/sizeof.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Demo policy for the sizeof operator "|x|". diff --git a/testing/btest/language/smith-waterman-test.zeek b/testing/btest/language/smith-waterman-test.zeek index 2113d88e24..1eff86ef83 100644 --- a/testing/btest/language/smith-waterman-test.zeek +++ b/testing/btest/language/smith-waterman-test.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output global params: sw_params = [ $min_strlen = 2, $sw_variant = 0 ]; diff --git a/testing/btest/language/string-indexing.zeek b/testing/btest/language/string-indexing.zeek index e109eeba80..6cce3ab713 100644 --- a/testing/btest/language/string-indexing.zeek +++ b/testing/btest/language/string-indexing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out local word = "HelpA"; diff --git a/testing/btest/language/string.zeek b/testing/btest/language/string.zeek index 936ac3e493..8f9350a16d 100644 --- a/testing/btest/language/string.zeek +++ b/testing/btest/language/string.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/strings.zeek b/testing/btest/language/strings.zeek index 992fb2c5b3..a5d8cbf69b 100644 --- a/testing/btest/language/strings.zeek +++ b/testing/btest/language/strings.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Demo policy for string functions diff --git a/testing/btest/language/subnet-errors.zeek b/testing/btest/language/subnet-errors.zeek index 499a6fb552..875817c433 100644 --- a/testing/btest/language/subnet-errors.zeek +++ b/testing/btest/language/subnet-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/language/subnet.zeek b/testing/btest/language/subnet.zeek index 32cf11701e..db61460df9 100644 --- a/testing/btest/language/subnet.zeek +++ b/testing/btest/language/subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/switch-error-mixed.zeek b/testing/btest/language/switch-error-mixed.zeek index 78c7a2091f..4eb68f38d7 100644 --- a/testing/btest/language/switch-error-mixed.zeek +++ b/testing/btest/language/switch-error-mixed.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: count): string diff --git a/testing/btest/language/switch-incomplete.zeek b/testing/btest/language/switch-incomplete.zeek index dedf529ccb..62f55f63d2 100644 --- a/testing/btest/language/switch-incomplete.zeek +++ b/testing/btest/language/switch-incomplete.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event zeek_init() diff --git a/testing/btest/language/switch-statement.zeek b/testing/btest/language/switch-statement.zeek index 1035cb4b2e..2f4bf56118 100644 --- a/testing/btest/language/switch-statement.zeek +++ b/testing/btest/language/switch-statement.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type MyEnum: enum { diff --git a/testing/btest/language/switch-types-error-duplicate.zeek b/testing/btest/language/switch-types-error-duplicate.zeek index 846d228be3..3b40e2fcfe 100644 --- a/testing/btest/language/switch-types-error-duplicate.zeek +++ b/testing/btest/language/switch-types-error-duplicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: any): string diff --git a/testing/btest/language/switch-types-error-unsupported.zeek b/testing/btest/language/switch-types-error-unsupported.zeek index d8b8d039df..3045336f22 100644 --- a/testing/btest/language/switch-types-error-unsupported.zeek +++ b/testing/btest/language/switch-types-error-unsupported.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out function switch_one(v: string): string diff --git a/testing/btest/language/switch-types-vars.zeek b/testing/btest/language/switch-types-vars.zeek index 3e33e1c17f..c92a16e5e6 100644 --- a/testing/btest/language/switch-types-vars.zeek +++ b/testing/btest/language/switch-types-vars.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function switch_one(v: any) diff --git a/testing/btest/language/switch-types.zeek b/testing/btest/language/switch-types.zeek index 2ebddea6f0..031a311774 100644 --- a/testing/btest/language/switch-types.zeek +++ b/testing/btest/language/switch-types.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function switch_one(v: any): string diff --git a/testing/btest/language/table-default-record.zeek b/testing/btest/language/table-default-record.zeek index 3894f3ac09..c7f561d19f 100644 --- a/testing/btest/language/table-default-record.zeek +++ b/testing/btest/language/table-default-record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out type Foo: record { diff --git a/testing/btest/language/table-init-attrs.zeek b/testing/btest/language/table-init-attrs.zeek index 9d3403642a..5f1e742479 100644 --- a/testing/btest/language/table-init-attrs.zeek +++ b/testing/btest/language/table-init-attrs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # set()/table() constructors are allowed to have attributes. When initializing diff --git a/testing/btest/language/table-init-container-ctors.zeek b/testing/btest/language/table-init-container-ctors.zeek index 1f9e18d848..6302ca83e1 100644 --- a/testing/btest/language/table-init-container-ctors.zeek +++ b/testing/btest/language/table-init-container-ctors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # The various container constructor expressions should work in table diff --git a/testing/btest/language/table-init-record-idx.zeek b/testing/btest/language/table-init-record-idx.zeek index db9716dc42..e3c1c4823c 100644 --- a/testing/btest/language/table-init-record-idx.zeek +++ b/testing/btest/language/table-init-record-idx.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # Record constructors should work in table initializers diff --git a/testing/btest/language/table-init.zeek b/testing/btest/language/table-init.zeek index cc94589974..0a2514e0b9 100644 --- a/testing/btest/language/table-init.zeek +++ b/testing/btest/language/table-init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output global global_table: table[count] of string = { diff --git a/testing/btest/language/table-redef.zeek b/testing/btest/language/table-redef.zeek index 290610499f..51c4360044 100644 --- a/testing/btest/language/table-redef.zeek +++ b/testing/btest/language/table-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > out +# @TEST-EXEC: zeek -b %INPUT > out # @TEST-EXEC: btest-diff out const foo: table[string] of double &redef; diff --git a/testing/btest/language/table-type-checking.zeek b/testing/btest/language/table-type-checking.zeek index 639a2d021d..faefaf3a60 100644 --- a/testing/btest/language/table-type-checking.zeek +++ b/testing/btest/language/table-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyTable: table[port] of count; diff --git a/testing/btest/language/table.zeek b/testing/btest/language/table.zeek index 98f7daa8e3..cb26b5c17b 100644 --- a/testing/btest/language/table.zeek +++ b/testing/btest/language/table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/ternary-record-mismatch.zeek b/testing/btest/language/ternary-record-mismatch.zeek index 3c0c4ab95e..1b9796a799 100644 --- a/testing/btest/language/ternary-record-mismatch.zeek +++ b/testing/btest/language/ternary-record-mismatch.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath" btest-diff out type MyRecord: record { diff --git a/testing/btest/language/time.zeek b/testing/btest/language/time.zeek index e8b71219ca..685b011217 100644 --- a/testing/btest/language/time.zeek +++ b/testing/btest/language/time.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/timeout.zeek b/testing/btest/language/timeout.zeek index 47906b35fb..120ec845ab 100644 --- a/testing/btest/language/timeout.zeek +++ b/testing/btest/language/timeout.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset BRO_DNS_FAKE && bro -b %INPUT >out +# @TEST-EXEC: unset BRO_DNS_FAKE && zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/type-cast-any.zeek b/testing/btest/language/type-cast-any.zeek index ad18a28646..f79e8abcce 100644 --- a/testing/btest/language/type-cast-any.zeek +++ b/testing/btest/language/type-cast-any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-error-dynamic.zeek b/testing/btest/language/type-cast-error-dynamic.zeek index 21f51bc8d8..1edf9e3d2a 100644 --- a/testing/btest/language/type-cast-error-dynamic.zeek +++ b/testing/btest/language/type-cast-error-dynamic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-error-static.zeek b/testing/btest/language/type-cast-error-static.zeek index 3d1afbe095..05ab92e09e 100644 --- a/testing/btest/language/type-cast-error-static.zeek +++ b/testing/btest/language/type-cast-error-static.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-cast-same.zeek b/testing/btest/language/type-cast-same.zeek index 58e98bb0c0..226eb05b17 100644 --- a/testing/btest/language/type-cast-same.zeek +++ b/testing/btest/language/type-cast-same.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-check-any.zeek b/testing/btest/language/type-check-any.zeek index 1b681a3420..95047c8de1 100644 --- a/testing/btest/language/type-check-any.zeek +++ b/testing/btest/language/type-check-any.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/type-check-vector.zeek b/testing/btest/language/type-check-vector.zeek index b92c654fb6..b7ea42241e 100644 --- a/testing/btest/language/type-check-vector.zeek +++ b/testing/btest/language/type-check-vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type myvec: vector of any; diff --git a/testing/btest/language/type-type-error.zeek b/testing/btest/language/type-type-error.zeek index 2f3e3913ef..586b181ec5 100644 --- a/testing/btest/language/type-type-error.zeek +++ b/testing/btest/language/type-type-error.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT +# @TEST-EXEC-FAIL: zeek -b %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr type r: record { diff --git a/testing/btest/language/undefined-delete-field.zeek b/testing/btest/language/undefined-delete-field.zeek index a45e093527..f4ecfdb106 100644 --- a/testing/btest/language/undefined-delete-field.zeek +++ b/testing/btest/language/undefined-delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 || echo $? >>output +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 || echo $? >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type MyRecordType: record diff --git a/testing/btest/language/uninitialized-local.zeek b/testing/btest/language/uninitialized-local.zeek index ec4a6e61de..6d8e26be72 100644 --- a/testing/btest/language/uninitialized-local.zeek +++ b/testing/btest/language/uninitialized-local.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event testit() &priority=10 diff --git a/testing/btest/language/uninitialized-local2.zeek b/testing/btest/language/uninitialized-local2.zeek index ed4045a1a3..4b8f0c8275 100644 --- a/testing/btest/language/uninitialized-local2.zeek +++ b/testing/btest/language/uninitialized-local2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out event test() diff --git a/testing/btest/language/vector-any-append.zeek b/testing/btest/language/vector-any-append.zeek index d501af6b15..599859b1d8 100644 --- a/testing/btest/language/vector-any-append.zeek +++ b/testing/btest/language/vector-any-append.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function assign(v: vector of any) diff --git a/testing/btest/language/vector-coerce-expr.zeek b/testing/btest/language/vector-coerce-expr.zeek index 97f9617665..7fa4affe9c 100644 --- a/testing/btest/language/vector-coerce-expr.zeek +++ b/testing/btest/language/vector-coerce-expr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output type X: record { diff --git a/testing/btest/language/vector-in-operator.zeek b/testing/btest/language/vector-in-operator.zeek index 5936145363..ceea232f0e 100644 --- a/testing/btest/language/vector-in-operator.zeek +++ b/testing/btest/language/vector-in-operator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out local ten = "0123456789"; diff --git a/testing/btest/language/vector-list-init-records.zeek b/testing/btest/language/vector-list-init-records.zeek index b1eee0ac92..d7aad468a2 100644 --- a/testing/btest/language/vector-list-init-records.zeek +++ b/testing/btest/language/vector-list-init-records.zeek @@ -1,7 +1,7 @@ # Initializing a vector with a list of records should promote elements as # necessary to match the vector's yield type. -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type Foo: record { diff --git a/testing/btest/language/vector-type-checking.zeek b/testing/btest/language/vector-type-checking.zeek index c0003503a4..bdea76c4cd 100644 --- a/testing/btest/language/vector-type-checking.zeek +++ b/testing/btest/language/vector-type-checking.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out type MyVec: vector of count; diff --git a/testing/btest/language/vector-unspecified.zeek b/testing/btest/language/vector-unspecified.zeek index b91f910504..d0898b5d42 100644 --- a/testing/btest/language/vector-unspecified.zeek +++ b/testing/btest/language/vector-unspecified.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output # Test assignment behavior of unspecified vectors diff --git a/testing/btest/language/vector.zeek b/testing/btest/language/vector.zeek index 36ff7c0267..0564e52e4f 100644 --- a/testing/btest/language/vector.zeek +++ b/testing/btest/language/vector.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_case(msg: string, expect: bool) diff --git a/testing/btest/language/when-unitialized-rhs.zeek b/testing/btest/language/when-unitialized-rhs.zeek index 196834c2ae..62464004f2 100644 --- a/testing/btest/language/when-unitialized-rhs.zeek +++ b/testing/btest/language/when-unitialized-rhs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out global crashMe: function(): string; diff --git a/testing/btest/language/when.zeek b/testing/btest/language/when.zeek index 36914ce993..de710aa736 100644 --- a/testing/btest/language/when.zeek +++ b/testing/btest/language/when.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run test1 bro %INPUT +# @TEST-EXEC: btest-bg-run test1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: mv test1/.stdout out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/while.zeek b/testing/btest/language/while.zeek index d6588589f7..3e12c81514 100644 --- a/testing/btest/language/while.zeek +++ b/testing/btest/language/while.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out function test_noop() diff --git a/testing/btest/language/wrong-delete-field.zeek b/testing/btest/language/wrong-delete-field.zeek index 63573faf8a..c393f66c16 100644 --- a/testing/btest/language/wrong-delete-field.zeek +++ b/testing/btest/language/wrong-delete-field.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output type X: record { diff --git a/testing/btest/language/wrong-record-extension.zeek b/testing/btest/language/wrong-record-extension.zeek index a8ef6a64e9..72b66c4ee3 100644 --- a/testing/btest/language/wrong-record-extension.zeek +++ b/testing/btest/language/wrong-record-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >output.tmp 2>&1 +# @TEST-EXEC-FAIL: zeek -b %INPUT >output.tmp 2>&1 # @TEST-EXEC: sed 's#^.*:##g' output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/language/zeek_init.zeek b/testing/btest/language/zeek_init.zeek index 27f82d626c..c1ca3ba65c 100644 --- a/testing/btest/language/zeek_init.zeek +++ b/testing/btest/language/zeek_init.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/language/zeek_script_loaded.zeek b/testing/btest/language/zeek_script_loaded.zeek index 41f43409e6..9011790e93 100644 --- a/testing/btest/language/zeek_script_loaded.zeek +++ b/testing/btest/language/zeek_script_loaded.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: zeek -b %INPUT >out # @TEST-EXEC: btest-diff out event zeek_script_loaded(path: string, level: count) &priority=10 diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index f3a60d20b7..9470231888 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -3,8 +3,8 @@ # @TEST-EXEC: ./configure --bro-dist=${DIST} --install-root=`pwd`/test-install # @TEST-EXEC: make # @TEST-EXEC: make install -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro -NN Demo::Foo >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install zeek -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output mkdir -p scripts/Demo/Foo/base/ diff --git a/testing/btest/plugins/bifs-and-scripts.sh b/testing/btest/plugins/bifs-and-scripts.sh index 6cc1ca61f5..222c961b2d 100644 --- a/testing/btest/plugins/bifs-and-scripts.sh +++ b/testing/btest/plugins/bifs-and-scripts.sh @@ -1,25 +1,25 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/empty.trace >>output # @TEST-EXEC: echo =-= >>output -# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` bro -b Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` zeek -b Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b ./activate.zeek -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.zeek Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b ./activate.zeek Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b Demo::Foo Demo/Foo -r $TRACES/empty.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -b Demo::Foo Demo/Foo -r $TRACES/empty.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output diff --git a/testing/btest/plugins/file.zeek b/testing/btest/plugins/file.zeek index 29724aa8a4..9193fc7101 100644 --- a/testing/btest/plugins/file.zeek +++ b/testing/btest/plugins/file.zeek @@ -1,9 +1,9 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/file-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/ftp/retr.trace %INPUT >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/ftp/retr.trace %INPUT >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output event file_new(f: fa_file) diff --git a/testing/btest/plugins/hooks.zeek b/testing/btest/plugins/hooks.zeek index d2d3d754d9..be00e50f5c 100644 --- a/testing/btest/plugins/hooks.zeek +++ b/testing/btest/plugins/hooks.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Hooks # @TEST-EXEC: cp -r %DIR/hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` bro -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output @unload base/misc/version diff --git a/testing/btest/plugins/init-plugin.zeek b/testing/btest/plugins/init-plugin.zeek index a4ebf7b00c..c3332f170b 100644 --- a/testing/btest/plugins/init-plugin.zeek +++ b/testing/btest/plugins/init-plugin.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output diff --git a/testing/btest/plugins/logging-hooks.zeek b/testing/btest/plugins/logging-hooks.zeek index fa6a936d11..46a724957e 100644 --- a/testing/btest/plugins/logging-hooks.zeek +++ b/testing/btest/plugins/logging-hooks.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Log Hooks # @TEST-EXEC: cp -r %DIR/logging-hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` bro -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff ssh.log diff --git a/testing/btest/plugins/pktdumper.zeek b/testing/btest/plugins/pktdumper.zeek index d9bd91a5a6..0ed93db5a9 100644 --- a/testing/btest/plugins/pktdumper.zeek +++ b/testing/btest/plugins/pktdumper.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktdumper-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace -w foo::XXX %INPUT FilteredTraceDetection::enable=F >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace -w foo::XXX %INPUT FilteredTraceDetection::enable=F >>output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/pktsrc.zeek b/testing/btest/plugins/pktsrc.zeek index a13596e245..7aafe490ba 100644 --- a/testing/btest/plugins/pktsrc.zeek +++ b/testing/btest/plugins/pktsrc.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktsrc-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r foo::XXX %INPUT FilteredTraceDetection::enable=F >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r foo::XXX %INPUT FilteredTraceDetection::enable=F >>output # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/plugins/plugin-nopatchversion.zeek b/testing/btest/plugins/plugin-nopatchversion.zeek index 2279efde6a..d2460e4abc 100644 --- a/testing/btest/plugins/plugin-nopatchversion.zeek +++ b/testing/btest/plugins/plugin-nopatchversion.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::NoPatchVersion >> output +# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::NoPatchVersion >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/plugin-withpatchversion.zeek b/testing/btest/plugins/plugin-withpatchversion.zeek index 4d86f09719..4ea5511929 100644 --- a/testing/btest/plugins/plugin-withpatchversion.zeek +++ b/testing/btest/plugins/plugin-withpatchversion.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::WithPatchVersion >> output +# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::WithPatchVersion >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/plugins/protocol.zeek b/testing/btest/plugins/protocol.zeek index 8a6c2a6399..14b2b09ee9 100644 --- a/testing/btest/plugins/protocol.zeek +++ b/testing/btest/plugins/protocol.zeek @@ -1,9 +1,9 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/protocol-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace %INPUT >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/port4242.trace %INPUT >>output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output event foo_message(c: connection, data: string) diff --git a/testing/btest/plugins/reader.zeek b/testing/btest/plugins/reader.zeek index 8f9cf0c97f..2c62db375d 100644 --- a/testing/btest/plugins/reader.zeek +++ b/testing/btest/plugins/reader.zeek @@ -1,9 +1,9 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/reader-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` btest-bg-run bro bro %INPUT +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` btest-bg-run zeek zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff out diff --git a/testing/btest/plugins/reporter-hook.zeek b/testing/btest/plugins/reporter-hook.zeek index 6ac3683b2b..6c6c1fe323 100644 --- a/testing/btest/plugins/reporter-hook.zeek +++ b/testing/btest/plugins/reporter-hook.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Reporter Hook # @TEST-EXEC: cp -r %DIR/reporter-hook-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` bro -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output +# @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/plugins/writer.zeek b/testing/btest/plugins/writer.zeek index 732d726fd7..a10f4fb218 100644 --- a/testing/btest/plugins/writer.zeek +++ b/testing/btest/plugins/writer.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/writer-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output -# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/socks.trace Log::default_writer=Log::WRITER_FOO %INPUT | sort >>output +# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -r $TRACES/socks.trace Log::default_writer=Log::WRITER_FOO %INPUT | sort >>output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/files/data_event/basic.zeek b/testing/btest/scripts/base/files/data_event/basic.zeek index 2877155ebb..a5026c287c 100644 --- a/testing/btest/scripts/base/files/data_event/basic.zeek +++ b/testing/btest/scripts/base/files/data_event/basic.zeek @@ -1,6 +1,6 @@ # Just a very basic test to check if ANALYZER_DATA_EVENT works. # Also check if "in" works with binary data. -# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/files/entropy/basic.test b/testing/btest/scripts/base/files/entropy/basic.test index 2b867eb8cb..fda15d9724 100644 --- a/testing/btest/scripts/base/files/entropy/basic.test +++ b/testing/btest/scripts/base/files/entropy/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/files/extract/limit.zeek b/testing/btest/scripts/base/files/extract/limit.zeek index 2a88a0886d..e676d0ebe0 100644 --- a/testing/btest/scripts/base/files/extract/limit.zeek +++ b/testing/btest/scripts/base/files/extract/limit.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1 # @TEST-EXEC: btest-diff extract_files/1 # @TEST-EXEC: btest-diff 1.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T # @TEST-EXEC: btest-diff extract_files/2 # @TEST-EXEC: btest-diff 2.out # @TEST-EXEC: btest-diff files.log -# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T # @TEST-EXEC: btest-diff extract_files/3 # @TEST-EXEC: btest-diff 3.out diff --git a/testing/btest/scripts/base/files/pe/basic.test b/testing/btest/scripts/base/files/pe/basic.test index 4ca9ceecef..99778b7943 100644 --- a/testing/btest/scripts/base/files/pe/basic.test +++ b/testing/btest/scripts/base/files/pe/basic.test @@ -1,5 +1,5 @@ # This tests the PE analyzer against a PCAP of 4 PE files being downloaded via FTP. # The files are a mix of DLL/EXEs, signed/unsigned, and 32/64-bit files. -# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff pe.log diff --git a/testing/btest/scripts/base/files/unified2/alert.zeek b/testing/btest/scripts/base/files/unified2/alert.zeek index eca1ca036c..ae1b472ea5 100644 --- a/testing/btest/scripts/base/files/unified2/alert.zeek +++ b/testing/btest/scripts/base/files/unified2/alert.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2 +# @TEST-EXEC: zeek -b %INPUT Unified2::watch_file=$FILES/unified2.u2 # @TEST-EXEC: btest-diff unified2.log @TEST-START-FILE sid_msg.map diff --git a/testing/btest/scripts/base/files/x509/1999.test b/testing/btest/scripts/base/files/x509/1999.test index 7c1ab7971f..10c041db4f 100644 --- a/testing/btest/scripts/base/files/x509/1999.test +++ b/testing/btest/scripts/base/files/x509/1999.test @@ -1,5 +1,5 @@ # Test that the timestamp of a pre-y-2000 certificate is correctly parsed -# @TEST-EXEC: bro -r $TRACES/tls/telesec.pcap +# @TEST-EXEC: zeek -r $TRACES/tls/telesec.pcap # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test index 7ca60faf96..b50d9e2697 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/certificate-with-sct.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/certificate-with-sct.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test index a136e42b74..9755f4f2f0 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek index 237c19299e..5b98ea0f6d 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek @@ -1,7 +1,7 @@ # -# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq dns -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh +# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq dns +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh # redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH }; diff --git a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek index 24820f1954..edd2a77361 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT -# @TEST-EXEC: cat conn.log | bro-cut service | grep -q dns +# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q dns # redef Analyzer::disable_all = T; diff --git a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek index 0b0b4a4e21..8d3f92534b 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek @@ -1,9 +1,9 @@ # -# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; -# @TEST-EXEC: cat conn.log | bro-cut service | grep -q ssh +# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q ssh # -# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; -# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh +# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; +# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh event zeek_init() { diff --git a/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek index 114ea73673..07a84629fc 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | sort >output +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | sort >output # @TEST-EXEC: btest-diff output global x = 0; diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek index f2c56a4dcc..f4d45597ad 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek index d2ca2a50f1..cd314b65a6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek index b47d7ab55d..32f12d40a6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek @@ -4,11 +4,11 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek index 97d961e34d..59c0193ab6 100644 --- a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 bro %INPUT -# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 bro %INPUT -# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff logger-1/test.log # @TEST-EXEC: btest-diff logger-2/test.log diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek index 5f11122413..22a8ee8a38 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek @@ -5,12 +5,12 @@ # @TEST-PORT: BROKER_PORT5 # @TEST-PORT: BROKER_PORT6 # -# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. bro %INPUT +# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff logger-1/.stdout # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek index 2f69eba0ad..7e10ea14c1 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek @@ -4,11 +4,11 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek index 94a78e5304..36447f17e5 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek index a0b98aeb39..4c3fdc438b 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek @@ -4,9 +4,9 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/basic.zeek b/testing/btest/scripts/base/frameworks/config/basic.zeek index f5a02983fd..0195388792 100644 --- a/testing/btest/scripts/base/frameworks/config/basic.zeek +++ b/testing/btest/scripts/base/frameworks/config/basic.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/config.log +# @TEST-EXEC: btest-diff zeek/.stderr @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek index f61deeea15..4a3c4f180e 100644 --- a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek index 4aa3ad185f..482cd1721b 100644 --- a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek +++ b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek @@ -2,11 +2,11 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: sleep 15 -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/read_config.zeek b/testing/btest/scripts/base/frameworks/config/read_config.zeek index 7d88d20ef1..8ea2e4690e 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config.zeek +++ b/testing/btest/scripts/base/frameworks/config/read_config.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log +# @TEST-EXEC: btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek index 7151e67d42..18b53ce07a 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/several-files.zeek b/testing/btest/scripts/base/frameworks/config/several-files.zeek index c5ad563b4e..cc6d8ce8aa 100644 --- a/testing/btest/scripts/base/frameworks/config/several-files.zeek +++ b/testing/btest/scripts/base/frameworks/config/several-files.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff bro/config.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/updates.zeek b/testing/btest/scripts/base/frameworks/config/updates.zeek index 5a2e051817..09bcc9d198 100644 --- a/testing/btest/scripts/base/frameworks/config/updates.zeek +++ b/testing/btest/scripts/base/frameworks/config/updates.zeek @@ -1,12 +1,12 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile2 configfile -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile3 configfile -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv configfile4 configfile # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/config.log +# @TEST-EXEC: btest-diff zeek/config.log @load base/frameworks/config @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/config/weird.zeek b/testing/btest/scripts/base/frameworks/config/weird.zeek index 749525876d..300bb97101 100644 --- a/testing/btest/scripts/base/frameworks/config/weird.zeek +++ b/testing/btest/scripts/base/frameworks/config/weird.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff config.log diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek index 4921099d7c..0d3e8b960d 100644 --- a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek +++ b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff controllee/.stdout diff --git a/testing/btest/scripts/base/frameworks/control/id_value.zeek b/testing/btest/scripts/base/frameworks/control/id_value.zeek index a557f6487e..1f0072c346 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.zeek +++ b/testing/btest/scripts/base/frameworks/control/id_value.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-diff controller/.stdout diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.zeek b/testing/btest/scripts/base/frameworks/control/shutdown.zeek index a8089bf08a..c785539e8e 100644 --- a/testing/btest/scripts/base/frameworks/control/shutdown.zeek +++ b/testing/btest/scripts/base/frameworks/control/shutdown.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown # @TEST-EXEC: btest-bg-wait 10 diff --git a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek index 919d3b62c6..d5ecb55445 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out redef test_print_file_data_events = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek index 8b61eb45d3..c3a6fe208b 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek index df4573e418..2392c8558d 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek index 2c6f0a3d07..3d2d9b5949 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek index c44b1ec66b..c78bb521a8 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout global cnt: count = 0; global timeout_cnt: count = 0; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek index cfd2e0c67b..e70ea5a553 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: test ! -s Cx92a0ym5R8-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek index 0f7e23ddcf..fdf320cd43 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log @load frameworks/files/hash-all-files diff --git a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek index 7cf0ef239c..583a97481e 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek @@ -1,6 +1,6 @@ # This used to crash the file reassemly code. # -# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000 +# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000 # # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek index a25fde74e5..43a6506f6c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek index d90e08e08b..e62a952410 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out -# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out +# @TEST-EXEC: zeek -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: btest-diff get-gzip.out # @TEST-EXEC: btest-diff 1-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek index 400b787b52..7cc1efda09 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek index bb5ef7f800..c675adbb40 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out # @TEST-EXEC: btest-diff a.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >a.size # @TEST-EXEC: btest-diff a.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out # @TEST-EXEC: btest-diff b.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >b.size # @TEST-EXEC: btest-diff b.size -# @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out +# @TEST-EXEC: zeek -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out # @TEST-EXEC: btest-diff c.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >c.size # @TEST-EXEC: btest-diff c.size diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek index cdd69b84a9..acc635ae29 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek index 75efb27781..122c188b6c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file diff --git a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek index 9bafa0ca1e..3051459945 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/input/basic.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-bg-wait 8 -# @TEST-EXEC: btest-diff bro/.stdout -# @TEST-EXEC: diff -q bro/FK8WqY1Q9U1rVxnDge-file input.log +# @TEST-EXEC: btest-diff zeek/.stdout +# @TEST-EXEC: diff -q zeek/FK8WqY1Q9U1rVxnDge-file input.log redef exit_only_after_terminate = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek index a1fd1e36d5..4b3e641f34 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile diff --git a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek index 597f8a26bb..96c302a31a 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-diff files.log redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek index 9edec8abc1..0fddcc7f98 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile0 # @TEST-EXEC: btest-diff thefile1 diff --git a/testing/btest/scripts/base/frameworks/input/basic.zeek b/testing/btest/scripts/base/frameworks/input/basic.zeek index 02c3b4ff79..e96784fc0d 100644 --- a/testing/btest/scripts/base/frameworks/input/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/bignumber.zeek b/testing/btest/scripts/base/frameworks/input/bignumber.zeek index b5b9d3fcae..dd3a483050 100644 --- a/testing/btest/scripts/base/frameworks/input/bignumber.zeek +++ b/testing/btest/scripts/base/frameworks/input/bignumber.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/binary.zeek b/testing/btest/scripts/base/frameworks/input/binary.zeek index 072db53e11..fa98625997 100644 --- a/testing/btest/scripts/base/frameworks/input/binary.zeek +++ b/testing/btest/scripts/base/frameworks/input/binary.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/config/basic.zeek b/testing/btest/scripts/base/frameworks/input/config/basic.zeek index a0a7df017f..b6f7c2a78a 100644 --- a/testing/btest/scripts/base/frameworks/input/config/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/config/errors.zeek b/testing/btest/scripts/base/frameworks/input/config/errors.zeek index 262b4ff36d..0271dbe711 100644 --- a/testing/btest/scripts/base/frameworks/input/config/errors.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: tail -n +2 .stderr > errout # @TEST-EXEC: btest-diff errout diff --git a/testing/btest/scripts/base/frameworks/input/config/spaces.zeek b/testing/btest/scripts/base/frameworks/input/config/spaces.zeek index 00bc64888e..321deb3fa4 100644 --- a/testing/btest/scripts/base/frameworks/input/config/spaces.zeek +++ b/testing/btest/scripts/base/frameworks/input/config/spaces.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/default.zeek b/testing/btest/scripts/base/frameworks/input/default.zeek index 3c9880696d..a3e65e74e0 100644 --- a/testing/btest/scripts/base/frameworks/input/default.zeek +++ b/testing/btest/scripts/base/frameworks/input/default.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek index b43044b963..810aa96c6a 100644 --- a/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek +++ b/testing/btest/scripts/base/frameworks/input/empty-values-hashing.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/emptyvals.zeek b/testing/btest/scripts/base/frameworks/input/emptyvals.zeek index 6e45f56e8d..b495832d6d 100644 --- a/testing/btest/scripts/base/frameworks/input/emptyvals.zeek +++ b/testing/btest/scripts/base/frameworks/input/emptyvals.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/errors.zeek b/testing/btest/scripts/base/frameworks/input/errors.zeek index 296c43f450..4c9c6f8ec2 100644 --- a/testing/btest/scripts/base/frameworks/input/errors.zeek +++ b/testing/btest/scripts/base/frameworks/input/errors.zeek @@ -1,6 +1,6 @@ # Test different kinds of errors of the input framework # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stderr # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/event.zeek b/testing/btest/scripts/base/frameworks/input/event.zeek index 1ac4e38af5..f23d9cf52d 100644 --- a/testing/btest/scripts/base/frameworks/input/event.zeek +++ b/testing/btest/scripts/base/frameworks/input/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek b/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek index 2a2e2b1e63..86ace59204 100644 --- a/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalid-lines.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek b/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek index 4acaa63ee6..16a3cda1de 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidnumbers.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/invalidset.zeek b/testing/btest/scripts/base/frameworks/input/invalidset.zeek index d1ca5e3262..67aff58254 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidset.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidset.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/invalidtext.zeek b/testing/btest/scripts/base/frameworks/input/invalidtext.zeek index 3a30da30c8..2c2809861a 100644 --- a/testing/btest/scripts/base/frameworks/input/invalidtext.zeek +++ b/testing/btest/scripts/base/frameworks/input/invalidtext.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out # @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline diff --git a/testing/btest/scripts/base/frameworks/input/missing-enum.zeek b/testing/btest/scripts/base/frameworks/input/missing-enum.zeek index abdc608447..9c5850cfac 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-enum.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-enum.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/.stderr -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stderr +# @TEST-EXEC: btest-diff zeek/.stdout @TEST-START-FILE input.log #fields e i diff --git a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek index 0fed78d120..5d87c6d786 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek @@ -3,15 +3,15 @@ # It does a second test at the same time which configures the old # failing behavior. -# @TEST-EXEC: btest-bg-run bro bro %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/init 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/init 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv does-exist.dat does-not-exist.dat -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv does-not-exist.dat does-not-exist-again.dat # @TEST-EXEC: echo "3 streaming still works" >> does-not-exist-again.dat # @TEST-EXEC: btest-bg-wait 5 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stderr +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stderr @TEST-START-FILE does-exist.dat #separator \x09 diff --git a/testing/btest/scripts/base/frameworks/input/missing-file.zeek b/testing/btest/scripts/base/frameworks/input/missing-file.zeek index 90fbeb175e..f1d4a203e2 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-file.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/.stderr redef exit_only_after_terminate = T; redef InputAscii::fail_on_file_problem = T; diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek index 723227a1c3..925ec13f82 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek b/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek index 33da194d84..a55ddd318a 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-record.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/optional.zeek b/testing/btest/scripts/base/frameworks/input/optional.zeek index 9b9d569ffe..acea18810e 100644 --- a/testing/btest/scripts/base/frameworks/input/optional.zeek +++ b/testing/btest/scripts/base/frameworks/input/optional.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek index 784be4ca06..8e0b6b39b3 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-prefix.zeek @@ -2,14 +2,14 @@ # variables to verify that an absolute path prefix gets added correctly # to relative/path-less input sources. # -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.bro +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.zeek # @TEST-EXEC: mkdir -p subdir # # Note, in the following we'd ideally use %DIR to express the # additional path, but there's currently a problem in btest with using # %DIR after TEST-START-NEXT. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE subdir/input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek index 747c3d46dd..e8b5a4af78 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/absolute-source.zeek @@ -2,8 +2,8 @@ # variables to verify that setting these prefixes has no effect when # an input file uses an absolute-path source. # -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.bro -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.zeek +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek index 02a6e7e104..4557d631d3 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/no-paths.zeek @@ -1,7 +1,7 @@ # These tests verify that when setting neither InputAscii::path_prefix # nor InputBinary::path_prefix, Zeek correctly locates local input files. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input.data diff --git a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek index 2f24131b6f..0c4d7af64b 100644 --- a/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/input/path-prefix/relative-prefix.zeek @@ -3,7 +3,7 @@ # from the current working directory. # # @TEST-EXEC: mkdir -p alternative -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE alternative/input.data diff --git a/testing/btest/scripts/base/frameworks/input/port-embedded.zeek b/testing/btest/scripts/base/frameworks/input/port-embedded.zeek index 32feb47c34..ef4b0a0651 100644 --- a/testing/btest/scripts/base/frameworks/input/port-embedded.zeek +++ b/testing/btest/scripts/base/frameworks/input/port-embedded.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff bro/.stdout -# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff zeek/.stdout +# @TEST-EXEC: btest-diff zeek/.stderr @TEST-START-FILE input.log #fields i p diff --git a/testing/btest/scripts/base/frameworks/input/port.zeek b/testing/btest/scripts/base/frameworks/input/port.zeek index d0bb823b74..b7a4b78913 100644 --- a/testing/btest/scripts/base/frameworks/input/port.zeek +++ b/testing/btest/scripts/base/frameworks/input/port.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek b/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek index f8e7f8fdf3..25c818dae7 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicate-stream.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # -# only difference from predicate.bro is, that this one uses a stream source. +# only difference from predicate.zeek is, that this one uses a stream source. # the reason is, that the code-paths are quite different, because then the # ascii reader uses the put and not the sendevent interface diff --git a/testing/btest/scripts/base/frameworks/input/predicate.zeek b/testing/btest/scripts/base/frameworks/input/predicate.zeek index 171e1d42de..61f1a5cf16 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek b/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek index 80e8c6aac8..5de9f7bcc8 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicatemodify.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek index 53708b4fdd..9f3d66df80 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input5.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek index 6d4147ad06..79d38fab0d 100644 --- a/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/basic.zeek b/testing/btest/scripts/base/frameworks/input/raw/basic.zeek index cb9e0269ea..af246fdfcb 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/execute.zeek b/testing/btest/scripts/base/frameworks/input/raw/execute.zeek index 018b62d75b..672d8131d1 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/execute.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/execute.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek b/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek index 1c24c3ab8a..0beb8bca20 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/executestdin.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff test.txt # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek b/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek index ded6588269..73aec5cab7 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/executestream.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/long.zeek b/testing/btest/scripts/base/frameworks/input/raw/long.zeek index 40f84c8597..bab9e388e5 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/long.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/long.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: dd if=/dev/zero of=input.log bs=8193 count=1 -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out # diff --git a/testing/btest/scripts/base/frameworks/input/raw/offset.zeek b/testing/btest/scripts/base/frameworks/input/raw/offset.zeek index 0fdb6d65e9..87aa36fc8b 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/offset.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/offset.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: cp input.log input2.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: echo "hi" >> input2.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek index ae977b4b2d..f187187f68 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/rereadraw.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek b/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek index b62b135e43..a108ddbc4a 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/stderr.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: mkdir mydir && touch mydir/a && touch mydir/b && touch mydir/c -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek b/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek index 923428717f..741b3f92d6 100644 --- a/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek +++ b/testing/btest/scripts/base/frameworks/input/raw/streamraw.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/repeat.zeek b/testing/btest/scripts/base/frameworks/input/repeat.zeek index 86245ef9f0..db9a6018d0 100644 --- a/testing/btest/scripts/base/frameworks/input/repeat.zeek +++ b/testing/btest/scripts/base/frameworks/input/repeat.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/reread.zeek b/testing/btest/scripts/base/frameworks/input/reread.zeek index e34ae0a5ae..ca98c9f214 100644 --- a/testing/btest/scripts/base/frameworks/input/reread.zeek +++ b/testing/btest/scripts/base/frameworks/input/reread.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input2.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input4.log input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input5.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/set.zeek b/testing/btest/scripts/base/frameworks/input/set.zeek index 52c0b8feef..0d1021adae 100644 --- a/testing/btest/scripts/base/frameworks/input/set.zeek +++ b/testing/btest/scripts/base/frameworks/input/set.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/setseparator.zeek b/testing/btest/scripts/base/frameworks/input/setseparator.zeek index 3e052c4b44..fc876e8a6d 100644 --- a/testing/btest/scripts/base/frameworks/input/setseparator.zeek +++ b/testing/btest/scripts/base/frameworks/input/setseparator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek b/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek index 801a3229c5..b68e4b53d0 100644 --- a/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek +++ b/testing/btest/scripts/base/frameworks/input/setspecialcases.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek index fdb946e02c..d7c66f67ee 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/basic.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek index 7a46160dc0..b6c2b46bbb 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/error.zeek @@ -4,7 +4,7 @@ # # @TEST-GROUP: sqlite # -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: sed '1d' .stderr | sort > cmpfile # @TEST-EXEC: btest-diff cmpfile diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek index ddf4a844bb..ec0e9bd428 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/port.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: which sqlite3 # # @TEST-EXEC: cat port.sql | sqlite3 port.sqlite -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek b/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek index 894db886b5..6da0bef528 100644 --- a/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek +++ b/testing/btest/scripts/base/frameworks/input/sqlite/types.zeek @@ -4,7 +4,7 @@ # # @TEST-GROUP: sqlite # -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/stream.zeek b/testing/btest/scripts/base/frameworks/input/stream.zeek index 20f1b682fa..b9064ef46b 100644 --- a/testing/btest/scripts/base/frameworks/input/stream.zeek +++ b/testing/btest/scripts/base/frameworks/input/stream.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input2.log >> input.log -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek b/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek index fdcef27d68..9f303fbb5a 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek +++ b/testing/btest/scripts/base/frameworks/input/subrecord-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/subrecord.zeek b/testing/btest/scripts/base/frameworks/input/subrecord.zeek index 797768a7a7..c01ce24158 100644 --- a/testing/btest/scripts/base/frameworks/input/subrecord.zeek +++ b/testing/btest/scripts/base/frameworks/input/subrecord.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/tableevent.zeek b/testing/btest/scripts/base/frameworks/input/tableevent.zeek index 370265508d..680a412c27 100644 --- a/testing/btest/scripts/base/frameworks/input/tableevent.zeek +++ b/testing/btest/scripts/base/frameworks/input/tableevent.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/twotables.zeek b/testing/btest/scripts/base/frameworks/input/twotables.zeek index 12d5394a54..6ff57f9666 100644 --- a/testing/btest/scripts/base/frameworks/input/twotables.zeek +++ b/testing/btest/scripts/base/frameworks/input/twotables.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: mv input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv input3.log input.log # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff event.out diff --git a/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek b/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek index 3090cf10c9..e4e93f7164 100644 --- a/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek +++ b/testing/btest/scripts/base/frameworks/input/unsupported_types.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/input/windows.zeek b/testing/btest/scripts/base/frameworks/input/windows.zeek index 8addf0c6ad..2615acb197 100644 --- a/testing/btest/scripts/base/frameworks/input/windows.zeek +++ b/testing/btest/scripts/base/frameworks/input/windows.zeek @@ -1,6 +1,6 @@ # Test windows linebreaks -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek index 98fc45c29d..79dbc7e035 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek index ecec5a0831..0b0872c704 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek index a3a45cd1c0..a417f8a42c 100644 --- a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 21 # @TEST-EXEC: cat broproc/intel.log > output # @TEST-EXEC: cat broproc/.stdout >> output diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek index 81353ce7fc..4149c33277 100644 --- a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff broproc/intel.log diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek index bea8abfd88..a7a9bcc7af 100644 --- a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff broproc/intel.log diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek index 9c46dd7c93..41a018efa4 100644 --- a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek +++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: cat broproc/intel.log > output # @TEST-EXEC: cat broproc/.stdout >> output diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek index e637ebb3c5..0438fd4f4e 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-absolute-prefixes.zeek @@ -5,8 +5,8 @@ # /foo/bar/intel). # # @TEST-EXEC: mkdir -p intel -# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/intel|" >input.bro -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b input.bro >output +# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/intel|" >input.zeek +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b input.zeek >output # @TEST-EXEC: btest-diff output @TEST-START-FILE intel/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek index 1e7050aee9..d80d784044 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-intel-relative-prefixes.zeek @@ -3,7 +3,7 @@ # prepended first, then the input framework one. # # @TEST-EXEC: mkdir -p input/intel -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE input/intel/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek index 2e602752f1..b3bc9f052f 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/input-prefix.zeek @@ -4,7 +4,7 @@ # Input::REREAD ingestion mode.) # # @TEST-EXEC: mkdir -p alternative -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE alternative/test.data diff --git a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek index 7d02a0ac6a..298fcaee2c 100644 --- a/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek +++ b/testing/btest/scripts/base/frameworks/intel/path-prefix/no-paths.zeek @@ -1,7 +1,7 @@ # This test verifies that when setting neither InputAscii::path_prefix # nor Intel::path_prefix, Zeek correctly locates local intel files. # -# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix bro -b %INPUT >output +# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/intel/path-prefix zeek -b %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE test.data diff --git a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek index 0914ece60d..d8078db0cc 100644 --- a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log diff --git a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek index 16ec0df4a4..4e2ed8fcf5 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 13 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek index 7bc071c17a..960c55f3c2 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: cat broproc/reporter.log > output # @TEST-EXEC: cat broproc/.stdout >> output diff --git a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek index 5cace1741e..75a272773d 100644 --- a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: cp intel1.dat intel.dat -# @TEST-EXEC: btest-bg-run broproc bro %INPUT -# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got1 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got1 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp intel2.dat intel.dat -# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got2 5 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got2 5 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp intel3.dat intel.dat # @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/notice.log >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/notice.log >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel1.dat diff --git a/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek index d342186ca3..a5aed0c018 100644 --- a/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek +++ b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh-new-default.log # @TEST-EXEC: test '!' -e ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek index 1df620e19b..74d3ea9267 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek index 65bffda485..676f69600f 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek @@ -1,8 +1,8 @@ # @TEST-DOC: Test that the ASCII writer logs values of type "double" correctly. # -# @TEST-EXEC: bro -b %INPUT test-json.zeek +# @TEST-EXEC: zeek -b %INPUT test-json.zeek # @TEST-EXEC: mv test.log json.log -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log # @TEST-EXEC: btest-diff json.log # diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek index bb38f988ae..515bd9aab3 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log # @TEST-EXEC: btest-diff ssh-filtered.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek index d7e7739547..5535f83276 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff test.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek index 0145c52243..2c66593250 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log redef LogAscii::empty_field = "EMPTY"; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek index c42a92fdac..3c1cb2cd10 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek index 9df48edbb6..f64f00f857 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek @@ -1,4 +1,4 @@ # -# @TEST-EXEC: bro -C -r $TRACES/www-odd-url.trace +# @TEST-EXEC: zeek -C -r $TRACES/www-odd-url.trace # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek index 03139bf2b8..5170718d9e 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek index 9fa6555391..85c309ca98 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | egrep -v '#open|#close' >ssh.log.tmp && mv ssh.log.tmp ssh.log # @TEST-EXEC: btest-diff ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek index 3e73b56500..874715dce7 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek @@ -1,6 +1,6 @@ # Test that log rotation works with compressed logs. # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: gunzip test.*.log.gz # diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek index 74573fe3d4..c240df96e5 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: gunzip ssh.log.gz # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh-uncompressed.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek index bfe998a78e..6055989e70 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek index 364de2fe4c..ec86557c4a 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testing.log @load tuning/json-logs diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek index 8985715d1d..ab88225d97 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek index 33de6e720a..caaf123633 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek index b72f077c81..11a69a0086 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log redef LogAscii::output_to_stdout = F; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek index 2e786f4927..ab7269c16c 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.log module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek index c29b291003..67d407bb91 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log # @TEST-EXEC: btest-diff ssh-filtered.log diff --git a/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek index 7aece07642..203f5a5343 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek +++ b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/attr.zeek b/testing/btest/scripts/base/frameworks/logging/attr.zeek index 84287cc280..f0e65aa818 100644 --- a/testing/btest/scripts/base/frameworks/logging/attr.zeek +++ b/testing/btest/scripts/base/frameworks/logging/attr.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek index e3b2aa2b93..da6f9f0dd5 100644 --- a/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek +++ b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test '!' -e ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/empty-event.zeek b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek index e7928de5c7..404b35cec8 100644 --- a/testing/btest/scripts/base/frameworks/logging/empty-event.zeek +++ b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek index 95d02068d8..6da68c66fa 100644 --- a/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek +++ b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/env-ext.test b/testing/btest/scripts/base/frameworks/logging/env-ext.test index e9f690caa4..1d77cab0d0 100644 --- a/testing/btest/scripts/base/frameworks/logging/env-ext.test +++ b/testing/btest/scripts/base/frameworks/logging/env-ext.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: BRO_LOG_SUFFIX=txt bro -r $TRACES/wikipedia.trace +# @TEST-EXEC: BRO_LOG_SUFFIX=txt zeek -r $TRACES/wikipedia.trace # @TEST-EXEC: test -f conn.txt diff --git a/testing/btest/scripts/base/frameworks/logging/events.zeek b/testing/btest/scripts/base/frameworks/logging/events.zeek index d1cf0fba7e..321a702002 100644 --- a/testing/btest/scripts/base/frameworks/logging/events.zeek +++ b/testing/btest/scripts/base/frameworks/logging/events.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/exclude.zeek b/testing/btest/scripts/base/frameworks/logging/exclude.zeek index b776cf91a4..0f1e1b72d1 100644 --- a/testing/btest/scripts/base/frameworks/logging/exclude.zeek +++ b/testing/btest/scripts/base/frameworks/logging/exclude.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek index 1beaa72024..6e66d56bb5 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: grep qux manager-1/reporter.log | sed 's#line ..#line XX#g' > manager-reporter.log # @TEST-EXEC: grep qux manager-1/reporter-2.log | sed 's#line ..*#line XX#g' >> manager-reporter.log diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek index 39fe6c566a..14103cf816 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/http.log diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek index 7c1b448fee..5ac8e9220b 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek index b06cec2f54..87a2caecbc 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek index 9b37a893bf..50d6f90515 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek index 8a9f3ed5f2..ccf40899c8 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC-FAIL: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek index 609df1b467..a53c202387 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek index e480180a0d..54af73374e 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek index e51bcd6580..60ebb5a1a4 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/auth_change_session_keys.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/auth_change_session_keys.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # The other tests of Log::default_field_name_map used to not catch an invalid diff --git a/testing/btest/scripts/base/frameworks/logging/file.zeek b/testing/btest/scripts/base/frameworks/logging/file.zeek index 011c9bbe82..6aa07f1699 100644 --- a/testing/btest/scripts/base/frameworks/logging/file.zeek +++ b/testing/btest/scripts/base/frameworks/logging/file.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/include.zeek b/testing/btest/scripts/base/frameworks/logging/include.zeek index 7179c54338..31f905d172 100644 --- a/testing/btest/scripts/base/frameworks/logging/include.zeek +++ b/testing/btest/scripts/base/frameworks/logging/include.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/no-local.zeek b/testing/btest/scripts/base/frameworks/logging/no-local.zeek index 9418afea14..38e395afac 100644 --- a/testing/btest/scripts/base/frameworks/logging/no-local.zeek +++ b/testing/btest/scripts/base/frameworks/logging/no-local.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: test '!' -e ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/none-debug.zeek b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek index 9a9f73d8f9..43b1daa187 100644 --- a/testing/btest/scripts/base/frameworks/logging/none-debug.zeek +++ b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output redef Log::default_writer = Log::WRITER_NONE; diff --git a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek index ebb514042e..7b256da666 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek +++ b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff local.log # @TEST-EXEC: btest-diff remote.log # diff --git a/testing/btest/scripts/base/frameworks/logging/path-func.zeek b/testing/btest/scripts/base/frameworks/logging/path-func.zeek index fa52cccc48..80cb5e7918 100644 --- a/testing/btest/scripts/base/frameworks/logging/path-func.zeek +++ b/testing/btest/scripts/base/frameworks/logging/path-func.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: ( ls static-*; cat static-* ) >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/frameworks/logging/pred.zeek b/testing/btest/scripts/base/frameworks/logging/pred.zeek index c6f85183b4..aa89fdf504 100644 --- a/testing/btest/scripts/base/frameworks/logging/pred.zeek +++ b/testing/btest/scripts/base/frameworks/logging/pred.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff test.success.log # @TEST-EXEC: btest-diff test.failure.log diff --git a/testing/btest/scripts/base/frameworks/logging/remove.zeek b/testing/btest/scripts/base/frameworks/logging/remove.zeek index 2247648e7c..c4a626610e 100644 --- a/testing/btest/scripts/base/frameworks/logging/remove.zeek +++ b/testing/btest/scripts/base/frameworks/logging/remove.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -B logging %INPUT +# @TEST-EXEC: zeek -b -B logging %INPUT # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh.failure.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek index 89264fa6e5..4e6e38ebe9 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp # @TEST-EXEC: cat out.tmp pp.log | sort >out # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | $SCRIPTS/diff-remove-timestamps | uniq >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.zeek b/testing/btest/scripts/base/frameworks/logging/rotate.zeek index 2a988a88f0..a7ae0df75a 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1 +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1 # @TEST-EXEC: grep "test" bro.out | sort >out # @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek index 9d58ef11c2..03936bbe17 100644 --- a/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek +++ b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek index 3c72b7a833..a67b260241 100644 --- a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek +++ b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek @@ -1,7 +1,7 @@ # This tests the order in which the unrolling and field name # renaming occurs. -# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek index d453804858..ea52826a13 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek @@ -4,7 +4,7 @@ # @TEST-GROUP: sqlite # # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stderr # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek index 8612cd5765..17779a6312 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek @@ -6,7 +6,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: btest-diff ssh.select # diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek index 7f9ea2d870..e717954a61 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek @@ -4,7 +4,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from sshtwo' >> ssh.select # @TEST-EXEC: btest-diff ssh.select diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek index e878ec32d3..783fd2603b 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek @@ -3,7 +3,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select # @TEST-EXEC: btest-diff ssh.select # diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek index e45c42d7e2..8ffc867b92 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek @@ -3,7 +3,7 @@ # @TEST-REQUIRES: has-writer Bro::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE # @TEST-EXEC: sqlite3 conn.sqlite 'select * from conn order by ts' | sort -n > conn.select # @TEST-EXEC: sqlite3 http.sqlite 'select * from http order by ts' | sort -n > http.select # @TEST-EXEC: btest-diff conn.select diff --git a/testing/btest/scripts/base/frameworks/logging/stdout.zeek b/testing/btest/scripts/base/frameworks/logging/stdout.zeek index bce55fd0ca..39db1d1e51 100644 --- a/testing/btest/scripts/base/frameworks/logging/stdout.zeek +++ b/testing/btest/scripts/base/frameworks/logging/stdout.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: test '!' -e ssh.log diff --git a/testing/btest/scripts/base/frameworks/logging/test-logging.zeek b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek index f7d07e843a..3e0db68c79 100644 --- a/testing/btest/scripts/base/frameworks/logging/test-logging.zeek +++ b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/types.zeek b/testing/btest/scripts/base/frameworks/logging/types.zeek index 9d208335ad..fc10e88bcc 100644 --- a/testing/btest/scripts/base/frameworks/logging/types.zeek +++ b/testing/btest/scripts/base/frameworks/logging/types.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log # # Testing all possible types. diff --git a/testing/btest/scripts/base/frameworks/logging/unset-record.zeek b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek index 00f97ffc1a..529e474381 100644 --- a/testing/btest/scripts/base/frameworks/logging/unset-record.zeek +++ b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff testing.log redef enum Log::ID += { TESTING }; diff --git a/testing/btest/scripts/base/frameworks/logging/vec.zeek b/testing/btest/scripts/base/frameworks/logging/vec.zeek index 6809e132bc..5e73357947 100644 --- a/testing/btest/scripts/base/frameworks/logging/vec.zeek +++ b/testing/btest/scripts/base/frameworks/logging/vec.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff ssh.log module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek index 916e5a6775..60984f1fc7 100644 --- a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek +++ b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff reporter.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff http-2.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek index 5561b3b674..7addee4bf7 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek index 94fda84c64..5603219093 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek index 3f3ecb5e60..067193de8c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek @@ -2,12 +2,12 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat worker-1/.pid) 10 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek index 1efe420d73..b7510e4c2c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_shunt.log # @TEST-EXEC: btest-diff netcontrol_drop.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek index bf8957e4ff..c1d0f961a4 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff send/netcontrol.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek index dd5e71f1fe..ea99e13329 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol_catch_release.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek index 29c56c2535..30740dbf00 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_catch_release.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek index 29cb439a64..935142b33c 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # Verify the state of internal tables after rules have been deleted... diff --git a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek index c64bd9e16b..a5e03add55 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek index e7bb61cc04..09694cc1f8 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff out @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek index 02056a1e0a..e12599db83 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek index d56c8e2468..4fc05d4f45 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek index 36c06fcc3d..04cd1302b3 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek index 46a1193a21..ac8a3f5c0a 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek index 9356253c98..71ef2b3efe 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek b/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek index e308205ffc..bc7de9dd3a 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/timeout.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/notice/cluster.zeek b/testing/btest/scripts/base/frameworks/notice/cluster.zeek index cda5fc857e..dadf5409ab 100644 --- a/testing/btest/scripts/base/frameworks/notice/cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log diff --git a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test index d5d3f4c3fa..7daffc2ea0 100644 --- a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test +++ b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test @@ -1,10 +1,10 @@ # This test checks that the default notice policy ordering does not # change from run to run. -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.1 -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.2 -# @TEST-EXEC: bro -e '' +# @TEST-EXEC: zeek -e '' # @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.3 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.2 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.3 diff --git a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek index 0970ec0c76..373d773bd2 100644 --- a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek +++ b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/web.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/web.trace %INPUT # @TEST-EXEC: btest-diff alarm-mail.txt hook Notice::policy(n: Notice::Info) &priority=1 diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek index 73cd65cfe9..cf99a0dbd9 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek b/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek index 5eeab5bff2..a281fd1b7c 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression-disable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # The "Test_Notice" should be logged twice # @TEST-EXEC: test `grep Test_Notice notice.log | wc -l` -eq 2 diff --git a/testing/btest/scripts/base/frameworks/notice/suppression.zeek b/testing/btest/scripts/base/frameworks/notice/suppression.zeek index d91aa17a2e..f284bb4600 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff notice.log @load base/frameworks/notice diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index 3cce7bda1e..a74a7331b1 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" +# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" +# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff recv/recv.out diff --git a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek index 5aa615f691..3604c95eec 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff openflow.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek index c6a9e90cb4..5aa40ed181 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT" # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/openflow.log diff --git a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek index 9df9822450..8f1dc35fce 100644 --- a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test index a3e2a54c57..537b210128 100644 --- a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test +++ b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test @@ -1,2 +1,2 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/web.trace -f "bad filter" +# @TEST-EXEC-FAIL: zeek -r $TRACES/web.trace -f "bad filter" # @TEST-EXEC: test -s .stderr diff --git a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek index bf449e886d..2adf5e1d7f 100644 --- a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek index 6b878ceef5..5c3793b435 100644 --- a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek index fd43145826..ecf36ca8dc 100644 --- a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek +++ b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff output module Software; diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek index 726aa09416..c54aa1b128 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek index 1362c739cf..3b454ebaa4 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run standalone bro %INPUT +# @TEST-EXEC: btest-bg-run standalone zeek %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff standalone/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek index 04cdcca725..98240f3e10 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek index 4482b43524..7bbe1860a9 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT # @TEST-EXEC: btest-bg-wait 25 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek index 3ab0492f29..6218d85573 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek index 99658ad7d0..4faedd9bac 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout redef exit_only_after_terminate=T; diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek index 44dcd3abd4..a254c86ec0 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek index 30e80b1b49..7d63c2e946 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() &priority=5 diff --git a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek index f751a85e98..93ae99e0ef 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT | sort >output +# @TEST-EXEC: zeek %INPUT | sort >output # @TEST-EXEC: btest-diff output redef enum Notice::Type += { diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek index e32e417cc5..c5eaca9917 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff manager-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek index 0b7ae1ea2f..a30d3ce4c8 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() &priority=5 diff --git a/testing/btest/scripts/base/misc/find-filtered-trace.test b/testing/btest/scripts/base/misc/find-filtered-trace.test index e6c61c2bd2..a63e0c7a2b 100644 --- a/testing/btest/scripts/base/misc/find-filtered-trace.test +++ b/testing/btest/scripts/base/misc/find-filtered-trace.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/bro.org-filtered.pcap >out1 2>&1 -# @TEST-EXEC: bro -r $TRACES/http/bro.org-filtered.pcap "FilteredTraceDetection::enable=F" >out2 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap >out1 2>&1 +# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap "FilteredTraceDetection::enable=F" >out2 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/misc/version.zeek b/testing/btest/scripts/base/misc/version.zeek index bceade0abb..da911425e6 100644 --- a/testing/btest/scripts/base/misc/version.zeek +++ b/testing/btest/scripts/base/misc/version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath" btest-diff .stderr diff --git a/testing/btest/scripts/base/protocols/arp/bad.test b/testing/btest/scripts/base/protocols/arp/bad.test index efe9b1d15a..fb3444f105 100644 --- a/testing/btest/scripts/base/protocols/arp/bad.test +++ b/testing/btest/scripts/base/protocols/arp/bad.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-leak.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-leak.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/basic.test b/testing/btest/scripts/base/protocols/arp/basic.test index 9ef1404567..c8dbc58cff 100644 --- a/testing/btest/scripts/base/protocols/arp/basic.test +++ b/testing/btest/scripts/base/protocols/arp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/radiotap.test b/testing/btest/scripts/base/protocols/arp/radiotap.test index 95ce471532..59f69aca13 100644 --- a/testing/btest/scripts/base/protocols/arp/radiotap.test +++ b/testing/btest/scripts/base/protocols/arp/radiotap.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has-radiotap.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has-radiotap.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/wlanmon.test b/testing/btest/scripts/base/protocols/arp/wlanmon.test index 7f909eac4f..6516d424e9 100644 --- a/testing/btest/scripts/base/protocols/arp/wlanmon.test +++ b/testing/btest/scripts/base/protocols/arp/wlanmon.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/arp-who-has-wlanmon.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/arp-who-has-wlanmon.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test index b53081826c..5bd0044dbc 100644 --- a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test +++ b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" +# @TEST-EXEC: zeek -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat diff --git a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek index 42919f6f13..6278078d49 100644 --- a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek +++ b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event new_connection_contents(c: connection) diff --git a/testing/btest/scripts/base/protocols/conn/polling.test b/testing/btest/scripts/base/protocols/conn/polling.test index f855326e77..4b009bacaa 100644 --- a/testing/btest/scripts/base/protocols/conn/polling.test +++ b/testing/btest/scripts/base/protocols/conn/polling.test @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT >out1 +# @TEST-EXEC: zeek -b -r $TRACES/http/100-continue.trace %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2 +# @TEST-EXEC: zeek -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2 # @TEST-EXEC: btest-diff out2 @load base/protocols/conn diff --git a/testing/btest/scripts/base/protocols/conn/threshold.zeek b/testing/btest/scripts/base/protocols/conn/threshold.zeek index 13daa8fff0..4ab01b4dbf 100644 --- a/testing/btest/scripts/base/protocols/conn/threshold.zeek +++ b/testing/btest/scripts/base/protocols/conn/threshold.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_established(c: connection) diff --git a/testing/btest/scripts/base/protocols/dce-rpc/context.zeek b/testing/btest/scripts/base/protocols/dce-rpc/context.zeek index cb0d93383b..f49649848b 100644 --- a/testing/btest/scripts/base/protocols/dce-rpc/context.zeek +++ b/testing/btest/scripts/base/protocols/dce-rpc/context.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT >out +# @TEST-EXEC: zeek -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff dce_rpc.log diff --git a/testing/btest/scripts/base/protocols/dce-rpc/mapi.test b/testing/btest/scripts/base/protocols/dce-rpc/mapi.test index 97431bb005..ba29d31540 100644 --- a/testing/btest/scripts/base/protocols/dce-rpc/mapi.test +++ b/testing/btest/scripts/base/protocols/dce-rpc/mapi.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/dce-rpc/mapi.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/mapi.pcap %INPUT # @TEST-EXEC: btest-diff dce_rpc.log # @TEST-EXEC: btest-diff ntlm.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest index 8f192b7aa4..8f32736572 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest index 752ab91780..0c902911a2 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest index 1952682e61..1833bd70ab 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest @@ -2,5 +2,5 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest index 3bd37a996b..f5fc6be660 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/inform.test b/testing/btest/scripts/base/protocols/dhcp/inform.test index 652fd1ae45..7a6fa78eaa 100644 --- a/testing/btest/scripts/base/protocols/dhcp/inform.test +++ b/testing/btest/scripts/base/protocols/dhcp/inform.test @@ -1,5 +1,5 @@ # DHCPINFORM leases are special-cased in the code. # This tests that those leases are correctly logged. -# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_inform.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_inform.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek index e551bbf7d6..dd2fe42007 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek index 489be56505..3fd98f90a9 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek index 9155ea0174..9fa7cff416 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek index 87140ec1fe..279ce73fc5 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek index 8ca9e3107d..a7bf5a6c51 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek index 868ce39cc0..c55ad9eaf5 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek index 340e2b3132..c474cc5594 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek index f88c262d54..7f0e2437af 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek index 9119c33a97..44fcd570c1 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek index 07479c92a2..2efaa4f5d7 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek index cf64179dfe..9f817b5bc1 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek index c6deb5eb69..8c1aa79dba 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek index f88e04f37a..60eeb30480 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek index 86b99a11c7..cb0e0560d3 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/events.zeek b/testing/btest/scripts/base/protocols/dnp3/events.zeek index c5a853be61..ec871b0932 100644 --- a/testing/btest/scripts/base/protocols/dnp3/events.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dns/caa.zeek b/testing/btest/scripts/base/protocols/dns/caa.zeek index 9a0f4701de..4c3b5af22d 100644 --- a/testing/btest/scripts/base/protocols/dns/caa.zeek +++ b/testing/btest/scripts/base/protocols/dns/caa.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-caa.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-caa.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event dns_CAA_reply(c: connection, msg: dns_msg, ans: dns_answer, flags: count, tag: string, value: string) diff --git a/testing/btest/scripts/base/protocols/dns/dns-key.zeek b/testing/btest/scripts/base/protocols/dns/dns-key.zeek index 4880ad3530..7ab37cb015 100644 --- a/testing/btest/scripts/base/protocols/dns/dns-key.zeek +++ b/testing/btest/scripts/base/protocols/dns/dns-key.zeek @@ -1,4 +1,4 @@ # Making sure DNSKEY gets logged as such. # -# @TEST-EXEC: bro -r $TRACES/dnssec/dnskey2.pcap +# @TEST-EXEC: zeek -r $TRACES/dnssec/dnskey2.pcap # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/dnskey.zeek b/testing/btest/scripts/base/protocols/dns/dnskey.zeek index 9297dc696a..b790b832cf 100644 --- a/testing/btest/scripts/base/protocols/dns/dnskey.zeek +++ b/testing/btest/scripts/base/protocols/dns/dnskey.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/ds.zeek b/testing/btest/scripts/base/protocols/dns/ds.zeek index ecb90514cd..4c1a75562f 100644 --- a/testing/btest/scripts/base/protocols/dns/ds.zeek +++ b/testing/btest/scripts/base/protocols/dns/ds.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/ds.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/ds.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek index e13b3b4807..91f37fa723 100644 --- a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek +++ b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace +# @TEST-EXEC: zeek -r $TRACES/dns-two-responses.trace # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/flip.zeek b/testing/btest/scripts/base/protocols/dns/flip.zeek index 66987ee27d..92058c6c49 100644 --- a/testing/btest/scripts/base/protocols/dns/flip.zeek +++ b/testing/btest/scripts/base/protocols/dns/flip.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/dns53.pcap +# @TEST-EXEC: zeek -r $TRACES/dns53.pcap # @TEST-EXEC: btest-diff dns.log # If the DNS reply is seen first, should be able to correctly set orig/resp. diff --git a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek index ee6a76e978..90ed2275b0 100644 --- a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek +++ b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-huge-ttl.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-huge-ttl.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) diff --git a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek index 4a15792702..55ea225106 100644 --- a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek +++ b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-txt-multiple.trace +# @TEST-EXEC: zeek -r $TRACES/dns-txt-multiple.trace # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/nsec.zeek b/testing/btest/scripts/base/protocols/dns/nsec.zeek index 8d9b1c91a7..006e24057b 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/nsec3.zeek b/testing/btest/scripts/base/protocols/dns/nsec3.zeek index 0710be8fea..ce77ae857d 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec3.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/rrsig.zeek b/testing/btest/scripts/base/protocols/dns/rrsig.zeek index 32b958a789..68f6a46e0a 100644 --- a/testing/btest/scripts/base/protocols/dns/rrsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/rrsig.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output +# @TEST-EXEC: zeek -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/tsig.zeek b/testing/btest/scripts/base/protocols/dns/tsig.zeek index 79de4cf9f1..7df31eb9c4 100644 --- a/testing/btest/scripts/base/protocols/dns/tsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/tsig.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-tsig.trace %INPUT >out +# @TEST-EXEC: zeek -r $TRACES/dns-tsig.trace %INPUT >out # @TEST-EXEC: btest-diff out redef dns_skip_all_addl = F; diff --git a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek index 54f7d7b7d3..aff38b4402 100644 --- a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek +++ b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: bro -r $TRACES/dns-zero-RRs.trace +# @TEST-EXEC: zeek -r $TRACES/dns-zero-RRs.trace # @TEST-EXEC: btest-diff dns.log \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek index c3c5de778a..79b41fa28d 100644 --- a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek +++ b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log # @TEST-EXEC: btest-diff output.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek index 4791d31460..42e90301b4 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek @@ -1,5 +1,5 @@ # This tests extracting the server reported file size # from FTP sessions. # -# @TEST-EXEC: bro -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap +# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek index cb58d4af8a..f12ef0d109 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv4. # -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek index 87dfa7e052..bb8bf9ca1b 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv6. # -# @TEST-EXEC: bro -r $TRACES/ftp/ipv6.trace +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/gridftp.test b/testing/btest/scripts/base/protocols/ftp/gridftp.test index 18b3bd956b..3981adc5ae 100644 --- a/testing/btest/scripts/base/protocols/ftp/gridftp.test +++ b/testing/btest/scripts/base/protocols/ftp/gridftp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/globus-url-copy.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/globus-url-copy.trace %INPUT # @TEST-EXEC: btest-diff notice.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/http/100-continue.zeek b/testing/btest/scripts/base/protocols/http/100-continue.zeek index ed9e4970fe..110c6c2f4c 100644 --- a/testing/btest/scripts/base/protocols/http/100-continue.zeek +++ b/testing/btest/scripts/base/protocols/http/100-continue.zeek @@ -3,7 +3,7 @@ # a given request. The http scripts should also be able log such replies # in a way that correlates the final response with the request. # -# @TEST-EXEC: bro -r $TRACES/http/100-continue.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/100-continue.trace %INPUT # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek index b6aabb0de5..e8ec4ff491 100644 --- a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek +++ b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek @@ -1,7 +1,7 @@ # This tests that the HTTP analyzer does not generate a dpd error as a # result of seeing an upgraded connection. # -# @TEST-EXEC: bro -r $TRACES/http/websocket.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/websocket.pcap %INPUT # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek index 74ce213505..f499543327 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-gap-skip.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap-skip.trace %INPUT # In this trace, we should be able to determine that a gap lies # entirely within the body of an entity that specifies Content-Range, diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek index a62e8aa362..d992ef4d38 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-gap.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap.trace %INPUT # @TEST-EXEC: btest-diff extract_files/thefile event file_new(f: fa_file) diff --git a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek index c95816b29f..e10e504635 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/http/content-range-less-than-len.pcap +# @TEST-EXEC: zeek -r $TRACES/http/content-range-less-than-len.pcap # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/entity-gap.zeek b/testing/btest/scripts/base/protocols/http/entity-gap.zeek index 95d3e52759..6f82801d2d 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/entity_gap.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/entity_gap.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 diff --git a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek index c9ade93b72..e8703efc85 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/entity_gap2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/entity_gap2.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 diff --git a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek index 5993b18ed1..30bb628958 100644 --- a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek +++ b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/fake-content-length.pcap +# @TEST-EXEC: zeek -r $TRACES/http/fake-content-length.pcap # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek index f95196e8bd..dbd4747598 100644 --- a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek +++ b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek index 84172878f6..6c2cbcc815 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek @@ -1,7 +1,7 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly # when the server include a header line into its response. # -# @TEST-EXEC: bro -C -r $TRACES/http/connect-with-header.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/http/connect-with-header.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/http/http-connect.zeek b/testing/btest/scripts/base/protocols/http/http-connect.zeek index df6f3268b4..39cf3f3271 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly. # -# @TEST-EXEC: bro -r $TRACES/http/connect-with-smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/connect-with-smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff smtp.log diff --git a/testing/btest/scripts/base/protocols/http/http-filename.zeek b/testing/btest/scripts/base/protocols/http/http-filename.zeek index b20bbddafe..b3528191c0 100644 --- a/testing/btest/scripts/base/protocols/http/http-filename.zeek +++ b/testing/btest/scripts/base/protocols/http/http-filename.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles filenames over HTTP correctly. # -# @TEST-EXEC: bro -r $TRACES/http/http-filename.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/http-filename.pcap %INPUT # @TEST-EXEC: btest-diff http.log # The base analysis scripts are loaded by default. diff --git a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek index c9ba7afba3..60d5095d97 100644 --- a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek +++ b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek @@ -2,7 +2,7 @@ # it gets confused whether it's in a header or not; it shouldn't report # the http_no_crlf_in_header_list wierd. # -# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace %INPUT # @TEST-EXEC: test ! -f weird.log # The base analysis scripts are loaded by default. diff --git a/testing/btest/scripts/base/protocols/http/http-methods.zeek b/testing/btest/scripts/base/protocols/http/http-methods.zeek index 5ab89bbe4d..810868184f 100644 --- a/testing/btest/scripts/base/protocols/http/http-methods.zeek +++ b/testing/btest/scripts/base/protocols/http/http-methods.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles strange HTTP methods properly. # -# @TEST-EXEC: bro -r $TRACES/http/methods.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/methods.trace %INPUT # @TEST-EXEC: btest-diff weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek index afb1a7f33e..d1451276fe 100644 --- a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek +++ b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output +# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace %INPUT > output # @TEST-EXEC: btest-diff http.log # mime type is irrelevant to this test, so filter it out diff --git a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek index 25923f70da..9c993c7e7f 100644 --- a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek +++ b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek @@ -2,5 +2,5 @@ # include an appropriate ZLIB header on deflated # content. # -# @TEST-EXEC: bro -r $TRACES/http/missing-zlib-header.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/missing-zlib-header.pcap %INPUT # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek index a919a844b2..93f12e13d7 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: cat extract_files/http-item-* | sort > extractions diff --git a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek index 7c0690babd..21980ae7e0 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace # @TEST-EXEC: btest-diff http.log -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT >out-limited +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT >out-limited # @TEST-EXEC: mv http.log http-limited.log # @TEST-EXEC: btest-diff http-limited.log # @TEST-EXEC: btest-diff out-limited -# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT ignore_http_file_limit=T >out-limit-ignored +# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT ignore_http_file_limit=T >out-limit-ignored # @TEST-EXEC: mv http.log http-limit-ignored.log # @TEST-EXEC: btest-diff http-limit-ignored.log # @TEST-EXEC: btest-diff out-limit-ignored diff --git a/testing/btest/scripts/base/protocols/http/no-uri.zeek b/testing/btest/scripts/base/protocols/http/no-uri.zeek index 9793b93c58..dc0a3f313d 100644 --- a/testing/btest/scripts/base/protocols/http/no-uri.zeek +++ b/testing/btest/scripts/base/protocols/http/no-uri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/no-uri.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/no-uri.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/no-version.zeek b/testing/btest/scripts/base/protocols/http/no-version.zeek index 3e861534bd..d926cb565e 100644 --- a/testing/btest/scripts/base/protocols/http/no-version.zeek +++ b/testing/btest/scripts/base/protocols/http/no-version.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/no-version.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/no-version.pcap %INPUT # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek index a41dbab294..9bfd21d46f 100644 --- a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek +++ b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/http/percent-end-of-line.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/http/percent-end-of-line.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/http/x-gzip.zeek b/testing/btest/scripts/base/protocols/http/x-gzip.zeek index a73fc5f71f..75cd505490 100644 --- a/testing/btest/scripts/base/protocols/http/x-gzip.zeek +++ b/testing/btest/scripts/base/protocols/http/x-gzip.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/x-gzip.pcap +# @TEST-EXEC: zeek -r $TRACES/http/x-gzip.pcap # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek index ccf397617e..1e7ba1f5eb 100644 --- a/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek +++ b/testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.zeek @@ -3,7 +3,7 @@ # files when there isn't actually any body there and shouldn't # create a file. # -# @TEST-EXEC: bro -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT # There shouldn't be a files log (no files!) # @TEST-EXEC: test ! -f files.log diff --git a/testing/btest/scripts/base/protocols/imap/capabilities.test b/testing/btest/scripts/base/protocols/imap/capabilities.test index 06bdb56b7d..81fb802275 100644 --- a/testing/btest/scripts/base/protocols/imap/capabilities.test +++ b/testing/btest/scripts/base/protocols/imap/capabilities.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/imap/starttls.test b/testing/btest/scripts/base/protocols/imap/starttls.test index 444c27688a..2d20622b15 100644 --- a/testing/btest/scripts/base/protocols/imap/starttls.test +++ b/testing/btest/scripts/base/protocols/imap/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/imap-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/irc/basic.test b/testing/btest/scripts/base/protocols/irc/basic.test index d4fb893e2c..bf3141896b 100644 --- a/testing/btest/scripts/base/protocols/irc/basic.test +++ b/testing/btest/scripts/base/protocols/irc/basic.test @@ -1,7 +1,7 @@ # This tests that basic IRC commands (NICK, USER, JOIN, DCC SEND) # are logged for a client. -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff irc.log # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/scripts/base/protocols/irc/events.test b/testing/btest/scripts/base/protocols/irc/events.test index c5220b247b..3e187d9da9 100644 --- a/testing/btest/scripts/base/protocols/irc/events.test +++ b/testing/btest/scripts/base/protocols/irc/events.test @@ -1,8 +1,8 @@ # Test IRC events -# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT -# @TEST-EXEC: bro -r $TRACES/irc-basic.trace %INPUT -# @TEST-EXEC: bro -r $TRACES/irc-whitespace.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-basic.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/irc-whitespace.trace %INPUT # @TEST-EXEC: btest-diff .stdout event irc_privmsg_message(c: connection, is_orig: bool, source: string, target: string, message: string) diff --git a/testing/btest/scripts/base/protocols/irc/longline.test b/testing/btest/scripts/base/protocols/irc/longline.test index 0573494844..fec493d086 100644 --- a/testing/btest/scripts/base/protocols/irc/longline.test +++ b/testing/btest/scripts/base/protocols/irc/longline.test @@ -1,6 +1,6 @@ # This tests that an excessively long line is truncated by the contentline # analyzer -# @TEST-EXEC: bro -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/scripts/base/protocols/irc/names-weird.zeek b/testing/btest/scripts/base/protocols/irc/names-weird.zeek index 33124416f6..2d0ff001b2 100644 --- a/testing/btest/scripts/base/protocols/irc/names-weird.zeek +++ b/testing/btest/scripts/base/protocols/irc/names-weird.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/irc-353.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/irc-353.pcap %INPUT # @TEST-EXEC: btest-diff weird.log event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) diff --git a/testing/btest/scripts/base/protocols/irc/starttls.test b/testing/btest/scripts/base/protocols/irc/starttls.test index c110a77c39..9a0ec689ad 100644 --- a/testing/btest/scripts/base/protocols/irc/starttls.test +++ b/testing/btest/scripts/base/protocols/irc/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/krb/kinit.test b/testing/btest/scripts/base/protocols/krb/kinit.test index d9e4097361..16c8773a5b 100644 --- a/testing/btest/scripts/base/protocols/krb/kinit.test +++ b/testing/btest/scripts/base/protocols/krb/kinit.test @@ -1,6 +1,6 @@ # This test exercises many of the Linux kinit options against a KDC -# @TEST-EXEC: bro -b -r $TRACES/krb/kinit.trace %INPUT > output +# @TEST-EXEC: zeek -b -r $TRACES/krb/kinit.trace %INPUT > output # @TEST-EXEC: btest-diff kerberos.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb.test b/testing/btest/scripts/base/protocols/krb/smb2_krb.test index 32c2a6e58d..38b6f592f4 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test @@ -5,7 +5,7 @@ # @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab -# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT # @TEST-EXEC: btest-diff .stdout redef KRB::keytab = "smb2_krb.keytab"; diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test index d08543a0fb..e54b0d4ece 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test @@ -4,7 +4,7 @@ # @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab -# @TEST-EXEC: bro -C -r $TRACES/krb/smb2_krb.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/krb/smb2_krb.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test index 95e5660812..b8ad67945c 100644 --- a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test +++ b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test @@ -3,7 +3,7 @@ # SMB authentication event and therfore relies on the SMB # analyzer as well. -# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log # @TEST-EXEC: btest-diff-rst scripts.base.protocols.krb diff --git a/testing/btest/scripts/base/protocols/krb/tgs.test b/testing/btest/scripts/base/protocols/krb/tgs.test index bbf99762f6..8041a12804 100644 --- a/testing/btest/scripts/base/protocols/krb/tgs.test +++ b/testing/btest/scripts/base/protocols/krb/tgs.test @@ -1,6 +1,6 @@ # This test exercises a Kerberos authentication to a Kerberized SSH server -# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/krb/auth.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log @load base/protocols/krb diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek index acbf9aef8c..1cecf4c541 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek index 84ee314907..0e21021d6e 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/events.zeek b/testing/btest/scripts/base/protocols/modbus/events.zeek index 55a3f3cb04..4b55828565 100644 --- a/testing/btest/scripts/base/protocols/modbus/events.zeek +++ b/testing/btest/scripts/base/protocols/modbus/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/modbus/exception_handling.test b/testing/btest/scripts/base/protocols/modbus/exception_handling.test index 8a4fadcbeb..cb62bd7a3b 100644 --- a/testing/btest/scripts/base/protocols/modbus/exception_handling.test +++ b/testing/btest/scripts/base/protocols/modbus/exception_handling.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-72.trace +# @TEST-EXEC: zeek -r $TRACES/modbus/fuzz-72.trace # @TEST-EXEC: btest-diff modbus.log # The pcap has a flow with some fuzzed modbus traffic in it that should cause diff --git a/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek b/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek index 17371f3788..0659614bd8 100644 --- a/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek +++ b/testing/btest/scripts/base/protocols/modbus/length_mismatch.zeek @@ -11,4 +11,4 @@ # as that can cause reading from a location that exceeds the end of the # data buffer. -# @TEST-EXEC: bro -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap +# @TEST-EXEC: zeek -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap diff --git a/testing/btest/scripts/base/protocols/modbus/policy.zeek b/testing/btest/scripts/base/protocols/modbus/policy.zeek index 5dab1d09f8..ae4923ee77 100644 --- a/testing/btest/scripts/base/protocols/modbus/policy.zeek +++ b/testing/btest/scripts/base/protocols/modbus/policy.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/modbus/modbus.trace %INPUT # @TEST-EXEC: btest-diff modbus.log # @TEST-EXEC: btest-diff modbus_register_change.log # @TEST-EXEC: btest-diff known_modbus.log diff --git a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek index 1641860228..1fc482ee95 100644 --- a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek +++ b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-1011.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/modbus/fuzz-1011.trace %INPUT >output # @TEST-EXEC: btest-diff modbus.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/mount/basic.test b/testing/btest/scripts/base/protocols/mount/basic.test index bd6fd5d5db..65a1adffd4 100644 --- a/testing/btest/scripts/base/protocols/mount/basic.test +++ b/testing/btest/scripts/base/protocols/mount/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/mount/mount_base.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mount/mount_base.pcap %INPUT # @TEST-EXEC: btest-diff .stdout global mount_ports: set[port] = { 635/tcp, 635/udp, 20048/tcp, 20048/udp } &redef; diff --git a/testing/btest/scripts/base/protocols/mysql/auth.test b/testing/btest/scripts/base/protocols/mysql/auth.test index 6c764e496f..78c1ca0f19 100644 --- a/testing/btest/scripts/base/protocols/mysql/auth.test +++ b/testing/btest/scripts/base/protocols/mysql/auth.test @@ -1,6 +1,6 @@ # This tests that successful/unsuccesful auth attempts get logged correctly -# @TEST-EXEC: bro -b -r $TRACES/mysql/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mysql/auth.trace %INPUT # @TEST-EXEC: btest-diff mysql.log @load base/protocols/mysql \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/mysql/encrypted.test b/testing/btest/scripts/base/protocols/mysql/encrypted.test index e41c93186f..0f806e4e25 100644 --- a/testing/btest/scripts/base/protocols/mysql/encrypted.test +++ b/testing/btest/scripts/base/protocols/mysql/encrypted.test @@ -2,7 +2,7 @@ # can't parse much of value. We're testing for an empty mysql.log file. # @TEST-EXEC: touch mysql.log -# @TEST-EXEC: bro -b -r $TRACES/mysql/encrypted.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/mysql/encrypted.trace %INPUT # @TEST-EXEC: btest-diff mysql.log @load base/protocols/mysql \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/mysql/wireshark.test b/testing/btest/scripts/base/protocols/mysql/wireshark.test index 55fe5be16c..64c8eb7ffa 100644 --- a/testing/btest/scripts/base/protocols/mysql/wireshark.test +++ b/testing/btest/scripts/base/protocols/mysql/wireshark.test @@ -1,6 +1,6 @@ # This tests a PCAP with a few MySQL commands from the Wireshark samples. -# @TEST-EXEC: bro -b -r $TRACES/mysql/mysql.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/mysql/mysql.trace %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff mysql.log diff --git a/testing/btest/scripts/base/protocols/ncp/event.zeek b/testing/btest/scripts/base/protocols/ncp/event.zeek index 2333544b05..58ac47c8e8 100644 --- a/testing/btest/scripts/base/protocols/ncp/event.zeek +++ b/testing/btest/scripts/base/protocols/ncp/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT >out +# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek index cc4a5799f2..c18f322892 100644 --- a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek +++ b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out +# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/nfs/basic.test b/testing/btest/scripts/base/protocols/nfs/basic.test index 9b7ae91910..e4dab09ed6 100755 --- a/testing/btest/scripts/base/protocols/nfs/basic.test +++ b/testing/btest/scripts/base/protocols/nfs/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/nfs/nfs_base.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/nfs/nfs_base.pcap %INPUT # @TEST-EXEC: btest-diff .stdout global nfs_ports: set[port] = { 2049/tcp, 2049/udp } &redef; diff --git a/testing/btest/scripts/base/protocols/pop3/starttls.zeek b/testing/btest/scripts/base/protocols/pop3/starttls.zeek index d2bfee6449..cf5371d284 100644 --- a/testing/btest/scripts/base/protocols/pop3/starttls.zeek +++ b/testing/btest/scripts/base/protocols/pop3/starttls.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/radius/auth.test b/testing/btest/scripts/base/protocols/radius/auth.test index 9ec63dec0a..bcddeffd57 100644 --- a/testing/btest/scripts/base/protocols/radius/auth.test +++ b/testing/btest/scripts/base/protocols/radius/auth.test @@ -1,6 +1,6 @@ # This tests that a RADIUS authentication gets logged correctly -# @TEST-EXEC: bro -b -r $TRACES/radius/radius.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/radius/radius.trace %INPUT # @TEST-EXEC: btest-diff radius.log @load base/protocols/radius \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test b/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test index 473e492355..6456e58fe2 100644 --- a/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test +++ b/testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test @@ -1,6 +1,6 @@ # Test a more complicated radius session with multiple attempts -# @TEST-EXEC: bro -b -C -r $TRACES/radius/radius_localhost.pcapng %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/radius/radius_localhost.pcapng %INPUT # @TEST-EXEC: btest-diff radius.log @load base/protocols/radius diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek index 99305087ba..7558506c8f 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log @load base/protocols/rdp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek index 1be2bd7e8e..47f154eef3 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek index 2fed0d7d19..56747a915b 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/rdp/rdp-x509.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-x509.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-remove-x509-key-info" btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test index e4510f35fb..2fc8129c67 100644 --- a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test +++ b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/rfb/vncmac.pcap +# @TEST-EXEC: zeek -C -r $TRACES/rfb/vncmac.pcap # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test index c9dd37f1c1..027a70e955 100644 --- a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test +++ b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/rfb/vnc-mac-to-linux.pcap +# @TEST-EXEC: zeek -C -r $TRACES/rfb/vnc-mac-to-linux.pcap # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/sip/wireshark.test b/testing/btest/scripts/base/protocols/sip/wireshark.test index 8c4611c880..12ebe6b664 100644 --- a/testing/btest/scripts/base/protocols/sip/wireshark.test +++ b/testing/btest/scripts/base/protocols/sip/wireshark.test @@ -1,6 +1,6 @@ # This tests a PCAP with a few SIP commands from the Wireshark samples. -# @TEST-EXEC: bro -b -r $TRACES/sip/wireshark.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/sip/wireshark.trace %INPUT # @TEST-EXEC: btest-diff sip.log @load base/protocols/sip \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test index d65ee81c41..330e95eace 100644 --- a/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test +++ b/testing/btest/scripts/base/protocols/smb/disabled-dce-rpc.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT # @TEST-EXEC: [ ! -f dce_rpc.log ] @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/raw-ntlm.test b/testing/btest/scripts/base/protocols/smb/raw-ntlm.test index 9cf9aa35c4..4518368972 100644 --- a/testing/btest/scripts/base/protocols/smb/raw-ntlm.test +++ b/testing/btest/scripts/base/protocols/smb/raw-ntlm.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/raw_ntlm_in_smb.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/raw_ntlm_in_smb.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/ntlm diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test index 52f05c57b4..8a6a775005 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-dcerpc.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT # @TEST-EXEC: btest-diff dce_rpc.log @load base/protocols/dce-rpc diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test index 1573eb93b8..d6b5d0766d 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test index 6e826445e9..5016c828b5 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-response.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_response.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_response.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test index e186ee7b22..797fe01b6d 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction-secondary-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction_secondary_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction_secondary_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test index d216d41c32..40fe08a2a4 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction2_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction2_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test index e8c462dd0d..1e7ba8665f 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test +++ b/testing/btest/scripts/base/protocols/smb/smb1-transaction2-secondary-request.test @@ -1,4 +1,4 @@ -#@TEST-EXEC: bro -b -C -r $TRACES/smb/smb1_transaction2_secondary_request.pcap %INPUT +#@TEST-EXEC: zeek -b -C -r $TRACES/smb/smb1_transaction2_secondary_request.pcap %INPUT #@TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb1.test b/testing/btest/scripts/base/protocols/smb/smb1.test index 61727754dc..89ac10eecb 100644 --- a/testing/btest/scripts/base/protocols/smb/smb1.test +++ b/testing/btest/scripts/base/protocols/smb/smb1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/smb/smb1.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smb/smb1.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek index 0d59e7a495..ed18bb0715 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek +++ b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log # @TEST-EXEC: btest-diff files.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test index f926628f03..c737b43991 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test +++ b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smb/smb2.test b/testing/btest/scripts/base/protocols/smb/smb2.test index c4c6e78224..f69972f8ba 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2.test +++ b/testing/btest/scripts/base/protocols/smb/smb2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smb/smb2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smb/smb2.pcap %INPUT # @TEST-EXEC: btest-diff smb_files.log # @TEST-EXEC: btest-diff smb_mapping.log # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/protocols/smb/smb3.test b/testing/btest/scripts/base/protocols/smb/smb3.test index f762ea10f3..aeab67d27c 100644 --- a/testing/btest/scripts/base/protocols/smb/smb3.test +++ b/testing/btest/scripts/base/protocols/smb/smb3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smb/smb3.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smb/smb3.pcap %INPUT # @TEST-EXEC: btest-diff smb_mapping.log # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log diff --git a/testing/btest/scripts/base/protocols/smb/smb311.test b/testing/btest/scripts/base/protocols/smb/smb311.test index 22f232c14a..c988355742 100644 --- a/testing/btest/scripts/base/protocols/smb/smb311.test +++ b/testing/btest/scripts/base/protocols/smb/smb311.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -C -r $TRACES/smb/smb311.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/smb311.pcap %INPUT # @TEST-EXEC: test ! -f dpd.log # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/smtp/attachment.test b/testing/btest/scripts/base/protocols/smtp/attachment.test index 49602f00c1..ddbdae0d64 100644 --- a/testing/btest/scripts/base/protocols/smtp/attachment.test +++ b/testing/btest/scripts/base/protocols/smtp/attachment.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff smtp.log # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/protocols/smtp/basic.test b/testing/btest/scripts/base/protocols/smtp/basic.test index 6be512a255..41a9290f13 100644 --- a/testing/btest/scripts/base/protocols/smtp/basic.test +++ b/testing/btest/scripts/base/protocols/smtp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/one-side.test b/testing/btest/scripts/base/protocols/smtp/one-side.test index cffbe1d173..9c9e036a8c 100644 --- a/testing/btest/scripts/base/protocols/smtp/one-side.test +++ b/testing/btest/scripts/base/protocols/smtp/one-side.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smtp-one-side-only.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smtp-one-side-only.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/starttls.test b/testing/btest/scripts/base/protocols/smtp/starttls.test index e3a114f572..865497f022 100644 --- a/testing/btest/scripts/base/protocols/smtp/starttls.test +++ b/testing/btest/scripts/base/protocols/smtp/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/smtp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/smtp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff smtp.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek index 5c21cf7be3..16203c597e 100644 --- a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek +++ b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/snmp diff --git a/testing/btest/scripts/base/protocols/snmp/v1.zeek b/testing/btest/scripts/base/protocols/snmp/v1.zeek index 09f86a28e4..6513d94177 100644 --- a/testing/btest/scripts/base/protocols/snmp/v1.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v1.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.zeek >out4 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_get_short.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_set.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv1_trap.pcap %INPUT $SCRIPTS/snmp-test.zeek >out4 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v2.zeek b/testing/btest/scripts/base/protocols/snmp/v2.zeek index 58491d33b2..015d6446da 100644 --- a/testing/btest/scripts/base/protocols/snmp/v2.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v2.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get_bulk.pcap %INPUT $SCRIPTS/snmp-test.zeek >out2 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv2_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out3 # @TEST-EXEC: btest-diff out1 # @TEST-EXEC: btest-diff out2 diff --git a/testing/btest/scripts/base/protocols/snmp/v3.zeek b/testing/btest/scripts/base/protocols/snmp/v3.zeek index 4d72b6476d..7d4cb53e72 100644 --- a/testing/btest/scripts/base/protocols/snmp/v3.zeek +++ b/testing/btest/scripts/base/protocols/snmp/v3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 +# @TEST-EXEC: zeek -b -r $TRACES/snmp/snmpv3_get_next.pcap %INPUT $SCRIPTS/snmp-test.zeek >out1 # @TEST-EXEC: btest-diff out1 diff --git a/testing/btest/scripts/base/protocols/socks/socks-auth.zeek b/testing/btest/scripts/base/protocols/socks/socks-auth.zeek index d58e1b5801..eabd4a6420 100644 --- a/testing/btest/scripts/base/protocols/socks/socks-auth.zeek +++ b/testing/btest/scripts/base/protocols/socks/socks-auth.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks-auth.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks-auth.pcap %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace1.test b/testing/btest/scripts/base/protocols/socks/trace1.test index fb1d9ebaf2..900a962fef 100644 --- a/testing/btest/scripts/base/protocols/socks/trace1.test +++ b/testing/btest/scripts/base/protocols/socks/trace1.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks.trace %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace2.test b/testing/btest/scripts/base/protocols/socks/trace2.test index 5e3a449120..c9defb5f34 100644 --- a/testing/btest/scripts/base/protocols/socks/trace2.test +++ b/testing/btest/scripts/base/protocols/socks/trace2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/socks-with-ssl.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/socks-with-ssl.trace %INPUT # @TEST-EXEC: btest-diff socks.log # @TEST-EXEC: btest-diff tunnel.log diff --git a/testing/btest/scripts/base/protocols/socks/trace3.test b/testing/btest/scripts/base/protocols/socks/trace3.test index c3b3b091eb..c83ad4fa87 100644 --- a/testing/btest/scripts/base/protocols/socks/trace3.test +++ b/testing/btest/scripts/base/protocols/socks/trace3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tunnels/socks.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tunnels/socks.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log @load base/protocols/socks diff --git a/testing/btest/scripts/base/protocols/ssh/basic.test b/testing/btest/scripts/base/protocols/ssh/basic.test index 84b38a1f32..162ab9dd1f 100644 --- a/testing/btest/scripts/base/protocols/ssh/basic.test +++ b/testing/btest/scripts/base/protocols/ssh/basic.test @@ -1,6 +1,6 @@ # This tests some SSH connections and the output log. -# @TEST-EXEC: bro -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.trace %INPUT # @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test b/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test index 64641fe4af..ca13bda6ef 100644 --- a/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test +++ b/testing/btest/scripts/base/protocols/ssh/curve25519_kex.test @@ -1,6 +1,6 @@ # This tests a successful login with pubkey using curve25519 as the KEX algorithm -# @TEST-EXEC: bro -b -r $TRACES/ssh/ssh_kex_curve25519.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/ssh/ssh_kex_curve25519.pcap %INPUT # @TEST-EXEC: btest-diff ssh.log @load base/protocols/ssh \ No newline at end of file diff --git a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test index abaa48fd35..e87a246957 100644 --- a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test +++ b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output +# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output # @TEST-EXEC: btest-diff output event ssh_auth_attempted(c: connection, authenticated: bool) diff --git a/testing/btest/scripts/base/protocols/ssl/basic.test b/testing/btest/scripts/base/protocols/ssl/basic.test index 51eacfd572..918ecd55b7 100644 --- a/testing/btest/scripts/base/protocols/ssl/basic.test +++ b/testing/btest/scripts/base/protocols/ssl/basic.test @@ -1,6 +1,6 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/common_name.test b/testing/btest/scripts/base/protocols/ssl/common_name.test index fa14e19045..32565b2ea7 100644 --- a/testing/btest/scripts/base/protocols/ssl/common_name.test +++ b/testing/btest/scripts/base/protocols/ssl/common_name.test @@ -1,7 +1,7 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT -# @TEST-EXEC: bro -C -r $TRACES/tls/cert-no-cn.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/cert-no-cn.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) diff --git a/testing/btest/scripts/base/protocols/ssl/comp_methods.test b/testing/btest/scripts/base/protocols/ssl/comp_methods.test index fa24d4b47b..ae6b43e179 100644 --- a/testing/btest/scripts/base/protocols/ssl/comp_methods.test +++ b/testing/btest/scripts/base/protocols/ssl/comp_methods.test @@ -1,6 +1,6 @@ # This tests that the values sent for compression methods are correct. -# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index 878d2a3064..2f11f84df1 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -1,6 +1,6 @@ # This tests if Bro does not crash when exposed to CVE-2015-3194 -# @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/protocols/ssl/dhe.test b/testing/btest/scripts/base/protocols/ssl/dhe.test index f41cb70fab..df22cea9cc 100644 --- a/testing/btest/scripts/base/protocols/ssl/dhe.test +++ b/testing/btest/scripts/base/protocols/ssl/dhe.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test index 20b6ab6b74..f7f76a6e1a 100644 --- a/testing/btest/scripts/base/protocols/ssl/dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dpd.test @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/ssl-v2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-early-alert.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test index e8731bb1be..88667fca18 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test @@ -1,6 +1,6 @@ # This tests checks that non-dtls connections to which we attach don't trigger tons of errors. -# @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/dns-txt-multiple.trace %INPUT # @TEST-EXEC: btest-diff .stdout event zeek_init() diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test index d2437aac8b..b86ff75ee4 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/webrtc-stun.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/webrtc-stun.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: touch dpd.log # @TEST-EXEC: btest-diff dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls.test index a1b2c74dd8..2f31758cbf 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls.test @@ -1,9 +1,9 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cp ssl.log ssl1_2.log # @TEST-EXEC: cp x509.log x5091_2.log # @TEST-EXEC: btest-diff ssl1_2.log diff --git a/testing/btest/scripts/base/protocols/ssl/ecdhe.test b/testing/btest/scripts/base/protocols/ssl/ecdhe.test index bd1bd2cb96..e200619013 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdhe.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdhe.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/ssl/ecdsa.test b/testing/btest/scripts/base/protocols/ssl/ecdsa.test index a2db7c2cb5..2ace638a41 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdsa.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdsa.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/protocols/ssl/fragment.test b/testing/btest/scripts/base/protocols/ssl/fragment.test index b01a78a07a..2ea87d8291 100644 --- a/testing/btest/scripts/base/protocols/ssl/fragment.test +++ b/testing/btest/scripts/base/protocols/ssl/fragment.test @@ -1,6 +1,6 @@ # Test a heavily fragmented tls connection -# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | bro -r - %INPUT +# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | zeek -r - %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/handshake-events.test b/testing/btest/scripts/base/protocols/ssl/handshake-events.test index f73d268eef..0b45bebc02 100644 --- a/testing/btest/scripts/base/protocols/ssl/handshake-events.test +++ b/testing/btest/scripts/base/protocols/ssl/handshake-events.test @@ -1,6 +1,6 @@ # This tests events not covered by other tests -# @TEST-EXEC: bro -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/ssl/keyexchange.test b/testing/btest/scripts/base/protocols/ssl/keyexchange.test index 9c65ea5dda..252237f0dd 100644 --- a/testing/btest/scripts/base/protocols/ssl/keyexchange.test +++ b/testing/btest/scripts/base/protocols/ssl/keyexchange.test @@ -1,14 +1,14 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff ssl-all.log diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test index 181ee34909..747c1a667c 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-http-get.test @@ -1,6 +1,6 @@ # This tests a normal OCSP request sent through HTTP GET -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test index ff493a62a8..348da52f96 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-only.test @@ -1,6 +1,6 @@ # This tests a OCSP request missing response -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load files/x509/log-ocsp diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test index cfa5b99375..1942b57bad 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-request-response.test @@ -1,6 +1,6 @@ # This tests a pair of normal OCSP request and response -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test index 3b8c4a2d57..871ac59a34 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-response-only.test @@ -1,6 +1,6 @@ # This tests a normal OCSP response missing request -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test index 3ee0e96776..5f5f1486ea 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-revoked.test @@ -1,6 +1,6 @@ # This tests OCSP response with revocation -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT # @TEST-EXEC: btest-diff ocsp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test index 6424f263f1..3c338933aa 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout redef SSL::root_certs += { diff --git a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test index 7c7dc90e4c..e2201c3218 100644 --- a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT # # The following file contains a tls 1.0 connection with a SCT in a TLS extension. # This is interesting because the digitally-signed struct in TLS 1.0 does not come @@ -7,7 +7,7 @@ # uses in the end. So this one does have a Signature/Hash alg, even if the protocol # itself does not carry it in the same struct. # -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test index a904628acf..077aa15f1a 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test index 74acf3224a..6507e58793 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test index 7f023927ac..b21fc4ee11 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test index 15a737c032..8e2189d9f6 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test index b8f3d42242..f548d81512 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test @@ -1,5 +1,5 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT -# @TEST-EXEC: bro -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test index e074535692..f784ea0af0 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-version.test b/testing/btest/scripts/base/protocols/ssl/tls13-version.test index 9194c861e1..29c6da9261 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-version.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-version.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # Test that we correctly parse the version out of the extension in an 1.3 connection diff --git a/testing/btest/scripts/base/protocols/ssl/tls13.test b/testing/btest/scripts/base/protocols/ssl/tls13.test index 5033b6ea01..5f67e0333e 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13.test @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log # @TEST-EXEC: btest-diff ssl-out.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ssl/tls1_1.test b/testing/btest/scripts/base/protocols/ssl/tls1_1.test index 885a047ebe..de3ed740b4 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls1_1.test +++ b/testing/btest/scripts/base/protocols/ssl/tls1_1.test @@ -1,6 +1,6 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: test ! -f dpd.log diff --git a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test index de0dc9e59f..05bac2d21b 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test +++ b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout event x509_extension(f: fa_file, ext: X509::Extension) diff --git a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test index 425afbb2c8..ee7fa103e4 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test +++ b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout event x509_extension(f: fa_file, extension: X509::Extension) diff --git a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek index c33eb1638b..0382fa0aaf 100644 --- a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek +++ b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/syslog-missing-pri.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/syslog-missing-pri.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/syslog/trace.test b/testing/btest/scripts/base/protocols/syslog/trace.test index 78b681a9d8..f4dba5c807 100644 --- a/testing/btest/scripts/base/protocols/syslog/trace.test +++ b/testing/btest/scripts/base/protocols/syslog/trace.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/syslog-single-udp.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/syslog-single-udp.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/tcp/pending.zeek b/testing/btest/scripts/base/protocols/tcp/pending.zeek index 1a49f5d19b..8695f71b47 100644 --- a/testing/btest/scripts/base/protocols/tcp/pending.zeek +++ b/testing/btest/scripts/base/protocols/tcp/pending.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_pending(c: connection) diff --git a/testing/btest/scripts/base/protocols/xmpp/client-dpd.test b/testing/btest/scripts/base/protocols/xmpp/client-dpd.test index 9c9cc29c8a..544b56a744 100644 --- a/testing/btest/scripts/base/protocols/xmpp/client-dpd.test +++ b/testing/btest/scripts/base/protocols/xmpp/client-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test b/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test index 9483c0cca8..e398aed22e 100644 --- a/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test +++ b/testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/xmpp/starttls.test b/testing/btest/scripts/base/protocols/xmpp/starttls.test index f046d49283..7cc4717e31 100644 --- a/testing/btest/scripts/base/protocols/xmpp/starttls.test +++ b/testing/btest/scripts/base/protocols/xmpp/starttls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/utils/active-http.test b/testing/btest/scripts/base/utils/active-http.test index 9f94a14c7f..ff80dc5bf2 100644 --- a/testing/btest/scripts/base/utils/active-http.test +++ b/testing/btest/scripts/base/utils/active-http.test @@ -3,9 +3,9 @@ # # @TEST-EXEC: btest-bg-run httpd python $SCRIPTS/httpd.py --max 2 --addr=127.0.0.1 # @TEST-EXEC: sleep 3 -# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: cat bro/.stdout | sort >output +# @TEST-EXEC: cat zeek/.stdout | sort >output # @TEST-EXEC: btest-diff output @load base/utils/active-http diff --git a/testing/btest/scripts/base/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test index 8e5580d3e5..664f714784 100644 --- a/testing/btest/scripts/base/utils/addrs.test +++ b/testing/btest/scripts/base/utils/addrs.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/addrs diff --git a/testing/btest/scripts/base/utils/conn-ids.test b/testing/btest/scripts/base/utils/conn-ids.test index affe746e35..b44615b102 100644 --- a/testing/btest/scripts/base/utils/conn-ids.test +++ b/testing/btest/scripts/base/utils/conn-ids.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/decompose_uri.zeek b/testing/btest/scripts/base/utils/decompose_uri.zeek index 074e782474..30ba9cd245 100644 --- a/testing/btest/scripts/base/utils/decompose_uri.zeek +++ b/testing/btest/scripts/base/utils/decompose_uri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/urls diff --git a/testing/btest/scripts/base/utils/dir.test b/testing/btest/scripts/base/utils/dir.test index c02f215d51..6043d54289 100644 --- a/testing/btest/scripts/base/utils/dir.test +++ b/testing/btest/scripts/base/utils/dir.test @@ -1,12 +1,12 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../dirtest.zeek -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next1 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: btest-bg-run zeek zeek -b ../dirtest.zeek +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next1 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: touch testdir/newone # @TEST-EXEC: rm testdir/bye -# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next2 10 || (btest-bg-wait -k 1 && false) +# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next2 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: touch testdir/bye # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: touch testdir/newone -# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff zeek/.stdout @TEST-START-FILE dirtest.zeek diff --git a/testing/btest/scripts/base/utils/directions-and-hosts.test b/testing/btest/scripts/base/utils/directions-and-hosts.test index a955053d4a..7e731aba2e 100644 --- a/testing/btest/scripts/base/utils/directions-and-hosts.test +++ b/testing/btest/scripts/base/utils/directions-and-hosts.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # These are loaded by default. diff --git a/testing/btest/scripts/base/utils/exec.test b/testing/btest/scripts/base/utils/exec.test index 8913ed025c..efa13c781c 100644 --- a/testing/btest/scripts/base/utils/exec.test +++ b/testing/btest/scripts/base/utils/exec.test @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro -b ../exectest.zeek +# @TEST-EXEC: btest-bg-run zeek zeek -b ../exectest.zeek # @TEST-EXEC: btest-bg-wait 15 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout @TEST-START-FILE exectest.zeek diff --git a/testing/btest/scripts/base/utils/files.test b/testing/btest/scripts/base/utils/files.test index 402da96bed..8410c50a1a 100644 --- a/testing/btest/scripts/base/utils/files.test +++ b/testing/btest/scripts/base/utils/files.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/hash_hrw.zeek b/testing/btest/scripts/base/utils/hash_hrw.zeek index 90f87f6f46..c77e1548fe 100644 --- a/testing/btest/scripts/base/utils/hash_hrw.zeek +++ b/testing/btest/scripts/base/utils/hash_hrw.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load base/utils/hash_hrw diff --git a/testing/btest/scripts/base/utils/json.test b/testing/btest/scripts/base/utils/json.test index 968db1cefe..8d34ed98b1 100644 --- a/testing/btest/scripts/base/utils/json.test +++ b/testing/btest/scripts/base/utils/json.test @@ -2,7 +2,7 @@ # test with no elements, with one element, and with more than one element. # Test that the "only_loggable" option works (output only record fields with # the &log attribute). -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output type color: enum { Red, White, Blue }; diff --git a/testing/btest/scripts/base/utils/numbers.test b/testing/btest/scripts/base/utils/numbers.test index c1a2fff8c8..f80b64c26a 100644 --- a/testing/btest/scripts/base/utils/numbers.test +++ b/testing/btest/scripts/base/utils/numbers.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/paths.test b/testing/btest/scripts/base/utils/paths.test index 8436d37b8b..09e8b96f97 100644 --- a/testing/btest/scripts/base/utils/paths.test +++ b/testing/btest/scripts/base/utils/paths.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. @@ -41,18 +41,18 @@ print "==============================="; test_extract("\"/this/is/a/dir\" is current directory", "/this/is/a/dir"); test_extract("/this/is/a/dir is current directory", "/this/is/a/dir"); test_extract("/this/is/a/dir\\ is\\ current\\ directory", "/this/is/a/dir\\ is\\ current\\ directory"); -test_extract("hey, /foo/bar/baz.bro is a cool script", "/foo/bar/baz.bro"); +test_extract("hey, /foo/bar/baz.zeek is a cool script", "/foo/bar/baz.zeek"); test_extract("here's two dirs: /foo/bar and /foo/baz", "/foo/bar"); print "test build_path_compressed()"; print "==============================="; -print build_path_compressed("/home/bro/", "policy/somefile.bro"); -print build_path_compressed("/home/bro/", "/usr/local/bro/share/bro/somefile.bro"); -print build_path_compressed("/home/bro/", "/usr/local/bro/share/../../bro/somefile.bro"); +print build_path_compressed("/home/bro/", "policy/somefile.zeek"); +print build_path_compressed("/home/bro/", "/usr/local/bro/share/bro/somefile.zeek"); +print build_path_compressed("/home/bro/", "/usr/local/bro/share/../../bro/somefile.zeek"); print "==============================="; print "test build_full_path()"; print "==============================="; -print build_path("/home/bro/", "policy/somefile.bro"); -print build_path("/home/bro/", "/usr/local/bro/share/bro/somefile.bro"); +print build_path("/home/bro/", "policy/somefile.zeek"); +print build_path("/home/bro/", "/usr/local/bro/share/bro/somefile.zeek"); diff --git a/testing/btest/scripts/base/utils/pattern.test b/testing/btest/scripts/base/utils/pattern.test index 1cf5c49100..1c5ad227ef 100644 --- a/testing/btest/scripts/base/utils/pattern.test +++ b/testing/btest/scripts/base/utils/pattern.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/queue.test b/testing/btest/scripts/base/utils/queue.test index b11cac233f..bad45a67ab 100644 --- a/testing/btest/scripts/base/utils/queue.test +++ b/testing/btest/scripts/base/utils/queue.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output # This is loaded by default diff --git a/testing/btest/scripts/base/utils/site.test b/testing/btest/scripts/base/utils/site.test index 50438a0b9c..c97d98acbd 100644 --- a/testing/btest/scripts/base/utils/site.test +++ b/testing/btest/scripts/base/utils/site.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/strings.test b/testing/btest/scripts/base/utils/strings.test index 77fe715def..9606ab3213 100644 --- a/testing/btest/scripts/base/utils/strings.test +++ b/testing/btest/scripts/base/utils/strings.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/thresholds.test b/testing/btest/scripts/base/utils/thresholds.test index 2e18cc3b63..1c56057090 100644 --- a/testing/btest/scripts/base/utils/thresholds.test +++ b/testing/btest/scripts/base/utils/thresholds.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/base/utils/urls.test b/testing/btest/scripts/base/utils/urls.test index fd8c0a8622..666f805edb 100644 --- a/testing/btest/scripts/base/utils/urls.test +++ b/testing/btest/scripts/base/utils/urls.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output # This is loaded by default. diff --git a/testing/btest/scripts/check-test-all-policy.zeek b/testing/btest/scripts/check-test-all-policy.zeek index 9a9d120e6d..19bfe40c08 100644 --- a/testing/btest/scripts/check-test-all-policy.zeek +++ b/testing/btest/scripts/check-test-all-policy.zeek @@ -1,6 +1,6 @@ -# Makes sures test-all-policy.bro (which loads *all* other policy scripts) compiles correctly. +# Makes sures test-all-policy.zeek (which loads *all* other policy scripts) compiles correctly. # -# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: zeek %INPUT >output # @TEST-EXEC: btest-diff output @load test-all-policy diff --git a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek index f54b2e299d..b043e48830 100644 --- a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek +++ b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -r $TRACES/http/get.trace frameworks/files/extract-all-files +# @TEST-EXEC: zeek -r $TRACES/http/get.trace frameworks/files/extract-all-files # @TEST-EXEC: grep -q EXTRACT files.log diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.zeek b/testing/btest/scripts/policy/frameworks/intel/removal.zeek index 41c87bc6fb..7ca2bd5541 100644 --- a/testing/btest/scripts/policy/frameworks/intel/removal.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/removal.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run broproc bro %INPUT +# @TEST-EXEC: btest-bg-run broproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff broproc/intel.log diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek index c90c5e41f4..bd9abdf452 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: cat intel.log > intel-all.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat intel.log >> intel-all.log # @TEST-EXEC: btest-diff intel-all.log diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek index 5e0024ec7c..ad87bf8955 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff intel.log @load base/frameworks/intel diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek index 6ad04e95bd..ca144d3a55 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/smtp-multi-addr.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/smtp-multi-addr.pcap %INPUT # @TEST-EXEC: btest-diff intel.log @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek index 560ba35c0a..de8e28c7d4 100644 --- a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -Cr $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -Cr $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff intel.log #@TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/policy/frameworks/software/version-changes.zeek b/testing/btest/scripts/policy/frameworks/software/version-changes.zeek index 493bc1d354..9f168fb502 100644 --- a/testing/btest/scripts/policy/frameworks/software/version-changes.zeek +++ b/testing/btest/scripts/policy/frameworks/software/version-changes.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff software.log # @TEST-EXEC: btest-diff notice.log diff --git a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek index dd233a6ffc..4d36bbf3f4 100644 --- a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek +++ b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT # @TEST-EXEC: btest-diff notice.log @load frameworks/software/vulnerable diff --git a/testing/btest/scripts/policy/misc/dump-events.zeek b/testing/btest/scripts/policy/misc/dump-events.zeek index d318266787..bc017c6533 100644 --- a/testing/btest/scripts/policy/misc/dump-events.zeek +++ b/testing/btest/scripts/policy/misc/dump-events.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log +# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log # # @TEST-EXEC: btest-diff all-events.log # @TEST-EXEC: btest-diff all-events-no-args.log diff --git a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek index 0c73ccf189..5d8fd2529d 100644 --- a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT -# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/weird_stats.log diff --git a/testing/btest/scripts/policy/misc/weird-stats.zeek b/testing/btest/scripts/policy/misc/weird-stats.zeek index 16a0ca02d7..0caeb960fe 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek %INPUT # @TEST-EXEC: btest-bg-wait 20 -# @TEST-EXEC: btest-diff bro/weird_stats.log +# @TEST-EXEC: btest-diff zeek/weird_stats.log @load misc/weird-stats diff --git a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek index 677cfa9f3d..cdb3fa5058 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek @@ -1,18 +1,18 @@ # A basic test of the known-hosts script's logging and asset_tracking options -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-local.log # @TEST-EXEC: btest-diff knownhosts-local.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-remote.log # @TEST-EXEC: btest-diff knownhosts-remote.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-all.log # @TEST-EXEC: btest-diff knownhosts-all.log -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_hosts.log @load protocols/conn/known-hosts diff --git a/testing/btest/scripts/policy/protocols/conn/known-services.zeek b/testing/btest/scripts/policy/protocols/conn/known-services.zeek index ab787b6bd4..3c34adadc9 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-services.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-services.zeek @@ -1,18 +1,18 @@ # A basic test of the known-services script's logging and asset_tracking options -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=LOCAL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=LOCAL_HOSTS # @TEST-EXEC: mv known_services.log knownservices-local.log # @TEST-EXEC: btest-diff knownservices-local.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=REMOTE_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=REMOTE_HOSTS # @TEST-EXEC: mv known_services.log knownservices-remote.log # @TEST-EXEC: btest-diff knownservices-remote.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=ALL_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=ALL_HOSTS # @TEST-EXEC: mv known_services.log knownservices-all.log # @TEST-EXEC: btest-diff knownservices-all.log -# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=NO_HOSTS +# @TEST-EXEC: zeek -r $TRACES/var-services-std-ports.trace %INPUT Known::service_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_services.log @load protocols/conn/known-services diff --git a/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek b/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek index a3cfbf768f..78b1ce9f4c 100644 --- a/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek +++ b/testing/btest/scripts/policy/protocols/conn/mac-logging.zeek @@ -1,10 +1,10 @@ # A basic test of the mac logging script -# @TEST-EXEC: bro -b -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: mv conn.log conn1.log -# @TEST-EXEC: bro -b -C -r $TRACES/radiotap.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/radiotap.pcap %INPUT # @TEST-EXEC: mv conn.log conn2.log -# @TEST-EXEC: bro -b -C -r $TRACES/llc.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/llc.pcap %INPUT # @TEST-EXEC: mv conn.log conn3.log # # @TEST-EXEC: btest-diff conn1.log diff --git a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek index 1711eba71d..6ee809af52 100644 --- a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek +++ b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek @@ -1,6 +1,6 @@ # A basic test of the vlan logging script -# @TEST-EXEC: bro -r $TRACES/q-in-q.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load protocols/conn/vlan-logging diff --git a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek index d695060707..770386072c 100644 --- a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek +++ b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/dns-inverse-query.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/dns-inverse-query.trace %INPUT # @TEST-EXEC: test ! -e dns.log @load protocols/dns/auth-addl diff --git a/testing/btest/scripts/policy/protocols/http/flash-version.zeek b/testing/btest/scripts/policy/protocols/http/flash-version.zeek index 9357295c3c..e2ad2ebf3b 100644 --- a/testing/btest/scripts/policy/protocols/http/flash-version.zeek +++ b/testing/btest/scripts/policy/protocols/http/flash-version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r ${TRACES}/http/flash-version.trace %INPUT +# @TEST-EXEC: zeek -r ${TRACES}/http/flash-version.trace %INPUT # @TEST-EXEC: btest-diff software.log @load protocols/http/software diff --git a/testing/btest/scripts/policy/protocols/http/header-names.zeek b/testing/btest/scripts/policy/protocols/http/header-names.zeek index 30b1de7fdb..5422c8e9e2 100644 --- a/testing/btest/scripts/policy/protocols/http/header-names.zeek +++ b/testing/btest/scripts/policy/protocols/http/header-names.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff http.log @load protocols/http/header-names diff --git a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek index 3041abab75..129acde477 100644 --- a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek +++ b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro %INPUT > output +# @TEST-EXEC: zeek %INPUT > output # @TEST-EXEC: btest-diff output @load protocols/http/detect-sqli diff --git a/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek b/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek index 0bc0a33d5d..f537e5146d 100644 --- a/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek +++ b/testing/btest/scripts/policy/protocols/krb/ticket-logging.zeek @@ -1,6 +1,6 @@ # This test makes sure that krb ticket hashes are logged correctly. -# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/krb/auth.trace %INPUT # @TEST-EXEC: btest-diff kerberos.log @load protocols/krb/ticket-logging diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek index e28ebf5b49..583c8ae0a5 100644 --- a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek +++ b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssh/detect-bruteforcing diff --git a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek index 9278e11de0..16591d560c 100644 --- a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssl/expiring-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek index ad99e2e143..660181942e 100644 --- a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: btest-diff certs-remote.pem @load protocols/ssl/extract-certs-pem diff --git a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek index 52137adbd0..887035d946 100644 --- a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek @@ -1,20 +1,20 @@ -# TEST-EXEC: bro -C -r $TRACES/tls/heartbleed.pcap %INPUT +# TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed.pcap %INPUT # TEST-EXEC: mv notice.log notice-heartbleed.log # TEST-EXEC: btest-diff notice-heartbleed.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-success.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-heartbleed-success.log # @TEST-EXEC: btest-diff notice-heartbleed-success.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted.log # @TEST-EXEC: btest-diff notice-encrypted.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-success.log # @TEST-EXEC: btest-diff notice-encrypted-success.log -# @TEST-EXEC: bro -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-short.log # @TEST-EXEC: btest-diff notice-encrypted-short.log diff --git a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek index f5ff187164..e3a586b292 100644 --- a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff known_certs.log diff --git a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek index 37f9f7592b..25d830acb0 100644 --- a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff x509.log @load protocols/ssl/log-hostcerts-only diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek index ccca29fd7c..cb5d72a0d9 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek index 9686c1ab28..434b3b020b 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek index 21d174be91..948fa38b01 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-twimg.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log -# @TEST-EXEC: bro $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT +# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-digicert.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek index c21dc18094..7d2ac86865 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek index f4d51f8016..efc9aebf12 100644 --- a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cp notice.log notice-out.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl-v2.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl-v2.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log -# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log # @TEST-EXEC: btest-diff notice-out.log diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test index 3eb189e639..036f9184b0 100644 --- a/testing/btest/scripts/site/local-compat.test +++ b/testing/btest/scripts/site/local-compat.test @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro +# @TEST-EXEC: zeek local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro # This tests the compatibility of the past release's site/local.bro # script with the current version of Bro. If the test fails because # it doesn't find the right file, that means everything stayed # compatibile between releases, so just add a TEST-START-FILE with -# the contents the latest Bro version's site/local.bro script. +# the contents the latest Bro version's site/local.zeek script. # If the test fails while loading the old local.bro, it usually # indicates a note will need to be made in NEWS explaining to users # how to migrate to the new version and this test's TEST-START-FILE diff --git a/testing/btest/scripts/site/local.test b/testing/btest/scripts/site/local.test index e2058417cd..158cc7f8c0 100644 --- a/testing/btest/scripts/site/local.test +++ b/testing/btest/scripts/site/local.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: zeek %INPUT @load local \ No newline at end of file diff --git a/testing/btest/signatures/bad-eval-condition.zeek b/testing/btest/signatures/bad-eval-condition.zeek index 2b3fef76fe..d64cb4cba4 100644 --- a/testing/btest/signatures/bad-eval-condition.zeek +++ b/testing/btest/signatures/bad-eval-condition.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC-FAIL: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff .stderr @load-sigs blah.sig diff --git a/testing/btest/signatures/dpd.zeek b/testing/btest/signatures/dpd.zeek index b6d58fb3a3..16e7f19724 100644 --- a/testing/btest/signatures/dpd.zeek +++ b/testing/btest/signatures/dpd.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv4.trace %INPUT >dpd-ipv4.out -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv6.trace %INPUT >dpd-ipv6.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv4.trace %INPUT >nosig-ipv4.out -# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >nosig-ipv6.out +# @TEST-EXEC: zeek -b -s myftp -r $TRACES/ftp/ipv4.trace %INPUT >dpd-ipv4.out +# @TEST-EXEC: zeek -b -s myftp -r $TRACES/ftp/ipv6.trace %INPUT >dpd-ipv6.out +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT >nosig-ipv4.out +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv6.trace %INPUT >nosig-ipv6.out # @TEST-EXEC: btest-diff dpd-ipv4.out # @TEST-EXEC: btest-diff dpd-ipv6.out # @TEST-EXEC: btest-diff nosig-ipv4.out diff --git a/testing/btest/signatures/dst-ip-cidr-v4.zeek b/testing/btest/signatures/dst-ip-cidr-v4.zeek index e86a746e54..9c80a9148a 100644 --- a/testing/btest/signatures/dst-ip-cidr-v4.zeek +++ b/testing/btest/signatures/dst-ip-cidr-v4.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek b/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek index dc5b0f48b8..9389f11df2 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v4-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v4.zeek b/testing/btest/signatures/dst-ip-header-condition-v4.zeek index 0d0d3e644c..b04d6c30ca 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v4.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v4.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek b/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek index d82a76e78d..9de148eb87 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v6-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-ip-header-condition-v6.zeek b/testing/btest/signatures/dst-ip-header-condition-v6.zeek index e629fb4462..5bd64f8fc1 100644 --- a/testing/btest/signatures/dst-ip-header-condition-v6.zeek +++ b/testing/btest/signatures/dst-ip-header-condition-v6.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out -# @TEST-EXEC: bro -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out +# @TEST-EXEC: zeek -b -s dst-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-eq-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out -# @TEST-EXEC: bro -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out -# @TEST-EXEC: bro -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list.out +# @TEST-EXEC: zeek -b -s dst-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff dst-ip-eq.out # @TEST-EXEC: btest-diff dst-ip-eq-nomatch.out diff --git a/testing/btest/signatures/dst-port-header-condition.zeek b/testing/btest/signatures/dst-port-header-condition.zeek index 08ba07b0de..5f2f880d79 100644 --- a/testing/btest/signatures/dst-port-header-condition.zeek +++ b/testing/btest/signatures/dst-port-header-condition.zeek @@ -1,24 +1,24 @@ -# @TEST-EXEC: bro -b -s dst-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq.out -# @TEST-EXEC: bro -b -s dst-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-list.out -# @TEST-EXEC: bro -b -s dst-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-eq-ip6.out +# @TEST-EXEC: zeek -b -s dst-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq.out +# @TEST-EXEC: zeek -b -s dst-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >dst-port-eq-list.out +# @TEST-EXEC: zeek -b -s dst-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-eq-ip6.out -# @TEST-EXEC: bro -b -s dst-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne.out -# @TEST-EXEC: bro -b -s dst-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list.out -# @TEST-EXEC: bro -b -s dst-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne.out +# @TEST-EXEC: zeek -b -s dst-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list.out +# @TEST-EXEC: zeek -b -s dst-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-ne-list-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt.out -# @TEST-EXEC: bro -b -s dst-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte1.out -# @TEST-EXEC: bro -b -s dst-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte2.out -# @TEST-EXEC: bro -b -s dst-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt.out +# @TEST-EXEC: zeek -b -s dst-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lt-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte1.out +# @TEST-EXEC: zeek -b -s dst-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte2.out +# @TEST-EXEC: zeek -b -s dst-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-lte-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt.out -# @TEST-EXEC: bro -b -s dst-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt-nomatch.out -# @TEST-EXEC: bro -b -s dst-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte1.out -# @TEST-EXEC: bro -b -s dst-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte2.out -# @TEST-EXEC: bro -b -s dst-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt.out +# @TEST-EXEC: zeek -b -s dst-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gt-nomatch.out +# @TEST-EXEC: zeek -b -s dst-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte1.out +# @TEST-EXEC: zeek -b -s dst-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte2.out +# @TEST-EXEC: zeek -b -s dst-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >dst-port-gte-nomatch.out # @TEST-EXEC: btest-diff dst-port-eq.out # @TEST-EXEC: btest-diff dst-port-eq-nomatch.out diff --git a/testing/btest/signatures/eval-condition-no-return-value.zeek b/testing/btest/signatures/eval-condition-no-return-value.zeek index b1a4f5781f..88a8e57ca1 100644 --- a/testing/btest/signatures/eval-condition-no-return-value.zeek +++ b/testing/btest/signatures/eval-condition-no-return-value.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/signatures/eval-condition.zeek b/testing/btest/signatures/eval-condition.zeek index a14003b691..fe2db7482b 100644 --- a/testing/btest/signatures/eval-condition.zeek +++ b/testing/btest/signatures/eval-condition.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load-sigs blah.sig diff --git a/testing/btest/signatures/header-header-condition.zeek b/testing/btest/signatures/header-header-condition.zeek index ad78ba4513..545a9fdf40 100644 --- a/testing/btest/signatures/header-header-condition.zeek +++ b/testing/btest/signatures/header-header-condition.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s ip -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip.out -# @TEST-EXEC: bro -b -s ip-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip-mask.out -# @TEST-EXEC: bro -b -s ip6 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >ip6.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp.out -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp.out -# @TEST-EXEC: bro -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6.out -# @TEST-EXEC: bro -b -s val-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >val-mask.out +# @TEST-EXEC: zeek -b -s ip -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip.out +# @TEST-EXEC: zeek -b -s ip-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >ip-mask.out +# @TEST-EXEC: zeek -b -s ip6 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >ip6.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp.out +# @TEST-EXEC: zeek -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6.out +# @TEST-EXEC: zeek -b -s val-mask -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >val-mask.out # @TEST-EXEC: btest-diff ip.out # @TEST-EXEC: btest-diff ip-mask.out diff --git a/testing/btest/signatures/id-lookup.zeek b/testing/btest/signatures/id-lookup.zeek index f055e73725..a100b0a624 100644 --- a/testing/btest/signatures/id-lookup.zeek +++ b/testing/btest/signatures/id-lookup.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out +# @TEST-EXEC: zeek -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out # @TEST-EXEC: btest-diff id.out @TEST-START-FILE id.sig diff --git a/testing/btest/signatures/ip-proto-header-condition.zeek b/testing/btest/signatures/ip-proto-header-condition.zeek index 52d58ea223..bbaf865f06 100644 --- a/testing/btest/signatures/ip-proto-header-condition.zeek +++ b/testing/btest/signatures/ip-proto-header-condition.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp_in_ip4.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp_in_ip4.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp_in_ip4.out -# @TEST-EXEC: bro -b -s tcp -r $TRACES/chksums/ip6-tcp-good-chksum.pcap %INPUT >tcp_in_ip6.out -# @TEST-EXEC: bro -b -s udp -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >udp_in_ip6.out -# @TEST-EXEC: bro -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6_in_ip6.out -# @TEST-EXEC: bro -b -s icmp -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >nomatch.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >tcp_in_ip4.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >udp_in_ip4.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >icmp_in_ip4.out +# @TEST-EXEC: zeek -b -s tcp -r $TRACES/chksums/ip6-tcp-good-chksum.pcap %INPUT >tcp_in_ip6.out +# @TEST-EXEC: zeek -b -s udp -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >udp_in_ip6.out +# @TEST-EXEC: zeek -b -s icmp6 -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >icmp6_in_ip6.out +# @TEST-EXEC: zeek -b -s icmp -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >nomatch.out # @TEST-EXEC: btest-diff tcp_in_ip4.out # @TEST-EXEC: btest-diff udp_in_ip4.out diff --git a/testing/btest/signatures/load-sigs.zeek b/testing/btest/signatures/load-sigs.zeek index 3e08338f2c..d57630ec14 100644 --- a/testing/btest/signatures/load-sigs.zeek +++ b/testing/btest/signatures/load-sigs.zeek @@ -1,6 +1,6 @@ # A test of signature loading using @load-sigs. -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output @load-sigs ./subdir/mysigs.sig diff --git a/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek b/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek index 1e272c81ee..9c34853c8a 100644 --- a/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v4-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v4.zeek b/testing/btest/signatures/src-ip-header-condition-v4.zeek index 746e41a4be..3eaa73ce9c 100644 --- a/testing/btest/signatures/src-ip-header-condition-v4.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v4.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek b/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek index 3c4fbf5526..ad5ca917a9 100644 --- a/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v6-masks.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-ip-header-condition-v6.zeek b/testing/btest/signatures/src-ip-header-condition-v6.zeek index 613a3dd4c1..6ada9db299 100644 --- a/testing/btest/signatures/src-ip-header-condition-v6.zeek +++ b/testing/btest/signatures/src-ip-header-condition-v6.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: bro -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out -# @TEST-EXEC: bro -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out +# @TEST-EXEC: zeek -b -s src-ip-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq.out +# @TEST-EXEC: zeek -b -s src-ip-eq-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-eq-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-eq-list.out -# @TEST-EXEC: bro -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out -# @TEST-EXEC: bro -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out -# @TEST-EXEC: bro -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne.out +# @TEST-EXEC: zeek -b -s src-ip-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list.out +# @TEST-EXEC: zeek -b -s src-ip-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-ip-ne-list-nomatch.out # @TEST-EXEC: btest-diff src-ip-eq.out # @TEST-EXEC: btest-diff src-ip-eq-nomatch.out diff --git a/testing/btest/signatures/src-port-header-condition.zeek b/testing/btest/signatures/src-port-header-condition.zeek index ea9e08ce2b..3fcd71308c 100644 --- a/testing/btest/signatures/src-port-header-condition.zeek +++ b/testing/btest/signatures/src-port-header-condition.zeek @@ -1,24 +1,24 @@ -# @TEST-EXEC: bro -b -s src-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq.out -# @TEST-EXEC: bro -b -s src-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-nomatch.out -# @TEST-EXEC: bro -b -s src-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-list.out -# @TEST-EXEC: bro -b -s src-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-eq-ip6.out +# @TEST-EXEC: zeek -b -s src-port-eq -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq.out +# @TEST-EXEC: zeek -b -s src-port-eq-nomatch -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-eq-list -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >src-port-eq-list.out +# @TEST-EXEC: zeek -b -s src-port-eq -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-eq-ip6.out -# @TEST-EXEC: bro -b -s src-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne.out -# @TEST-EXEC: bro -b -s src-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-nomatch.out -# @TEST-EXEC: bro -b -s src-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list.out -# @TEST-EXEC: bro -b -s src-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-ne -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne.out +# @TEST-EXEC: zeek -b -s src-port-ne-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-ne-list -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list.out +# @TEST-EXEC: zeek -b -s src-port-ne-list-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-ne-list-nomatch.out -# @TEST-EXEC: bro -b -s src-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt.out -# @TEST-EXEC: bro -b -s src-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt-nomatch.out -# @TEST-EXEC: bro -b -s src-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte1.out -# @TEST-EXEC: bro -b -s src-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte2.out -# @TEST-EXEC: bro -b -s src-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-lt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt.out +# @TEST-EXEC: zeek -b -s src-port-lt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lt-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-lte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte1.out +# @TEST-EXEC: zeek -b -s src-port-lte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte2.out +# @TEST-EXEC: zeek -b -s src-port-lte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-lte-nomatch.out -# @TEST-EXEC: bro -b -s src-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt.out -# @TEST-EXEC: bro -b -s src-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt-nomatch.out -# @TEST-EXEC: bro -b -s src-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte1.out -# @TEST-EXEC: bro -b -s src-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte2.out -# @TEST-EXEC: bro -b -s src-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-gt -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt.out +# @TEST-EXEC: zeek -b -s src-port-gt-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gt-nomatch.out +# @TEST-EXEC: zeek -b -s src-port-gte1 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte1.out +# @TEST-EXEC: zeek -b -s src-port-gte2 -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte2.out +# @TEST-EXEC: zeek -b -s src-port-gte-nomatch -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT >src-port-gte-nomatch.out # @TEST-EXEC: btest-diff src-port-eq.out # @TEST-EXEC: btest-diff src-port-eq-nomatch.out diff --git a/testing/btest/signatures/udp-packetwise-match.zeek b/testing/btest/signatures/udp-packetwise-match.zeek index 706b632dd7..feb531c37c 100644 --- a/testing/btest/signatures/udp-packetwise-match.zeek +++ b/testing/btest/signatures/udp-packetwise-match.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: zeek -r $TRACES/udp-signature-test.pcap %INPUT | sort >out # @TEST-EXEC: btest-diff out @load-sigs test.sig diff --git a/testing/btest/signatures/udp-payload-size.zeek b/testing/btest/signatures/udp-payload-size.zeek index efc5411feb..c1c6a6d49b 100644 --- a/testing/btest/signatures/udp-payload-size.zeek +++ b/testing/btest/signatures/udp-payload-size.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/scripts/gen-zeexygen-docs.sh b/testing/scripts/gen-zeexygen-docs.sh index 66287b01aa..729c08e987 100755 --- a/testing/scripts/gen-zeexygen-docs.sh +++ b/testing/scripts/gen-zeexygen-docs.sh @@ -25,12 +25,12 @@ case $output_dir in esac cd $build_dir -. bro-path-dev.sh +. zeek-path-dev.sh export BRO_SEED_FILE=$source_dir/testing/btest/random.seed function run_zeek { - ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeexygen >/dev/null 2>$zeek_error_file + ZEEK_ALLOW_INIT_ERRORS=1 zeek -X $conf_file zeexygen >/dev/null 2>$zeek_error_file if [ $? -ne 0 ]; then echo "Failed running zeek with zeexygen config file $conf_file" diff --git a/testing/scripts/has-writer b/testing/scripts/has-writer index d6cdf28d12..e50feec8e9 100755 --- a/testing/scripts/has-writer +++ b/testing/scripts/has-writer @@ -1,6 +1,6 @@ #! /usr/bin/env bash # # Returns true if Bro has been compiled with support for writer type -# $1. The type name must match the plugin name that "bro -N" prints. +# $1. The type name must match the plugin name that "zeek -N" prints. -bro -N | grep -q $1 >/dev/null +zeek -N | grep -q $1 >/dev/null diff --git a/testing/scripts/travis-job b/testing/scripts/travis-job index d872d774fc..767984b44e 100644 --- a/testing/scripts/travis-job +++ b/testing/scripts/travis-job @@ -247,7 +247,7 @@ run() { for cf in $COREFILES; do echo echo "############# Begin stack trace for $cf ###############" - gdb build/src/bro -c "$cf" -ex "thread apply all bt" -ex "set pagination 0" -batch; + gdb build/src/zeek -c "$cf" -ex "thread apply all bt" -ex "set pagination 0" -batch; echo "############# End stack trace for $cf #################" echo done diff --git a/bro-config.h.in b/zeek-config.h.in similarity index 100% rename from bro-config.h.in rename to zeek-config.h.in diff --git a/bro-config.in b/zeek-config.in similarity index 80% rename from bro-config.in rename to zeek-config.in index 9228271394..247e512c3f 100755 --- a/bro-config.in +++ b/zeek-config.in @@ -12,12 +12,12 @@ cmake_dir=@CMAKE_INSTALL_PREFIX@/share/bro/cmake include_dir=@CMAKE_INSTALL_PREFIX@/include/bro bropath=@DEFAULT_BROPATH@ bro_dist=@BRO_DIST@ -binpac_root=@BRO_CONFIG_BINPAC_ROOT_DIR@ -caf_root=@BRO_CONFIG_CAF_ROOT_DIR@ -broker_root=@BRO_CONFIG_BROKER_ROOT_DIR@ +binpac_root=@ZEEK_CONFIG_BINPAC_ROOT_DIR@ +caf_root=@ZEEK_CONFIG_CAF_ROOT_DIR@ +broker_root=@ZEEK_CONFIG_BROKER_ROOT_DIR@ usage="\ -Usage: bro-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]" +Usage: zeek-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]" if [ $# -eq 0 ] ; then echo "${usage}" 1>&2 diff --git a/bro-path-dev.in b/zeek-path-dev.in similarity index 100% rename from bro-path-dev.in rename to zeek-path-dev.in diff --git a/zeek-wrapper.in b/zeek-wrapper.in new file mode 100755 index 0000000000..91c08b5a5a --- /dev/null +++ b/zeek-wrapper.in @@ -0,0 +1,27 @@ +#! /usr/bin/env bash +# +# Wrapper to continue supporting old names of executables. +# This will print a deprecation warning to stderr if (1) stdin/stdout/stderr +# are all connected to a tty, and (2) the environment variable ZEEK_IS_BRO +# is unset. + +function deprecated { +cat >&2 < Date: Thu, 2 May 2019 00:12:03 +0000 Subject: [PATCH 10/51] Updating submodule. --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 39ae4a469d..4dac52cb18 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 39ae4a469d6ae86c12b49020b361da4fcab24b5b +Subproject commit 4dac52cb18657f579ffb917146fe3881cdfcc96d From a8281ff9f94274cba9bbcdcd90ce5093db411511 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:42:10 -0700 Subject: [PATCH 11/51] Fix a ref counnting bug in DNS_Mgr --- src/DNS_Mgr.cc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index b92c057eba..3be59981a7 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -289,10 +289,13 @@ ListVal* DNS_Mapping::Addrs() TableVal* DNS_Mapping::AddrsSet() { ListVal* l = Addrs(); - if ( l ) - return l->ConvertToSet(); - else + + if ( ! l ) return empty_addr_set(); + + auto rval = l->ConvertToSet(); + Unref(l); + return rval; } StringVal* DNS_Mapping::Host() From 6db576195c4417bac663a05a12bd4b712c47ff2a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:46:10 -0700 Subject: [PATCH 12/51] Improve DNS_Mgr I/O loop: prevent starvation due to busy Broker --- src/DNS_Mgr.cc | 15 +++++++++++++-- src/DNS_Mgr.h | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 3be59981a7..11f1e30037 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -392,6 +392,7 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode) successful = 0; failed = 0; nb_dns = nullptr; + next_timestamp = -1.0; } DNS_Mgr::~DNS_Mgr() @@ -1252,8 +1253,17 @@ void DNS_Mgr::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, double DNS_Mgr::NextTimestamp(double* network_time) { - // This is kind of cheating ... - return asyncs_timeouts.size() ? timer_mgr->Time() : -1.0; + if ( asyncs_timeouts.empty() ) + // No pending requests. + return -1.0; + + if ( next_timestamp < 0 ) + // Store the timestamp to help prevent starvation by some other + // IOSource always trying to use the same timestamp + // (assuming network_time does actually increase). + next_timestamp = timer_mgr->Time(); + + return next_timestamp; } void DNS_Mgr::CheckAsyncAddrRequest(const IPAddr& addr, bool timeout) @@ -1382,6 +1392,7 @@ void DNS_Mgr::Flush() void DNS_Mgr::Process() { DoProcess(false); + next_timestamp = -1.0; } void DNS_Mgr::DoProcess(bool flush) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index f6f62bd1ec..7c7ddc8738 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -236,6 +236,7 @@ protected: unsigned long num_requests; unsigned long successful; unsigned long failed; + double next_timestamp; }; extern DNS_Mgr* dns_mgr; From 5bccb44ad4b11d6f141e440e7a2c2cd6d1c711ba Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:50:47 -0700 Subject: [PATCH 13/51] Remove dead code from DNS_Mgr --- src/DNS_Mgr.cc | 8 ++++---- src/DNS_Mgr.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 11f1e30037..db8100ca2b 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1369,7 +1369,7 @@ void DNS_Mgr::CheckAsyncHostRequest(const char* host, bool timeout) void DNS_Mgr::Flush() { - DoProcess(false); + DoProcess(); HostMap::iterator it; for ( it = host_mappings.begin(); it != host_mappings.end(); ++it ) @@ -1391,11 +1391,11 @@ void DNS_Mgr::Flush() void DNS_Mgr::Process() { - DoProcess(false); + DoProcess(); next_timestamp = -1.0; } -void DNS_Mgr::DoProcess(bool flush) +void DNS_Mgr::DoProcess() { if ( ! nb_dns ) return; @@ -1404,7 +1404,7 @@ void DNS_Mgr::DoProcess(bool flush) { AsyncRequest* req = asyncs_timeouts.top(); - if ( req->time + DNS_TIMEOUT > current_time() || flush ) + if ( req->time + DNS_TIMEOUT > current_time() ) break; if ( req->IsAddrReq() ) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 7c7ddc8738..7fa805461c 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -132,7 +132,7 @@ protected: void CheckAsyncTextRequest(const char* host, bool timeout); // Process outstanding requests. - void DoProcess(bool flush); + void DoProcess(); // IOSource interface. void GetFds(iosource::FD_Set* read, iosource::FD_Set* write, From 5bb2a6b1c0d12a4000b55938a26e4c1e51f86d97 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:51:54 -0700 Subject: [PATCH 14/51] Fix DNS_Mgr priority_queue usage It was sorting by memory address stored in AsyncRequest pointers rather than their actual timestamp. --- src/DNS_Mgr.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 7fa805461c..5aac420303 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -228,7 +228,14 @@ protected: typedef list QueuedList; QueuedList asyncs_queued; - typedef priority_queue TimeoutQueue; + struct AsyncRequestCompare { + bool operator()(const AsyncRequest* a, const AsyncRequest* b) + { + return a->time > b->time; + } + }; + + typedef priority_queue, AsyncRequestCompare> TimeoutQueue; TimeoutQueue asyncs_timeouts; int asyncs_pending; From fd11c63efe94ae6967bb7a31e03a7aea556d9686 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 22:55:43 -0700 Subject: [PATCH 15/51] Remove an unhelpful/optimistic DNS_Mgr optimization DNS_Mgr is always "idle", so Process() is always called when the fd signals there's really something ready (except when flushing at termination-time), so checking whether all pending request maps are empty within Process() doesn't help much. If they are empty, but there's somehow something to pull off the socket, the main loop is just going to keep trying to call Process() until it gets read (which would be bad if it's preventing another IOSource from getting real work done). --- src/DNS_Mgr.cc | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index db8100ca2b..4edff2088c 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1418,9 +1418,6 @@ void DNS_Mgr::DoProcess() delete req; } - if ( asyncs_addrs.size() == 0 && asyncs_names.size() == 0 && asyncs_texts.size() == 0 ) - return; - if ( AnswerAvailable(0) <= 0 ) return; From 46799f75407391a1caa65c99f6a4b87afa3ba56a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 1 May 2019 23:08:52 -0700 Subject: [PATCH 16/51] Fix timing out DNS lookups that were already resolved This could happen in the case of making repeated lookup requests for the same thing within a short period of time: cleaning up an old request that already got resolved would mistakenly see a new, yet-to-be-resolved request with identical host/addr and mistakenly assume it's in need of being timed out. --- src/DNS_Mgr.cc | 15 +++++++++------ src/DNS_Mgr.h | 8 ++++++-- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 4edff2088c..c52e6086f4 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -1407,12 +1407,15 @@ void DNS_Mgr::DoProcess() if ( req->time + DNS_TIMEOUT > current_time() ) break; - if ( req->IsAddrReq() ) - CheckAsyncAddrRequest(req->host, true); - else if ( req->is_txt ) - CheckAsyncTextRequest(req->name.c_str(), true); - else - CheckAsyncHostRequest(req->name.c_str(), true); + if ( ! req->processed ) + { + if ( req->IsAddrReq() ) + CheckAsyncAddrRequest(req->host, true); + else if ( req->is_txt ) + CheckAsyncTextRequest(req->name.c_str(), true); + else + CheckAsyncHostRequest(req->name.c_str(), true); + } asyncs_timeouts.pop(); delete req; diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index 5aac420303..9f9fe4ccc3 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -172,12 +172,13 @@ protected: struct AsyncRequest { double time; + bool is_txt; + bool processed; IPAddr host; string name; - bool is_txt; CallbackList callbacks; - AsyncRequest() : time(0.0), is_txt(false) { } + AsyncRequest() : time(0.0), is_txt(false), processed(false) { } bool IsAddrReq() const { return name.length() == 0; } @@ -190,6 +191,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } void Resolved(TableVal* addrs) @@ -201,6 +203,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } void Timeout() @@ -212,6 +215,7 @@ protected: delete *i; } callbacks.clear(); + processed = true; } }; From 5d44735209b8285bd04e15847ff81f038e001a3a Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 2 May 2019 12:06:39 -0700 Subject: [PATCH 17/51] Remove deprecated functions/events This commit removed functions/events that have been deprecated in Bro 2.6. It also removes the detection code that checks if the old communication framework is used (since all the functions that are checked were removed). Addresses parts of GH-243 --- NEWS | 54 +- doc | 2 +- scripts/base/init-bare.zeek | 7 +- scripts/base/utils/addrs.zeek | 18 - .../protocols/dhcp/deprecated_events.zeek | 272 ---------- scripts/test-all-policy.zeek | 1 - scripts/zeexygen/__load__.zeek | 1 - src/Net.h | 2 - src/analyzer/protocol/ssl/events.bif | 42 +- .../protocol/ssl/tls-handshake-analyzer.pac | 8 - src/bro.bif | 477 +----------------- src/main.cc | 82 --- src/scan.l | 1 - src/strings.bif | 205 +------- .../btest/Baseline/bifs.cat_string_array/out | 3 - testing/btest/Baseline/bifs.decode_base64/out | 6 - testing/btest/Baseline/bifs.encode_base64/out | 3 - testing/btest/Baseline/bifs.join_string/out | 3 - testing/btest/Baseline/bifs.merge_pattern/out | 2 - .../btest/Baseline/bifs.sort_string_array/out | 4 - testing/btest/Baseline/bifs.split/out | 32 -- .../btest/Baseline/core.old_comm_usage/out | 2 - .../Baseline/coverage.bare-mode-errors/errors | 20 +- testing/btest/bifs/cat_string_array.zeek | 14 - testing/btest/bifs/checkpoint_state.zeek | 10 - testing/btest/bifs/decode_base64.zeek | 6 - testing/btest/bifs/encode_base64.zeek | 4 - testing/btest/bifs/join_string.zeek | 8 +- testing/btest/bifs/merge_pattern.zeek | 17 - testing/btest/bifs/sort_string_array.zeek | 17 - testing/btest/bifs/split.zeek | 58 --- testing/btest/core/old_comm_usage.zeek | 7 - .../doc/zeexygen/comment_retrieval_bifs.zeek | 6 +- 33 files changed, 82 insertions(+), 1312 deletions(-) delete mode 100644 scripts/policy/protocols/dhcp/deprecated_events.zeek delete mode 100644 testing/btest/Baseline/bifs.cat_string_array/out delete mode 100644 testing/btest/Baseline/bifs.merge_pattern/out delete mode 100644 testing/btest/Baseline/bifs.sort_string_array/out delete mode 100644 testing/btest/Baseline/bifs.split/out delete mode 100644 testing/btest/Baseline/core.old_comm_usage/out delete mode 100644 testing/btest/bifs/cat_string_array.zeek delete mode 100644 testing/btest/bifs/checkpoint_state.zeek delete mode 100644 testing/btest/bifs/merge_pattern.zeek delete mode 100644 testing/btest/bifs/sort_string_array.zeek delete mode 100644 testing/btest/bifs/split.zeek delete mode 100644 testing/btest/core/old_comm_usage.zeek diff --git a/NEWS b/NEWS index ac489af4e8..2dd94ccc4b 100644 --- a/NEWS +++ b/NEWS @@ -190,10 +190,62 @@ Changed Functionality Removed Functionality --------------------- +- A number of functions that were deprecated in version 2.6 or below and completely + removed from this release. Most of the functions were used for the old communication + code. + + - ``find_ip_addresses`` + - ``cat_string_array`` + - ``cat_string_array_n`` + - ``complete_handshake`` + - ``connect`` + - ``decode_base64_custom`` + - ``disconnect`` + - ``enable_communication`` + - ``encode_base64_custom`` + - ``get_event_peer`` + - ``get_local_event_peer`` + - ``join_string_array`` + - ``listen`` + - ``merge_pattern`` + - ``request_remote_events`` + - ``request_remote_logs`` + - ``request_remote_sync`` + - ``resume_state_updates`` + - ``send_capture_filter`` + - ``send_current_packet`` + - ``send_id`` + - ``send_ping`` + - ``set_accept_state`` + - ``set_compression_level`` + - ``sort_string_array`` + - ``split1`` + - ``split_all`` + - ``split`` + - ``suspend_state_updates`` + - ``terminate_communication`` + - ``split`` + - ``send_state`` + - ``checkpoint_state`` + - ``rescan_state`` + +- The following events were deprecated in version 2.6 or below and are completely + removed from this release: + + - ``ssl_server_curve`` + - ``dhcp_ack`` + - ``dhcp_decline`` + - ``dhcp_discover`` + - ``dhcp_inform`` + - ``dhcp_nak`` + - ``dhcp_offer`` + - ``dhcp_release`` + - ``dhcp_request`` + Deprecated Functionality ------------------------ -- The ``str_shell_escape` function is now deprecated, use ``safe_shell_quote`` +- The ``str_shell_escape`` function is now deprecated, use ``safe_shell_quote`` instead. The later will automatically return a value that is enclosed in double-quotes. diff --git a/doc b/doc index 856db2bb40..5915e8d7e2 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e +Subproject commit 5915e8d7e24a77bb9bc2a7061790f8efbe871458 diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 7c4fe2e5b8..d8c3212533 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -783,14 +783,11 @@ type peer_id: count; ## A communication peer. ## -## .. zeek:see:: complete_handshake disconnect finished_send_state -## get_event_peer get_local_event_peer remote_capture_filter +## .. zeek:see:: finished_send_state remote_capture_filter ## remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log_peer remote_pong -## request_remote_events request_remote_logs request_remote_sync -## send_capture_filter send_current_packet send_id send_ping send_state -## set_accept_state set_compression_level +## send_state ## ## .. todo::The type's name is too narrow these days, should rename. type event_peer: record { diff --git a/scripts/base/utils/addrs.zeek b/scripts/base/utils/addrs.zeek index 9d165936ef..be4c0c94c1 100644 --- a/scripts/base/utils/addrs.zeek +++ b/scripts/base/utils/addrs.zeek @@ -87,24 +87,6 @@ function is_valid_ip(ip_str: string): bool return F; } -## Extracts all IP (v4 or v6) address strings from a given string. -## -## input: a string that may contain an IP address anywhere within it. -## -## Returns: an array containing all valid IP address strings found in *input*. -function find_ip_addresses(input: string): string_array &deprecated - { - local parts = split_string_all(input, ip_addr_regex); - local output: string_array; - - for ( i in parts ) - { - if ( i % 2 == 1 && is_valid_ip(parts[i]) ) - output[|output|] = parts[i]; - } - return output; - } - ## Extracts all IP (v4 or v6) address strings from a given string. ## ## input: a string that may contain an IP address anywhere within it. diff --git a/scripts/policy/protocols/dhcp/deprecated_events.zeek b/scripts/policy/protocols/dhcp/deprecated_events.zeek deleted file mode 100644 index 553d13bc05..0000000000 --- a/scripts/policy/protocols/dhcp/deprecated_events.zeek +++ /dev/null @@ -1,272 +0,0 @@ -##! Bro 2.6 removed certain DHCP events, but scripts in the Bro -##! ecosystem are still relying on those events. As a transition, this -##! script will handle the new event, and generate the old events, -##! which are marked as deprecated. Note: This script should be -##! removed in the next Bro version after 2.6. - -@load base/protocols/dhcp - -## A DHCP message. -## -## .. note:: This type is included to support the deprecated events dhcp_ack, -## dhcp_decline, dhcp_discover, dhcp_inform, dhcp_nak, dhcp_offer, -## dhcp_release and dhcp_request and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover -## dhcp_inform dhcp_nak dhcp_offer dhcp_release dhcp_request -type dhcp_msg: record { - op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY - m_type: count; ##< The type of DHCP message. - xid: count; ##< Transaction ID of a DHCP session. - h_addr: string; ##< Hardware address of the client. - ciaddr: addr; ##< Original IP address of the client. - yiaddr: addr; ##< IP address assigned to the client. -}; - -## A list of router addresses offered by a DHCP server. -## -## .. note:: This type is included to support the deprecated events dhcp_ack -## and dhcp_offer and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_offer -type dhcp_router_list: table[count] of addr; - -## Generated for DHCP messages of type *DHCPDISCOVER* (client broadcast to locate -## available servers). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The specific address requested by the client. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_discover: event(c: connection, msg: dhcp_msg, req_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPOFFER* (server to client in response -## to DHCPDISCOVER with offer of configuration parameters). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_offer: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPREQUEST* (Client message to servers either -## (a) requesting offered parameters from one server and implicitly declining offers -## from all others, (b) confirming correctness of previously allocated address after, -## e.g., system reboot, or (c) extending the lease on a particular network address.) -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The client address specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_request: event(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPDECLINE* (Client to server indicating -## network address is already in use). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_decline: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPACK* (Server to client with configuration -## parameters, including committed network address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_ack: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPNAK* (Server to client indicating client's -## notion of network address is incorrect (e.g., client has moved to new subnet) or -## client's lease has expired). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_nak: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPRELEASE* (Client to server relinquishing -## network address and cancelling remaining lease). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_release: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPINFORM* (Client to server, asking only for -## local configuration parameters; client already has externally configured network -## address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_inform: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) - { - local old_msg: dhcp_msg = [$op=msg$op, $m_type=msg$m_type, $xid=msg$xid, - $h_addr=msg$chaddr, $ciaddr=msg$ciaddr, $yiaddr=msg$yiaddr]; - - local routers = dhcp_router_list(); - - if ( options?$routers ) - for ( i in options$routers ) - routers[|routers|] = options$routers[i]; - - # These fields are technically optional, but aren't listed as such in the event. - # We give it some defaults in order to suppress errors. - local ar = ( options?$addr_request ) ? options$addr_request : 0.0.0.0; - local hn = ( options?$host_name ) ? options$host_name : ""; - local le = ( options?$lease ) ? options$lease : 0 secs; - local sm = ( options?$subnet_mask ) ? options$subnet_mask : 255.255.255.255; - local sa = ( options?$serv_addr ) ? options$serv_addr : 0.0.0.0; - - switch ( DHCP::message_types[msg$m_type] ) { - case "DISCOVER": - event dhcp_discover(c, old_msg, ar, hn); - break; - case "OFFER": - event dhcp_offer(c, old_msg, sm, routers, le, sa, hn); - break; - case "REQUEST": - event dhcp_request(c, old_msg, ar, sa, hn); - break; - case "DECLINE": - event dhcp_decline(c, old_msg, hn); - break; - case "ACK": - event dhcp_ack(c, old_msg, sm, routers, le, sa, hn); - break; - case "NAK": - event dhcp_nak(c, old_msg, hn); - break; - case "RELEASE": - event dhcp_release(c, old_msg, hn); - break; - case "INFORM": - event dhcp_inform(c, old_msg, hn); - break; - default: - # This isn't a weird, it's just a DHCP message type the old scripts don't handle - break; - } - } diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index 26408b6d44..0968c038ee 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -63,7 +63,6 @@ @load protocols/conn/mac-logging.zeek @load protocols/conn/vlan-logging.zeek @load protocols/conn/weirds.zeek -#@load protocols/dhcp/deprecated_events.zeek @load protocols/dhcp/msg-orig.zeek @load protocols/dhcp/software.zeek @load protocols/dhcp/sub-opts.zeek diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeexygen/__load__.zeek index ac9d2c008b..d074fe3660 100644 --- a/scripts/zeexygen/__load__.zeek +++ b/scripts/zeexygen/__load__.zeek @@ -6,7 +6,6 @@ @load frameworks/control/controller.zeek @load frameworks/files/extract-all-files.zeek @load policy/misc/dump-events.zeek -@load policy/protocols/dhcp/deprecated_events.zeek @load policy/protocols/smb/__load__.zeek @load ./example.zeek diff --git a/src/Net.h b/src/Net.h index bdc84ec74f..caea61c436 100644 --- a/src/Net.h +++ b/src/Net.h @@ -83,8 +83,6 @@ extern iosource::PktDumper* pkt_dumper; // where to save packets extern char* writefile; -extern int old_comm_usage_count; - // Script file we have already scanned (or are in the process of scanning). // They are identified by inode number. struct ScannedFile { diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 03a2a93868..e00dd83cc6 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -73,7 +73,7 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## sent in TLSv1.3 or SSLv2. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_extension -## ssl_session_ticket_handshake x509_certificate ssl_server_curve +## ssl_session_ticket_handshake x509_certificate ## ssl_dh_server_params ssl_handshake_message ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms @@ -116,7 +116,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%); ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ssl_rsa_client_pms ssl_server_signature ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -136,7 +136,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -157,7 +157,7 @@ event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_format ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_key_share +## ssl_extension_server_name ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature @@ -176,32 +176,12 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve +## ssl_extension_server_name ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%); -## Generated if a named curve is chosen by the server for an SSL/TLS connection. -## The curve is sent by the server in the ServerKeyExchange message as defined -## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen. -## -## c: The connection. -## -## curve: The curve. -## -## .. note:: This event is deprecated and superseded by the ssl_ecdh_server_params -## event. This event will be removed in a future version of Bro. -## -## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_extension -## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_extension_key_share -## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions -## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params -## ssl_rsa_client_pms ssl_server_signature -event ssl_server_curve%(c: connection, curve: count%) &deprecated; - ## Generated if a server uses an ECDH-anon or ECDHE cipher suite using a named curve ## This event contains the named curve name and the server ECDH parameters contained ## in the ServerKeyExchange message as defined in :rfc:`4492`. @@ -213,7 +193,7 @@ event ssl_server_curve%(c: connection, curve: count%) &deprecated; ## point: The server's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); @@ -230,7 +210,7 @@ event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); ## Ys: The server's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); @@ -253,7 +233,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); ## message is used for signing. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_rsa_client_pms +## ssl_session_ticket_handshake ssl_rsa_client_pms ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%); @@ -266,7 +246,7 @@ event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::Sig ## point: The client's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_rsa_client_pms event ssl_ecdh_client_params%(c: connection, point: string%); @@ -279,7 +259,7 @@ event ssl_ecdh_client_params%(c: connection, point: string%); ## Yc: The client's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_ecdh_server_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_dh_client_params%(c: connection, Yc: string%); @@ -292,7 +272,7 @@ event ssl_dh_client_params%(c: connection, Yc: string%); ## pms: The encrypted pre-master secret. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_rsa_client_pms%(c: connection, pms: string%); diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index ecaaf8c20d..e19f43241c 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -320,10 +320,6 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - if ( ssl_server_curve ) - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - if ( ssl_ecdh_server_params ) BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); @@ -355,10 +351,6 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - if ( ssl_server_curve ) - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - if ( ssl_ecdh_server_params ) BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); diff --git a/src/bro.bif b/src/bro.bif index 7493d5618b..d6a4fe3bc9 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1512,7 +1512,7 @@ function cat%(...%): string ## Returns: A concatenation of all arguments with *sep* between each one and ## empty strings replaced with *def*. ## -## .. zeek:see:: cat string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat string_cat function cat_sep%(sep: string, def: string, ...%): string %{ ODesc d; @@ -1579,7 +1579,7 @@ function cat_sep%(sep: string, def: string, ...%): string ## number of additional arguments for the given format specifier, ## :zeek:id:`fmt` generates a run-time error. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat function fmt%(...%): string %{ if ( @ARGC@ == 0 ) @@ -2839,29 +2839,6 @@ function encode_base64%(s: string, a: string &default=""%): string } %} - -## Encodes a Base64-encoded string with a custom alphabet. -## -## s: The string to encode. -## -## a: The custom alphabet. The string must consist of 64 unique -## characters. The empty string indicates the default alphabet. -## -## Returns: The encoded version of *s*. -## -## .. zeek:see:: encode_base64 -function encode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = encode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in encoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - ## Decodes a Base64-encoded string. ## ## s: The Base64-encoded string. @@ -2917,28 +2894,6 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s } %} -## Decodes a Base64-encoded string with a custom alphabet. -## -## s: The Base64-encoded string. -## -## a: The custom alphabet. The string must consist of 64 unique characters. -## The empty string indicates the default alphabet. -## -## Returns: The decoded version of *s*. -## -## .. zeek:see:: decode_base64 decode_base64_conn -function decode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = decode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in decoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - %%{ typedef struct { uint32 time_low; @@ -2982,29 +2937,6 @@ function uuid_to_string%(uuid: string%): string return new StringVal(s); %} -## Merges and compiles two regular expressions at initialization time. -## -## p1: The first pattern. -## -## p2: The second pattern. -## -## Returns: The compiled pattern of the concatenation of *p1* and *p2*. -## -## .. zeek:see:: convert_for_pattern string_to_pattern -## -## .. note:: -## -## This function must be called at Zeek startup time, e.g., in the event -## :zeek:id:`zeek_init`. -function merge_pattern%(p1: pattern, p2: pattern%): pattern &deprecated - %{ - RE_Matcher* re = new RE_Matcher(); - re->AddPat(p1->PatternText()); - re->AddPat(p2->PatternText()); - re->Compile(); - return new PatternVal(re); - %} - %%{ char* to_pat_str(int sn, const char* ss) { @@ -3037,7 +2969,7 @@ char* to_pat_str(int sn, const char* ss) ## Returns: An escaped version of *s* that has the structure of a valid ## :zeek:type:`pattern`. ## -## .. zeek:see:: merge_pattern string_to_pattern +## .. zeek:see:: string_to_pattern ## function convert_for_pattern%(s: string%): string %{ @@ -3057,7 +2989,7 @@ function convert_for_pattern%(s: string%): string ## ## Returns: *s* as :zeek:type:`pattern`. ## -## .. zeek:see:: convert_for_pattern merge_pattern +## .. zeek:see:: convert_for_pattern ## ## .. note:: ## @@ -4940,56 +4872,6 @@ function uninstall_dst_net_filter%(snet: subnet%) : bool return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveDst(snet)); %} -# =========================================================================== -# -# Communication -# -# =========================================================================== - -## Enables the communication system. By default, the communication is off until -## explicitly enabled, and all other calls to communication-related functions -## will be ignored until done so. -function enable_communication%(%): any &deprecated - %{ - if ( bro_start_network_time != 0.0 ) - { - builtin_error("communication must be enabled in zeek_init"); - return 0; - } - - if ( using_communication ) - // Ignore duplicate calls. - return 0; - - using_communication = 1; - remote_serializer->Enable(); - return 0; - %} - -## Flushes in-memory state tagged with the :zeek:attr:`&persistent` attribute -## to disk. The function writes the state to the file ``.state/state.bst`` in -## the directory where Bro was started. -## -## Returns: True on success. -## -## .. zeek:see:: rescan_state -function checkpoint_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->WriteState(true)); - %} - -## Reads persistent state and populates the in-memory data structures -## accordingly. Persistent state is read from the ``.state`` directory. -## This function is the dual to :zeek:id:`checkpoint_state`. -## -## Returns: True on success. -## -## .. zeek:see:: checkpoint_state -function rescan_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->ReadAll(false, true)); - %} - ## Writes the binary event stream generated by the core to a given file. ## Use the ``-x `` command line switch to replay saved events. ## @@ -5028,165 +4910,6 @@ function capture_state_updates%(filename: string%) : bool (const char*) filename->CheckString())); %} -## Establishes a connection to a remote Bro or Broccoli instance. -## -## ip: The IP address of the remote peer. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## p: The port of the remote peer. -## -## our_class: If a non-empty string, then the remote (listening) peer checks it -## against its class name in its peer table and terminates the -## connection if they don't match. -## -## retry: If the connection fails, try to reconnect with the peer after this -## time interval. -## -## ssl: If true, use SSL to encrypt the session. -## -## Returns: A locally unique ID of the new peer. -## -## .. zeek:see:: disconnect -## listen -## request_remote_events -## request_remote_sync -## request_remote_logs -## request_remote_events -## set_accept_state -## set_compression_level -## send_state -## send_id -function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: interval, ssl: bool%) : count &deprecated - %{ - return val_mgr->GetCount(uint32(remote_serializer->Connect(ip->AsAddr(), - zone_id->CheckString(), p->Port(), our_class->CheckString(), - retry, ssl))); - %} - -## Terminate the connection with a peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: connect listen -function disconnect%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CloseConnection(id)); - %} - -## Subscribes to all events from a remote peer whose names match a given -## pattern. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## handlers: The pattern describing the events to request from peer *p*. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_sync -## request_remote_logs -## set_accept_state -function request_remote_events%(p: event_peer, handlers: pattern%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestEvents(id, handlers)); - %} - -## Requests synchronization of IDs with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## auth: If true, the local instance considers its current state authoritative -## and sends it to *p* right after the handshake. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_logs -## set_accept_state -function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestSync(id, auth)); - %} - -## Requests logs from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -function request_remote_logs%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestLogs(id)); - %} - -## Sets a boolean flag indicating whether Bro accepts state from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## accept: True if Bro accepts state from peer *p*, or false otherwise. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -## set_compression_level -function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetAcceptState(id, accept)); - %} - -## Sets the compression level of the session with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## level: Allowed values are in the range *[0, 9]*, where 0 is the default and -## means no compression. -## -## Returns: True on success. -## -## .. zeek:see:: set_accept_state -function set_compression_level%(p: event_peer, level: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetCompressionLevel(id, level)); - %} - -## Listens on a given IP address and port for remote connections. -## -## ip: The IP address to bind to. -## -## p: The TCP port to listen on. -## -## ssl: If true, Bro uses SSL to encrypt the session. -## -## ipv6: If true, enable listening on IPv6 addresses. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## retry_interval: If address *ip* is found to be already in use, this is -## the interval at which to automatically retry binding. -## -## Returns: True on success. -## -## .. zeek:see:: connect disconnect -function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retry_interval: interval%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval)); - %} - ## Checks whether the last raised event came from a remote peer. ## ## Returns: True if the last raised event came from a remote peer. @@ -5195,179 +4918,11 @@ function is_remote_event%(%) : bool return val_mgr->GetBool(mgr.CurrentSource() != SOURCE_LOCAL); %} -## Sends all persistent state to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: send_id send_ping send_current_packet send_capture_filter -function send_state%(p: event_peer%) : bool - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(persistence_serializer->SendState(id, true)); - %} - -## Sends a global identifier to a remote peer, which then might install it -## locally. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## id: The identifier to send. -## -## Returns: True on success. -## -## .. zeek:see:: send_state send_ping send_current_packet send_capture_filter -function send_id%(p: event_peer, id: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID pid = p->AsRecordVal()->Lookup(0)->AsCount(); - - ID* i = global_scope()->Lookup(id->CheckString()); - if ( ! i ) - { - reporter->Error("send_id: no global id %s", id->CheckString()); - return val_mgr->GetBool(0); - } - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendID(&info, pid, *i)); - %} - -## Gracefully finishes communication by first making sure that all remaining -## data from parent and child has been sent out. -## -## Returns: True if the termination process has been started successfully. -function terminate_communication%(%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Terminate()); - %} - -## Signals a remote peer that the local Bro instance finished the initial -## handshake. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -function complete_handshake%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CompleteHandshake(id)); - %} - -## Sends a ping event to a remote peer. In combination with an event handler -## for :zeek:id:`remote_pong`, this function can be used to measure latency -## between two peers. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## seq: A sequence number (also included by :zeek:id:`remote_pong`). -## -## Returns: True if sending the ping succeeds. -## -## .. zeek:see:: send_state send_id send_current_packet send_capture_filter -function send_ping%(p: event_peer, seq: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendPing(id, seq)); - %} - -## Sends the currently processed packet to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_capture_filter -## dump_packet dump_current_packet get_current_packet -function send_current_packet%(p: event_peer%) : bool &deprecated - %{ - const Packet* pkt; - - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&pkt) ) - return val_mgr->GetBool(0); - - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendPacket(&info, id, *pkt)); - %} - -## Returns the peer who generated the last event. -## -## Note, this function is deprecated. It works correctly only for local events and -## events received through the legacy communication system. It does *not* work for -## events received through Broker and will report an error in that case. -## -## Returns: The ID of the peer who generated the last event. -## -## .. zeek:see:: get_local_event_peer -function get_event_peer%(%) : event_peer &deprecated - %{ - SourceID src = mgr.CurrentSource(); - - if ( src == SOURCE_LOCAL ) - { - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( src == SOURCE_BROKER ) - { - reporter->Error("get_event_peer() does not support Broker events"); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( ! remote_serializer ) - reporter->InternalError("remote_serializer not initialized"); - - Val* v = remote_serializer->GetPeerVal(src); - if ( ! v ) - { - reporter->Error("peer %d does not exist anymore", int(src)); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - return v; - %} - -## Returns the local peer ID. -## -## Returns: The peer ID of the local Bro instance. -## -## .. zeek:see:: get_event_peer -function get_local_event_peer%(%) : event_peer &deprecated - %{ - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - %} - -## Sends a capture filter to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## s: The capture filter. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_current_packet -function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendCaptureFilter(id, s->CheckString())); - %} - ## Stops Bro's packet processing. This function is used to synchronize ## distributed trace processing with communication enabled ## (*pseudo-realtime* mode). ## -## .. zeek:see:: continue_processing suspend_state_updates resume_state_updates +## .. zeek:see:: continue_processing function suspend_processing%(%) : any %{ net_suspend_processing(); @@ -5376,33 +4931,13 @@ function suspend_processing%(%) : any ## Resumes Bro's packet processing. ## -## .. zeek:see:: suspend_processing suspend_state_updates resume_state_updates +## .. zeek:see:: suspend_processing function continue_processing%(%) : any %{ net_continue_processing(); return 0; %} -## Stops propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing resume_state_updates -function suspend_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->SuspendStateUpdates(); - return 0; - %} - -## Resumes propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing suspend_state_updates -function resume_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->ResumeStateUpdates(); - return 0; - %} - # =========================================================================== # # Internal Functions diff --git a/src/main.cc b/src/main.cc index afd3106986..6ea1a74b99 100644 --- a/src/main.cc +++ b/src/main.cc @@ -116,7 +116,6 @@ char* command_line_policy = 0; vector params; set requested_plugins; char* proc_status_file = 0; -int old_comm_usage_count = 0; OpaqueType* md5_type = 0; OpaqueType* sha1_type = 0; @@ -427,70 +426,6 @@ static void bro_new_handler() out_of_memory("new"); } -static auto old_comm_ids = std::set{ - "connect", - "disconnect", - "request_remote_events", - "request_remote_sync", - "request_remote_logs", - "set_accept_state", - "set_compression_level", - "listen", - "send_id", - "terminate_communication", - "complete_handshake", - "send_ping", - "send_current_packet", - "get_event_peer", - "send_capture_filter", - "suspend_state_updates", - "resume_state_updates", -}; - -static bool is_old_comm_usage(const ID* id) - { - auto name = id->Name(); - - if ( old_comm_ids.find(name) == old_comm_ids.end() ) - return false; - - return true; - } - -class OldCommUsageTraversalCallback : public TraversalCallback { -public: - virtual TraversalCode PreExpr(const Expr* expr) override - { - switch ( expr->Tag() ) { - case EXPR_CALL: - { - const CallExpr* call = static_cast(expr); - auto func = call->Func(); - - if ( func->Tag() == EXPR_NAME ) - { - const NameExpr* ne = static_cast(func); - auto id = ne->Id(); - - if ( is_old_comm_usage(id) ) - ++old_comm_usage_count; - } - } - break; - default: - break; - } - - return TC_CONTINUE; - } -}; - -static void find_old_comm_usages() - { - OldCommUsageTraversalCallback cb; - traverse_all(&cb); - } - int main(int argc, char** argv) { std::set_new_handler(bro_new_handler); @@ -918,23 +853,6 @@ int main(int argc, char** argv) yyparse(); is_parsing = false; - find_old_comm_usages(); - - if ( old_comm_usage_count ) - { - auto old_comm_ack_id = global_scope()->Lookup("old_comm_usage_is_ok"); - - if ( ! old_comm_ack_id->ID_Val()->AsBool() ) - reporter->FatalError("Detected old, deprecated communication " - "system usages that will not work unless " - "you explicitly take action to initizialize " - "and set up the old comm. system. " - "Set the 'old_comm_usage_is_ok' flag " - "to bypass this error if you've taken such " - "actions, but the suggested solution is to " - "port scripts to use the new Broker API."); - } - RecordVal::ResizeParseTimeRecords(); init_general_global_var(); diff --git a/src/scan.l b/src/scan.l index 4da90394e7..fd54cfab40 100644 --- a/src/scan.l +++ b/src/scan.l @@ -326,7 +326,6 @@ when return TOK_WHEN; } &synchronized { - ++old_comm_usage_count; deprecated_attr(yytext); return TOK_ATTR_SYNCHRONIZED; } diff --git a/src/strings.bif b/src/strings.bif index ef584ee7af..110dbaea9e 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -55,9 +55,9 @@ function levenshtein_distance%(s1: string, s2: string%): count ## ## Returns: The concatenation of all (string) arguments. ## -## .. zeek:see:: cat cat_sep cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep ## fmt -## join_string_vec join_string_array +## join_string_vec function string_cat%(...%): string %{ int n = 0; @@ -112,85 +112,8 @@ int vs_to_string_array(vector& vs, TableVal* tbl, } return 1; } - -BroString* cat_string_array_n(TableVal* tbl, int start, int end) - { - vector vs; - string_array_to_vs(tbl, start, end, vs); - return concatenate(vs); - } %%} -## Concatenates all elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array_n -## fmt -## join_string_vec join_string_array -function cat_string_array%(a: string_array%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, 1, a->AsTable()->Length())); - %} - -## Concatenates a specific range of elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## start: The array index of the first element of the range. -## -## end: The array index of the last element of the range. -## -## Returns: The concatenation of the range *[start, end]* in *a*. -## -## .. zeek:see:: cat string_cat cat_string_array -## fmt -## join_string_vec join_string_array -function cat_string_array_n%(a: string_array, start: count, end: count%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, start, end)); - %} - -## Joins all values in the given array of strings with a separator placed -## between each element. -## -## sep: The separator to place between each element. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*, with *sep* placed -## between each element. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n -## fmt -## join_string_vec -function join_string_array%(sep: string, a: string_array%): string &deprecated - %{ - vector vs; - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - for ( int i = 1; i <= n; ++i ) - { - Val* ind = val_mgr->GetCount(i); - Val* v = tbl->Lookup(ind); - if ( ! v ) - return 0; - - vs.push_back(v->AsString()); - Unref(ind); - - if ( i < n ) - vs.push_back(sep->AsString()); - } - - return new StringVal(concatenate(vs)); - %} - ## Joins all values in the given vector of strings with a separator placed ## between each element. ## @@ -201,9 +124,8 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated ## Returns: The concatenation of all elements in *vec*, with *sep* placed ## between each element. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat ## fmt -## join_string_array function join_string_vec%(vec: string_vec, sep: string%): string %{ ODesc d; @@ -231,39 +153,6 @@ function join_string_vec%(vec: string_vec, sep: string%): string return new StringVal(s); %} -## Sorts an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: A sorted copy of *a*. -## -## .. zeek:see:: sort -function sort_string_array%(a: string_array%): string_array &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - vector vs; - string_array_to_vs(tbl, 1, n, vs); - - unsigned int i, j; - for ( i = 0; i < vs.size(); ++i ) - { - const BroString* x = vs[i]; - for ( j = i; j > 0; --j ) - if ( Bstr_cmp(vs[j-1], x) <= 0 ) - break; - else - vs[j] = vs[j-1]; - vs[j] = x; - } - // sort(vs.begin(), vs.end(), Bstr_cmp); - - TableVal* b = new TableVal(string_array); - vs_to_string_array(vs, b, 1, n); - return b; - %} - ## Returns an edited version of a string that applies a special ## "backspace character" (usually ``\x08`` for backspace or ``\x7f`` for DEL). ## For example, ``edit("hello there", "e")`` returns ``"llo t"``. @@ -549,26 +438,6 @@ Val* do_sub(StringVal* str_val, RE_Matcher* re, StringVal* repl, int do_all) } %%} -## Splits a string into an array of strings according to a pattern. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each element corresponds to a substring -## in *str* separated by *re*. -## -## .. zeek:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split -## -## .. note:: The returned table starts at index 1. Note that conceptually the -## return value is meant to be a vector and this might change in the -## future. -## -function split%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 0); - %} - ## Splits a string into an array of strings according to a pattern. ## ## str: The string to split. @@ -585,26 +454,6 @@ function split_string%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 0); %} -## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :zeek:id:`split`, but *str* is only -## split once (if possible) at the earliest position and an array of two strings -## is returned. -## -## str: The string to split. -## -## re: The pattern describing the separator to split *str* in two pieces. -## -## Returns: An array of strings with two elements in which the first represents -## the substring in *str* up to the first occurence of *re*, and the -## second everything after *re*. An array of one string is returned -## when *s* cannot be split. -## -## .. zeek:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split -function split1%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 1); - %} - ## Splits a string *once* into a two-element array of strings according to a ## pattern. This function is the same as :zeek:id:`split_string`, but *str* is ## only split once (if possible) at the earliest position and an array of two @@ -625,26 +474,6 @@ function split_string1%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 1); %} -## Splits a string into an array of strings according to a pattern. This -## function is the same as :zeek:id:`split`, except that the separators are -## returned as well. For example, ``split_all("a-b--cd", /(\-)+/)`` returns -## ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do not match the -## pattern and even-indexed ones do. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each two successive elements correspond -## to a substring in *str* of the part not matching *re* (odd-indexed) -## and the part that matches *re* (even-indexed). -## -## .. zeek:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split -function split_all%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 1, 0); - %} - ## Splits a string into an array of strings according to a pattern. This ## function is the same as :zeek:id:`split_string`, except that the separators ## are returned as well. For example, ``split_string_all("a-b--cd", /(\-)+/)`` @@ -665,32 +494,6 @@ function split_string_all%(str: string, re: pattern%): string_vec return do_split_string(str, re, 1, 0); %} -## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :zeek:id:`split1` and -## :zeek:id:`split_all`, but with customizable behavior with respect to -## including separators in the result and the number of times to split. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :zeek:id:`split_all`). -## -## max_num_sep: The number of times to split *str*. -## -## Returns: An array of strings where, if *incl_sep* is true, each two -## successive elements correspond to a substring in *str* of the part -## not matching *re* (odd-indexed) and the part that matches *re* -## (even-indexed). -## -## .. zeek:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split -function split_n%(str: string, re: pattern, - incl_sep: bool, max_num_sep: count%): string_array &deprecated - %{ - return do_split(str, re, incl_sep, max_num_sep); - %} - ## Splits a string a given number of times into an array of strings according ## to a pattern. This function is similar to :zeek:id:`split_string1` and ## :zeek:id:`split_string_all`, but with customizable behavior with respect to @@ -1022,7 +825,7 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su ## ## Returns: A vector of strings. ## -## .. zeek:see:: split split1 split_all split_n +## .. zeek:see:: split_string split_string1 split_string_all split_string_n function str_split%(s: string, idx: index_vec%): string_vec %{ vector* idx_v = idx->AsVector(); diff --git a/testing/btest/Baseline/bifs.cat_string_array/out b/testing/btest/Baseline/bifs.cat_string_array/out deleted file mode 100644 index 963f826db9..0000000000 --- a/testing/btest/Baseline/bifs.cat_string_array/out +++ /dev/null @@ -1,3 +0,0 @@ -isatest -thisisatest -isa diff --git a/testing/btest/Baseline/bifs.decode_base64/out b/testing/btest/Baseline/bifs.decode_base64/out index aa265d2148..bb04766fd8 100644 --- a/testing/btest/Baseline/bifs.decode_base64/out +++ b/testing/btest/Baseline/bifs.decode_base64/out @@ -6,9 +6,3 @@ bro bro bro bro -bro -bro -bro -bro -bro -bro diff --git a/testing/btest/Baseline/bifs.encode_base64/out b/testing/btest/Baseline/bifs.encode_base64/out index 3008115853..cacea20cca 100644 --- a/testing/btest/Baseline/bifs.encode_base64/out +++ b/testing/btest/Baseline/bifs.encode_base64/out @@ -2,9 +2,6 @@ YnJv YnJv YnJv }n-v -YnJv -YnJv -}n-v cGFkZGluZw== cGFkZGluZzE= cGFkZGluZzEy diff --git a/testing/btest/Baseline/bifs.join_string/out b/testing/btest/Baseline/bifs.join_string/out index e916fc304a..dbfa4c1e52 100644 --- a/testing/btest/Baseline/bifs.join_string/out +++ b/testing/btest/Baseline/bifs.join_string/out @@ -1,6 +1,3 @@ -this * is * a * test -thisisatest -mytest this__is__another__test thisisanothertest Test diff --git a/testing/btest/Baseline/bifs.merge_pattern/out b/testing/btest/Baseline/bifs.merge_pattern/out deleted file mode 100644 index fe8ebc3c01..0000000000 --- a/testing/btest/Baseline/bifs.merge_pattern/out +++ /dev/null @@ -1,2 +0,0 @@ -match -match diff --git a/testing/btest/Baseline/bifs.sort_string_array/out b/testing/btest/Baseline/bifs.sort_string_array/out deleted file mode 100644 index 533844768d..0000000000 --- a/testing/btest/Baseline/bifs.sort_string_array/out +++ /dev/null @@ -1,4 +0,0 @@ -a -is -test -this diff --git a/testing/btest/Baseline/bifs.split/out b/testing/btest/Baseline/bifs.split/out deleted file mode 100644 index 0ec2541f3d..0000000000 --- a/testing/btest/Baseline/bifs.split/out +++ /dev/null @@ -1,32 +0,0 @@ -t -s is a t -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a t -es -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a test ---------------------- -[, thi, s i, s a tes, t] ---------------------- -X-Mailer -Testing Test (http://www.example.com) ---------------------- -A -= - B -= - C -= - D diff --git a/testing/btest/Baseline/core.old_comm_usage/out b/testing/btest/Baseline/core.old_comm_usage/out deleted file mode 100644 index cf4820d82e..0000000000 --- a/testing/btest/Baseline/core.old_comm_usage/out +++ /dev/null @@ -1,2 +0,0 @@ -warning in /Users/jon/projects/bro/bro/testing/btest/.tmp/core.old_comm_usage/old_comm_usage.zeek, line 6: deprecated (terminate_communication) -fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions, but the suggested solution is to port scripts to use the new Broker API. diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 6595a63eb3..72de702972 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,18 +1,2 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//zeexygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" diff --git a/testing/btest/bifs/cat_string_array.zeek b/testing/btest/bifs/cat_string_array.zeek deleted file mode 100644 index f9aa3f266d..0000000000 --- a/testing/btest/bifs/cat_string_array.zeek +++ /dev/null @@ -1,14 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [0] = "this", [1] = "is", [2] = "a", [3] = "test" - }; - - print cat_string_array(a); - print cat_string_array_n(a, 0, |a|-1); - print cat_string_array_n(a, 1, 2); - } diff --git a/testing/btest/bifs/checkpoint_state.zeek b/testing/btest/bifs/checkpoint_state.zeek deleted file mode 100644 index e9eeeccb75..0000000000 --- a/testing/btest/bifs/checkpoint_state.zeek +++ /dev/null @@ -1,10 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT -# @TEST-EXEC: test -f .state/state.bst - -event zeek_init() - { - local a = checkpoint_state(); - if ( a != T ) - exit(1); - } diff --git a/testing/btest/bifs/decode_base64.zeek b/testing/btest/bifs/decode_base64.zeek index 2d552a2523..ee3e5bd066 100644 --- a/testing/btest/bifs/decode_base64.zeek +++ b/testing/btest/bifs/decode_base64.zeek @@ -9,14 +9,8 @@ print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); diff --git a/testing/btest/bifs/encode_base64.zeek b/testing/btest/bifs/encode_base64.zeek index bbad715ecc..32d0c57e3c 100644 --- a/testing/btest/bifs/encode_base64.zeek +++ b/testing/btest/bifs/encode_base64.zeek @@ -10,10 +10,6 @@ print encode_base64("bro", default_alphabet); print encode_base64("bro", ""); # should use default alpabet print encode_base64("bro", my_alphabet); -print encode_base64_custom("bro", default_alphabet); -print encode_base64_custom("bro", ""); # should use default alpabet -print encode_base64_custom("bro", my_alphabet); - print encode_base64("padding"); print encode_base64("padding1"); print encode_base64("padding12"); diff --git a/testing/btest/bifs/join_string.zeek b/testing/btest/bifs/join_string.zeek index 1ea1afa5c2..c0d30d58f4 100644 --- a/testing/btest/bifs/join_string.zeek +++ b/testing/btest/bifs/join_string.zeek @@ -4,8 +4,8 @@ event zeek_init() { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" + local a: string_array = { + [1] = "this", [2] = "is", [3] = "a", [4] = "test" }; local b: string_array = { [1] = "mytest" }; local c: string_vec = vector( "this", "is", "another", "test" ); @@ -14,10 +14,6 @@ event zeek_init() e[3] = "hi"; e[5] = "there"; - print join_string_array(" * ", a); - print join_string_array("", a); - print join_string_array("x", b); - print join_string_vec(c, "__"); print join_string_vec(c, ""); print join_string_vec(d, "-"); diff --git a/testing/btest/bifs/merge_pattern.zeek b/testing/btest/bifs/merge_pattern.zeek deleted file mode 100644 index 2d99137b56..0000000000 --- a/testing/btest/bifs/merge_pattern.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = /foo/; - local b = /b[a-z]+/; - local c = merge_pattern(a, b); - - if ( "bar" == c ) - print "match"; - - if ( "foo" == c ) - print "match"; - - } diff --git a/testing/btest/bifs/sort_string_array.zeek b/testing/btest/bifs/sort_string_array.zeek deleted file mode 100644 index 3d3949d89b..0000000000 --- a/testing/btest/bifs/sort_string_array.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" - }; - - local b = sort_string_array(a); - - print b[1]; - print b[2]; - print b[3]; - print b[4]; - } diff --git a/testing/btest/bifs/split.zeek b/testing/btest/bifs/split.zeek deleted file mode 100644 index 2485c3af1f..0000000000 --- a/testing/btest/bifs/split.zeek +++ /dev/null @@ -1,58 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = "this is a test"; - local pat = /hi|es/; - local idx = vector( 3, 6, 13); - - local b = split(a, pat); - local c = split1(a, pat); - local d = split_all(a, pat); - local e1 = split_n(a, pat, F, 1); - local e2 = split_n(a, pat, T, 1); - - print b[1]; - print b[2]; - print b[3]; - print "---------------------"; - print c[1]; - print c[2]; - print "---------------------"; - print d[1]; - print d[2]; - print d[3]; - print d[4]; - print d[5]; - print "---------------------"; - print e1[1]; - print e1[2]; - print "---------------------"; - print e2[1]; - print e2[2]; - print e2[3]; - print "---------------------"; - print str_split(a, idx); - print "---------------------"; - - a = "X-Mailer: Testing Test (http://www.example.com)"; - pat = /:[[:blank:]]*/; - local f = split1(a, pat); - - print f[1]; - print f[2]; - print "---------------------"; - - a = "A = B = C = D"; - pat = /=/; - local g = split_all(a, pat); - print g[1]; - print g[2]; - print g[3]; - print g[4]; - print g[5]; - print g[6]; - print g[7]; - } diff --git a/testing/btest/core/old_comm_usage.zeek b/testing/btest/core/old_comm_usage.zeek deleted file mode 100644 index 8f4e3854aa..0000000000 --- a/testing/btest/core/old_comm_usage.zeek +++ /dev/null @@ -1,7 +0,0 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out - -event zeek_init() - { - terminate_communication(); - } diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek index f3c1be6b14..70130cd0f9 100644 --- a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek +++ b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek @@ -17,11 +17,7 @@ global print_lines: function(lines: string, prefix: string &default=""); ## And some more comments on the function implementation. function print_lines(lines: string, prefix: string) { - local v: vector of string; - local line_table = split(lines, /\n/); - - for ( i in line_table ) - v[i] = line_table[i]; + local v = split_string(lines, /\n/); for ( i in v ) print fmt("%s%s", prefix, v[i]); From 61c84a0a406520796dcc0a809a4e02c781641f84 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 2 May 2019 13:02:38 -0700 Subject: [PATCH 18/51] Remove synchrnized and persistent attributes. Code that was used by them is still there. --- src/Attr.cc | 2 -- src/Attr.h | 2 -- src/ID.cc | 33 --------------------------------- src/RemoteSerializer.cc | 3 ++- src/StateAccess.cc | 12 ------------ src/Val.h | 7 ++----- src/Var.cc | 20 -------------------- src/parse.y | 5 ----- src/scan.l | 10 ---------- 9 files changed, 4 insertions(+), 90 deletions(-) diff --git a/src/Attr.cc b/src/Attr.cc index d3a347e8d1..3473adcaf3 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -438,8 +438,6 @@ void Attributes::CheckAttr(Attr* a) } break; - case ATTR_PERSISTENT: - case ATTR_SYNCHRONIZED: case ATTR_TRACKED: // FIXME: Check here for global ID? break; diff --git a/src/Attr.h b/src/Attr.h index bfb7c4803c..4a1110bc04 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -23,8 +23,6 @@ typedef enum { ATTR_EXPIRE_READ, ATTR_EXPIRE_WRITE, ATTR_EXPIRE_CREATE, - ATTR_PERSISTENT, - ATTR_SYNCHRONIZED, ATTR_ENCRYPT, ATTR_RAW_OUTPUT, ATTR_MERGEABLE, diff --git a/src/ID.cc b/src/ID.cc index 0ae1656533..806a7040bc 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -78,12 +78,6 @@ void ID::SetVal(Val* v, Opcode op, bool arg_weak_ref) MutableVal::Properties props = 0; - if ( attrs && attrs->FindAttr(ATTR_SYNCHRONIZED) ) - props |= MutableVal::SYNCHRONIZED; - - if ( attrs && attrs->FindAttr(ATTR_PERSISTENT) ) - props |= MutableVal::PERSISTENT; - if ( attrs && attrs->FindAttr(ATTR_TRACKED) ) props |= MutableVal::TRACKED; @@ -198,27 +192,12 @@ void ID::UpdateValAttrs() if ( val && val->IsMutableVal() ) { - if ( attrs->FindAttr(ATTR_SYNCHRONIZED) ) - props |= MutableVal::SYNCHRONIZED; - - if ( attrs->FindAttr(ATTR_PERSISTENT) ) - props |= MutableVal::PERSISTENT; - if ( attrs->FindAttr(ATTR_TRACKED) ) props |= MutableVal::TRACKED; val->AsMutableVal()->AddProperties(props); } - if ( ! IsInternalGlobal() ) - { - if ( attrs->FindAttr(ATTR_SYNCHRONIZED) ) - remote_serializer->Register(this); - - if ( attrs->FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Register(this); - } - if ( val && val->Type()->Tag() == TYPE_TABLE ) val->AsTableVal()->SetAttrs(attrs); @@ -281,12 +260,6 @@ void ID::RemoveAttr(attr_tag a) { MutableVal::Properties props = 0; - if ( a == ATTR_SYNCHRONIZED ) - props |= MutableVal::SYNCHRONIZED; - - if ( a == ATTR_PERSISTENT ) - props |= MutableVal::PERSISTENT; - if ( a == ATTR_TRACKED ) props |= MutableVal::TRACKED; @@ -473,12 +446,6 @@ ID* ID::Unserialize(UnserialInfo* info) } } - if ( id->FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Register(id); - - if ( id->FindAttr(ATTR_SYNCHRONIZED) ) - remote_serializer->Register(id); - return id; } diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 3abd8e6423..152a8b4e34 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -2946,7 +2946,8 @@ void RemoteSerializer::GotID(ID* id, Val* val) assert(global_scope()->Lookup(id->Name())); // Only synchronized values can arrive here. - assert(((MutableVal*) val)->GetProperties() & MutableVal::SYNCHRONIZED); + // FIXME: Johanna, rip me out. + // assert(((MutableVal*) val)->GetProperties() & MutableVal::SYNCHRONIZED); DBG_LOG(DBG_COMM, "got ID %s from peer\n", id->Name()); } diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 72ed9ef236..bbf5b3a9ec 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -876,23 +876,11 @@ void StateAccess::Log(StateAccess* access) if ( access->target_type == TYPE_ID ) { - if ( access->target.id->FindAttr(ATTR_SYNCHRONIZED) ) - synchronized = true; - - if ( access->target.id->FindAttr(ATTR_PERSISTENT) ) - persistent = true; - if ( access->target.id->FindAttr(ATTR_TRACKED) ) tracked = true; } else { - if ( access->target.val->GetProperties() & MutableVal::SYNCHRONIZED ) - synchronized = true; - - if ( access->target.val->GetProperties() & MutableVal::PERSISTENT ) - persistent = true; - if ( access->target.val->GetProperties() & MutableVal::TRACKED ) tracked = true; } diff --git a/src/Val.h b/src/Val.h index 63e790848d..2d915bcc6f 100644 --- a/src/Val.h +++ b/src/Val.h @@ -524,9 +524,6 @@ public: // values. (In any case, don't forget to call the parent's method.) typedef char Properties; - static const int PERSISTENT = 0x01; - static const int SYNCHRONIZED = 0x02; - // Tracked by NotifierRegistry, not recursive. static const int TRACKED = 0x04; @@ -540,10 +537,10 @@ public: bool LoggingAccess() const { #ifndef DEBUG - return props & (SYNCHRONIZED|PERSISTENT|TRACKED); + return props & TRACKED; #else return debug_logger.IsVerbose() || - (props & (SYNCHRONIZED|PERSISTENT|TRACKED)); + (props & TRACKED); #endif } diff --git a/src/Var.cc b/src/Var.cc index fb27b7261f..98651bf900 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -142,26 +142,6 @@ static void make_var(ID* id, BroType* t, init_class c, Expr* init, } } - if ( id->FindAttr(ATTR_PERSISTENT) || id->FindAttr(ATTR_SYNCHRONIZED) ) - { - if ( dt == VAR_CONST ) - { - id->Error("&persistent/synchronized with constant"); - return; - } - else if ( dt == VAR_OPTION ) - { - id->Error("&persistent/synchronized with option"); - return; - } - - if ( ! id->IsGlobal() ) - { - id->Error("&persistant/synchronized with non-global"); - return; - } - } - if ( do_init ) { if ( c == INIT_NONE && dt == VAR_REDEF && t->IsTable() && diff --git a/src/parse.y b/src/parse.y index 0e363eb321..fb99f14e87 100644 --- a/src/parse.y +++ b/src/parse.y @@ -25,7 +25,6 @@ %token TOK_ATTR_OPTIONAL TOK_ATTR_REDEF TOK_ATTR_ROTATE_INTERVAL %token TOK_ATTR_ROTATE_SIZE TOK_ATTR_DEL_FUNC TOK_ATTR_EXPIRE_FUNC %token TOK_ATTR_EXPIRE_CREATE TOK_ATTR_EXPIRE_READ TOK_ATTR_EXPIRE_WRITE -%token TOK_ATTR_PERSISTENT TOK_ATTR_SYNCHRONIZED %token TOK_ATTR_RAW_OUTPUT TOK_ATTR_MERGEABLE %token TOK_ATTR_PRIORITY TOK_ATTR_LOG TOK_ATTR_ERROR_HANDLER %token TOK_ATTR_TYPE_COLUMN TOK_ATTR_DEPRECATED @@ -1308,10 +1307,6 @@ attr: { $$ = new Attr(ATTR_EXPIRE_READ, $3); } | TOK_ATTR_EXPIRE_WRITE '=' expr { $$ = new Attr(ATTR_EXPIRE_WRITE, $3); } - | TOK_ATTR_PERSISTENT - { $$ = new Attr(ATTR_PERSISTENT); } - | TOK_ATTR_SYNCHRONIZED - { $$ = new Attr(ATTR_SYNCHRONIZED); } | TOK_ATTR_ENCRYPT { $$ = new Attr(ATTR_ENCRYPT); } | TOK_ATTR_ENCRYPT '=' expr diff --git a/src/scan.l b/src/scan.l index fd54cfab40..40ca523daf 100644 --- a/src/scan.l +++ b/src/scan.l @@ -310,11 +310,6 @@ when return TOK_WHEN; return TOK_ATTR_MERGEABLE; } -&persistent { - deprecated_attr(yytext); - return TOK_ATTR_PERSISTENT; - } - &rotate_interval { deprecated_attr(yytext); return TOK_ATTR_ROTATE_INTERVAL; @@ -325,11 +320,6 @@ when return TOK_WHEN; return TOK_ATTR_ROTATE_SIZE; } -&synchronized { - deprecated_attr(yytext); - return TOK_ATTR_SYNCHRONIZED; - } - @deprecated.* { auto num_files = file_stack.length(); auto comment = skip_whitespace(yytext + 11); From ca1b1dd6bb32bee9cb883330855aa3f8b2d75ab5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 2 May 2019 13:45:36 -0700 Subject: [PATCH 19/51] Remove PersistenceSerializer. --- src/Attr.cc | 1 - src/CMakeLists.txt | 1 - src/Conn.cc | 8 +- src/Conn.h | 12 +- src/ID.cc | 9 - src/PersistenceSerializer.cc | 577 ----------------------------------- src/PersistenceSerializer.h | 165 ---------- src/RemoteSerializer.h | 1 - src/Serializer.cc | 2 - src/Sessions.cc | 5 - src/StateAccess.cc | 23 +- src/Timer.cc | 1 - src/Timer.h | 1 - src/main.cc | 27 -- src/parse.y | 2 +- 15 files changed, 5 insertions(+), 830 deletions(-) delete mode 100644 src/PersistenceSerializer.cc delete mode 100644 src/PersistenceSerializer.h diff --git a/src/Attr.cc b/src/Attr.cc index 3473adcaf3..1f555dab23 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -14,7 +14,6 @@ const char* attr_name(attr_tag t) "&rotate_interval", "&rotate_size", "&add_func", "&delete_func", "&expire_func", "&read_expire", "&write_expire", "&create_expire", - "&persistent", "&synchronized", "&encrypt", "&raw_output", "&mergeable", "&priority", "&group", "&log", "&error_handler", "&type_column", diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94aca30eb9..dcf787043e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -287,7 +287,6 @@ set(bro_SRCS OpaqueVal.cc OSFinger.cc PacketFilter.cc - PersistenceSerializer.cc Pipe.cc PolicyFile.cc PrefixTable.cc diff --git a/src/Conn.cc b/src/Conn.cc index 83ad6c08f6..d607550e8a 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -151,7 +151,6 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id, is_active = 1; skip = 0; weird = 0; - persistent = 0; suppress_event = 0; @@ -951,15 +950,11 @@ bool Connection::DoSerialize(SerialInfo* info) const SERIALIZE_BIT(weird) && SERIALIZE_BIT(finished) && SERIALIZE_BIT(record_packets) && - SERIALIZE_BIT(record_contents) && - SERIALIZE_BIT(persistent); + SERIALIZE_BIT(record_contents); } bool Connection::DoUnserialize(UnserialInfo* info) { - // Make sure this is initialized for the condition in Unserialize(). - persistent = 0; - DO_UNSERIALIZE(BroObj); // Build the hash key first. Some of the recursive *::Unserialize() @@ -1022,7 +1017,6 @@ bool Connection::DoUnserialize(UnserialInfo* info) UNSERIALIZE_BIT(finished); UNSERIALIZE_BIT(record_packets); UNSERIALIZE_BIT(record_contents); - UNSERIALIZE_BIT(persistent); // Hmm... Why does each connection store a sessions ptr? sessions = ::sessions; diff --git a/src/Conn.h b/src/Conn.h index fc1baf4b07..fb7f5be0b4 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -12,7 +12,6 @@ #include "Val.h" #include "Timer.h" #include "Serializer.h" -#include "PersistenceSerializer.h" #include "RuleMatcher.h" #include "IPAddr.h" #include "TunnelEncapsulation.h" @@ -228,14 +227,6 @@ public: return 1; } - void MakePersistent() - { - persistent = 1; - persistence_serializer->Register(this); - } - - bool IsPersistent() { return persistent; } - void Describe(ODesc* d) const override; void IDString(ODesc* d) const; @@ -315,7 +306,7 @@ public: protected: - Connection() { persistent = 0; } + Connection() { } // Add the given timer to expire at time t. If do_expire // is true, then the timer is also evaluated when Bro terminates, @@ -361,7 +352,6 @@ protected: unsigned int weird:1; unsigned int finished:1; unsigned int record_packets:1, record_contents:1; - unsigned int persistent:1; unsigned int record_current_packet:1, record_current_content:1; unsigned int saw_first_orig_packet:1, saw_first_resp_packet:1; diff --git a/src/ID.cc b/src/ID.cc index 806a7040bc..8b8db85faa 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -11,7 +11,6 @@ #include "File.h" #include "Serializer.h" #include "RemoteSerializer.h" -#include "PersistenceSerializer.h" #include "Scope.h" #include "Traverse.h" #include "zeexygen/Manager.h" @@ -310,9 +309,6 @@ void ID::CopyFrom(const ID* id) offset = id->offset ; infer_return_type = id->infer_return_type; - if ( FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Unregister(this); - if ( id->type ) Ref(id->type); if ( id->val && ! id->weak_ref ) @@ -333,10 +329,6 @@ void ID::CopyFrom(const ID* id) #ifdef DEBUG UpdateValID(); #endif - - if ( FindAttr(ATTR_PERSISTENT) ) - persistence_serializer->Unregister(this); - } #endif ID* ID::Unserialize(UnserialInfo* info) @@ -371,7 +363,6 @@ ID* ID::Unserialize(UnserialInfo* info) { if ( info->id_policy != UnserialInfo::InstantiateNew ) { - persistence_serializer->Unregister(current); remote_serializer->Unregister(current); } diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc deleted file mode 100644 index 6f4082314f..0000000000 --- a/src/PersistenceSerializer.cc +++ /dev/null @@ -1,577 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -#include "PersistenceSerializer.h" -#include "RemoteSerializer.h" -#include "Conn.h" -#include "Event.h" -#include "Reporter.h" -#include "Net.h" - -static void persistence_serializer_delete_func(void* val) - { - time_t* t = reinterpret_cast(val); - free(t); - } - -class IncrementalWriteTimer : public Timer { -public: - IncrementalWriteTimer(double t, PersistenceSerializer::SerialStatus* s) - : Timer(t, TIMER_INCREMENTAL_WRITE), status(s) {} - - void Dispatch(double t, int is_expire); - - PersistenceSerializer::SerialStatus* status; -}; - -void IncrementalWriteTimer::Dispatch(double t, int is_expire) - { - // Never suspend when we're finishing up. - if ( terminating ) - status->info.may_suspend = false; - - persistence_serializer->RunSerialization(status); - } - -PersistenceSerializer::PersistenceSerializer() - { - dir = 0; - files.SetDeleteFunc(persistence_serializer_delete_func); - } - -PersistenceSerializer::~PersistenceSerializer() - { - } - -void PersistenceSerializer::Register(ID* id) - { - if ( id->Type()->Tag() == TYPE_FUNC ) - { - Error("can't register functions as persistent ID"); - return; - } - - DBG_LOG(DBG_STATE, "&persistent %s", id->Name()); - - HashKey key(id->Name()); - if ( persistent_ids.Lookup(&key) ) - return; - - Ref(id); - persistent_ids.Insert(&key, id); - } - -void PersistenceSerializer::Unregister(ID* id) - { - HashKey key(id->Name()); - Unref((ID*) persistent_ids.Remove(&key)); - } - -void PersistenceSerializer::Register(Connection* conn) - { - if ( persistent_conns.Lookup(conn->Key()) ) - return; - - Ref(conn); - HashKey* k = conn->Key(); - HashKey* new_key = new HashKey(k->Key(), k->Size(), k->Hash()); - persistent_conns.Insert(new_key, conn); - delete new_key; - } - -void PersistenceSerializer::Unregister(Connection* conn) - { - Unref(persistent_conns.RemoveEntry(conn->Key())); - } - -bool PersistenceSerializer::CheckTimestamp(const char* file) - { - struct stat s; - if ( stat(file, &s) < 0 ) - return false; - - if ( ! S_ISREG(s.st_mode) ) - return false; - - bool changed = true; - - HashKey* key = new HashKey(file, strlen(file)); - time_t* t = files.Lookup(key); - - if ( ! t ) - { - t = (time_t*) malloc(sizeof(time_t)); - if ( ! t ) - out_of_memory("saving file timestamp"); - files.Insert(key, t); - } - - else if ( *t >= s.st_mtime ) - changed = false; - - *t = s.st_mtime; - - delete key; - return changed; - } - -bool PersistenceSerializer::CheckForFile(UnserialInfo* info, const char* file, - bool delete_file) - { - bool ret = true; - if ( CheckTimestamp(file) ) - { - // Need to copy the filename here, as it may be passed - // in via fmt(). - const char* f = copy_string(file); - - bool ret = Read(info, f); - - if ( delete_file && unlink(f) < 0 ) - Error(fmt("can't delete file %s: %s", f, strerror(errno))); - - delete [] f; - } - - return ret; - } - -bool PersistenceSerializer::ReadAll(bool is_init, bool delete_files) - { -#ifdef USE_PERFTOOLS_DEBUG - HeapLeakChecker::Disabler disabler; -#endif - - assert(dir); - - UnserialInfo config_info(this); - config_info.id_policy = is_init ? - UnserialInfo::Replace : UnserialInfo::CopyCurrentToNew; - - if ( ! CheckForFile(&config_info, fmt("%s/config.bst", dir), - delete_files) ) - return false; - - UnserialInfo state_info(this); - state_info.id_policy = UnserialInfo::CopyNewToCurrent; - if ( ! CheckForFile(&state_info, fmt("%s/state.bst", dir), - delete_files) ) - return false; - - return true; - } - -bool PersistenceSerializer::MoveFileUp(const char* dir, const char* file) - { - char oldname[PATH_MAX]; - char newname[PATH_MAX]; - - safe_snprintf(oldname, PATH_MAX, "%s/.tmp/%s", dir, file ); - safe_snprintf(newname, PATH_MAX, "%s/%s", dir, file ); - - if ( rename(oldname, newname) < 0 ) - { - Error(fmt("can't move %s to %s: %s", oldname, newname, - strerror(errno))); - return false; - } - - CheckTimestamp(newname); - return true; - } - -#if 0 -void PersistenceSerializer::RaiseFinishedSendState() - { - val_list* vl = new val_list; - vl->append(new AddrVal(htonl(remote_host))); - vl->append(val_mgr->GetPort(remote_port)); - - mgr.QueueEvent(finished_send_state, vl); - reporter->Log("Serialization done."); - } -#endif - -void PersistenceSerializer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - mgr.QueueEvent(event, std::move(*args)); - delete args; - } - -void PersistenceSerializer::GotFunctionCall(const char* name, double time, - Func* func, val_list* args) - { - try - { - func->Call(args); - } - - catch ( InterpreterException& e ) - { /* Already reported. */ } - } - -void PersistenceSerializer::GotStateAccess(StateAccess* s) - { - s->Replay(); - delete s; - } - -void PersistenceSerializer::GotTimer(Timer* s) - { - reporter->Error("PersistenceSerializer::GotTimer not implemented"); - } - -void PersistenceSerializer::GotConnection(Connection* c) - { - Unref(c); - } - -void PersistenceSerializer::GotID(ID* id, Val* /* val */) - { - Unref(id); - } - -void PersistenceSerializer::GotPacket(Packet* p) - { - reporter->Error("PersistenceSerializer::GotPacket not implemented"); - } - -bool PersistenceSerializer::LogAccess(const StateAccess& s) - { - if ( ! IsSerializationRunning() ) - return true; - - loop_over_list(running, i) - { - running[i]->accesses.append(new StateAccess(s)); - } - - return true; - } - -bool PersistenceSerializer::WriteState(bool may_suspend) - { - SerialStatus* status = - new SerialStatus(this, SerialStatus::WritingState); - - status->info.may_suspend = may_suspend; - - status->ids = &persistent_ids; - status->conns = &persistent_conns; - status->filename = "state.bst"; - - return RunSerialization(status); - } - -bool PersistenceSerializer::WriteConfig(bool may_suspend) - { - if ( mgr.IsDraining() && may_suspend ) - // Events which trigger checkpoint are flushed. Ignore; we'll - // checkpoint at termination in any case. - return true; - - SerialStatus* status = - new SerialStatus(this, SerialStatus::WritingConfig); - - status->info.may_suspend = may_suspend; - status->info.clear_containers = true; - status->ids = global_scope()->GetIDs(); - status->filename = "config.bst"; - - return RunSerialization(status); - } - -bool PersistenceSerializer::SendState(SourceID peer, bool may_suspend) - { - SerialStatus* status = - new SerialStatus(remote_serializer, SerialStatus::SendingState); - - status->info.may_suspend = may_suspend; - status->ids = &persistent_ids; - status->conns = &persistent_conns; - status->peer = peer; - - reporter->Info("Sending state..."); - - return RunSerialization(status); - } - -bool PersistenceSerializer::SendConfig(SourceID peer, bool may_suspend) - { - SerialStatus* status = - new SerialStatus(remote_serializer, SerialStatus::SendingConfig); - - status->info.may_suspend = may_suspend; - status->info.clear_containers = true; - status->ids = global_scope()->GetIDs(); - status->peer = peer; - - reporter->Info("Sending config..."); - - return RunSerialization(status); - } - -bool PersistenceSerializer::RunSerialization(SerialStatus* status) - { - Continuation* cont = &status->info.cont; - - if ( cont->NewInstance() ) - { - // Serialization is starting. Initialize. - - // See if there is already a serialization of this type running. - loop_over_list(running, i) - { - if ( running[i]->type == status->type ) - { - reporter->Warning("Serialization of type %d already running.", status->type); - return false; - } - } - - running.append(status); - - // Initialize. - if ( ! (ensure_dir(dir) && ensure_dir(fmt("%s/.tmp", dir))) ) - return false; - - if ( ! OpenFile(fmt("%s/.tmp/%s", dir, status->filename), false) ) - return false; - - if ( ! PrepareForWriting() ) - return false; - - if ( status->ids ) - { - status->id_cookie = status->ids->InitForIteration(); - status->ids->MakeRobustCookie(status->id_cookie); - } - - if ( status->conns ) - { - status->conn_cookie = status->conns->InitForIteration(); - status->conns->MakeRobustCookie(status->conn_cookie); - } - } - - else if ( cont->ChildSuspended() ) - { - // One of our former Serialize() calls suspended itself. - // We have to call it again. - - if ( status->id_cookie ) - { - if ( ! DoIDSerialization(status, status->current.id) ) - return false; - - if ( cont->ChildSuspended() ) - { - // Oops, it did it again. - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - } - - else if ( status->conn_cookie ) - { - if ( ! DoConnSerialization(status, status->current.conn) ) - return false; - - if ( cont->ChildSuspended() ) - { - // Oops, it did it again. - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - } - - else - reporter->InternalError("unknown suspend state"); - } - - else if ( cont->Resuming() ) - cont->Resume(); - - else - reporter->InternalError("unknown continuation state"); - - if ( status->id_cookie ) - { - ID* id; - - while ( (id = status->ids->NextEntry(status->id_cookie)) ) - { - if ( ! DoIDSerialization(status, id) ) - return false; - - if ( cont->ChildSuspended() ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - - if ( status->info.may_suspend ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - cont->Suspend(); - return true; - } - } - - // Cookie has been set to 0 by NextEntry(). - } - - if ( status->conn_cookie ) - { - Connection* conn; - while ( (conn = status->conns->NextEntry(status->conn_cookie)) ) - { - if ( ! DoConnSerialization(status, conn) ) - return false; - - if ( cont->ChildSuspended() ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - return true; - } - - if ( status->info.may_suspend ) - { - timer_mgr->Add(new IncrementalWriteTimer(network_time + state_write_delay, status)); - cont->Suspend(); - return true; - } - - } - - // Cookie has been set to 0 by NextEntry(). - } - - DBG_LOG(DBG_STATE, "finished serialization; %d accesses pending", - status->accesses.length()); - - if ( status->accesses.length() ) - { - // Serialize pending state accesses. - // FIXME: Does this need to suspend? - StateAccess* access; - loop_over_list(status->accesses, i) - { - // Serializing a StateAccess will not suspend. - if ( ! DoAccessSerialization(status, status->accesses[i]) ) - return false; - - delete status->accesses[i]; - } - } - - // Finalize. - CloseFile(); - - bool ret = MoveFileUp(dir, status->filename); - - loop_over_list(running, i) - { - if ( running[i]->type == status->type ) - { - running.remove_nth(i); - break; - } - } - - delete status; - return ret; - } - -bool PersistenceSerializer::DoIDSerialization(SerialStatus* status, ID* id) - { - bool success = false; - Continuation* cont = &status->info.cont; - - status->current.id = id; - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - cont->SaveContext(); - success = Serialize(&status->info, *id); - cont->RestoreContext(); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - cont->SaveContext(); - success = remote_serializer->SendID(&status->info, - status->peer, *id); - cont->RestoreContext(); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } - -bool PersistenceSerializer::DoConnSerialization(SerialStatus* status, - Connection* conn) - { - bool success = false; - Continuation* cont = &status->info.cont; - - status->current.conn = conn; - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - cont->SaveContext(); - success = Serialize(&status->info, *conn); - cont->RestoreContext(); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - cont->SaveContext(); - success = remote_serializer->SendConnection(&status->info, - status->peer, *conn); - cont->RestoreContext(); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } - -bool PersistenceSerializer::DoAccessSerialization(SerialStatus* status, - StateAccess* access) - { - bool success = false; - DisableSuspend suspend(&status->info); - - switch ( status->type ) { - case SerialStatus::WritingState: - case SerialStatus::WritingConfig: - success = Serialize(&status->info, *access); - break; - - case SerialStatus::SendingState: - case SerialStatus::SendingConfig: - success = remote_serializer->SendAccess(&status->info, - status->peer, *access); - break; - - default: - reporter->InternalError("unknown serialization type"); - } - - return success; - } diff --git a/src/PersistenceSerializer.h b/src/PersistenceSerializer.h deleted file mode 100644 index 99d8da88c4..0000000000 --- a/src/PersistenceSerializer.h +++ /dev/null @@ -1,165 +0,0 @@ -// Implements persistance for Bro's data structures. - -#ifndef persistence_serializer_h -#define persistence_serializer_h - -#include "Serializer.h" -#include "List.h" - -class StateAccess; - -class PersistenceSerializer : public FileSerializer { -public: - PersistenceSerializer(); - - ~PersistenceSerializer() override; - - // Define the directory where to store the data. - void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); } - - // Register/unregister the ID/connection to be saved by WriteAll(). - void Register(ID* id); - void Unregister(ID* id); - void Register(Connection* conn); - void Unregister(Connection* conn); - - // Read all data that has been changed since last scan of directory. - // is_init should be true for the first read upon start-up. All existing - // state will be cleared. If delete_files is true, file which have been - // read are removed (even if the read was unsuccessful!). - bool ReadAll(bool is_init, bool delete_files); - - // Each of the following four methods may suspend operation. - // If they do, they install a Timer which resumes after some - // amount of time. If a function is called again before it - // has completely finished its task, it will do nothing and - // return false. - - bool WriteState(bool may_suspend); - - // Writes Bro's configuration (w/o dynamic state). - bool WriteConfig(bool may_suspend); - - // Sends all registered state to remote host - // (by leveraging the remote_serializer). - bool SendState(SourceID peer, bool may_suspend); - - // Sends Bro's config to remote host - // (by leveraging the remote_serializer). - bool SendConfig(SourceID peer, bool may_suspend); - - // Returns true if a serialization is currently running. - bool IsSerializationRunning() const { return running.length(); } - - // Tells the serializer that this access was performed. If a - // serialization is going on, it may store it. (Need only be called if - // IsSerializationRunning() returns true.) - bool LogAccess(const StateAccess& s); - -protected: - friend class RemoteSerializer; - friend class IncrementalWriteTimer; - - void GotID(ID* id, Val* val) override; - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - void GotStateAccess(StateAccess* s) override; - void GotTimer(Timer* t) override; - void GotConnection(Connection* c) override; - void GotPacket(Packet* packet) override; - - // If file has changed since last check, read it. - bool CheckForFile(UnserialInfo* info, const char* file, - bool delete_file); - - // Returns true if it's a regular file and has a more recent timestamp - // than last time we checked it. - bool CheckTimestamp(const char* file); - - // Move file from /tmp/ to /. Afterwards, call - // CheckTimestamp() with /. - bool MoveFileUp(const char* dir, const char* file); - - // Generates an error message, terminates current serialization, - // and returns false. - bool SerialError(const char* msg); - - // Start a new serialization. - struct SerialStatus; - bool RunSerialization(SerialStatus* status); - - // Helpers for RunSerialization. - bool DoIDSerialization(SerialStatus* status, ID* id); - bool DoConnSerialization(SerialStatus* status, Connection* conn); - bool DoAccessSerialization(SerialStatus* status, StateAccess* access); - - typedef PDict(ID) id_map; - - declare(PDict, Connection); - typedef PDict(Connection) conn_map; - - struct SerialStatus { - enum Type { - WritingState, WritingConfig, - SendingState, SendingConfig, - }; - - SerialStatus(Serializer* s, Type arg_type) : info(s) - { - type = arg_type; - ids = 0; - id_cookie = 0; - conns = 0; - conn_cookie = 0; - peer = SOURCE_LOCAL; - filename = 0; - } - - Type type; - SerialInfo info; - - // IDs to serialize. - id_map* ids; - IterCookie* id_cookie; - - // Connections to serialize. - conn_map* conns; - IterCookie* conn_cookie; - - // Accesses performed while we're serializing. - declare(PList,StateAccess); - typedef PList(StateAccess) state_access_list; - state_access_list accesses; - - // The ID/Conn we're currently serializing. - union { - ID* id; - Connection* conn; - } current; - - // Only set if type is Writing{State,Config}. - const char* filename; - - // Only set if type is Sending{State,Config}. - SourceID peer; - }; - - const char* dir; - - declare(PList, SerialStatus); - PList(SerialStatus) running; - - id_map persistent_ids; - conn_map persistent_conns; - - // To keep track of files' modification times. - declare(PDict, time_t); - typedef PDict(time_t) file_map; - file_map files; -}; - -extern PersistenceSerializer* persistence_serializer; - -#endif diff --git a/src/RemoteSerializer.h b/src/RemoteSerializer.h index 28ca495f17..0882f9f8ec 100644 --- a/src/RemoteSerializer.h +++ b/src/RemoteSerializer.h @@ -166,7 +166,6 @@ public: static void Log(LogLevel level, const char* msg); protected: - friend class PersistenceSerializer; friend class IncrementalSendTimer; // Maximum size of serialization caches. diff --git a/src/Serializer.cc b/src/Serializer.cc index 2c32283c56..5a75184fac 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -508,8 +508,6 @@ bool Serializer::UnserializeConnection(UnserialInfo* info) if ( info->install_conns ) { - if ( c->IsPersistent() && c->Key() ) - persistence_serializer->Register(c); Ref(c); sessions->Insert(c); } diff --git a/src/Sessions.cc b/src/Sessions.cc index 3507c46e53..f2d6e27219 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -1101,9 +1101,6 @@ void NetSessions::Remove(Connection* c) tcp_stats.StateLeft(to->state, tr->state); } - if ( c->IsPersistent() ) - persistence_serializer->Unregister(c); - c->Done(); if ( connection_state_remove ) @@ -1194,8 +1191,6 @@ void NetSessions::Insert(Connection* c) // Some clean-ups similar to those in Remove() (but invisible // to the script layer). old->CancelTimers(); - if ( old->IsPersistent() ) - persistence_serializer->Unregister(old); delete old->Key(); old->ClearKey(); Unref(old); diff --git a/src/StateAccess.cc b/src/StateAccess.cc index bbf5b3a9ec..958e67f5a7 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -5,7 +5,6 @@ #include "NetVar.h" #include "DebugLogger.h" #include "RemoteSerializer.h" -#include "PersistenceSerializer.h" int StateAccess::replaying = 0; @@ -870,8 +869,6 @@ void StateAccess::Describe(ODesc* d) const void StateAccess::Log(StateAccess* access) { - bool synchronized = false; - bool persistent = false; bool tracked = false; if ( access->target_type == TYPE_ID ) @@ -885,30 +882,14 @@ void StateAccess::Log(StateAccess* access) tracked = true; } - if ( synchronized ) - { - if ( state_serializer ) - { - SerialInfo info(state_serializer); - state_serializer->Serialize(&info, *access); - } - - SerialInfo info(remote_serializer); - remote_serializer->SendAccess(&info, *access); - } - - if ( persistent && persistence_serializer->IsSerializationRunning() ) - persistence_serializer->LogAccess(*access); - if ( tracked ) notifiers.AccessPerformed(*access); #ifdef DEBUG ODesc desc; access->Describe(&desc); - DBG_LOG(DBG_STATE, "operation: %s%s [%s%s]", - desc.Description(), replaying > 0 ? " (replay)" : "", - persistent ? "P" : "", synchronized ? "S" : ""); + DBG_LOG(DBG_STATE, "operation: %s%s", + desc.Description(), replaying > 0 ? " (replay)" : ""); #endif delete access; diff --git a/src/Timer.cc b/src/Timer.cc index 101733028c..154fde4188 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -21,7 +21,6 @@ const char* TimerNames[] = { "FlowWeirdTimer", "FragTimer", "IncrementalSendTimer", - "IncrementalWriteTimer", "InterconnTimer", "IPTunnelInactivityTimer", "NetbiosExpireTimer", diff --git a/src/Timer.h b/src/Timer.h index 8d6de857a0..2f32d23e3e 100644 --- a/src/Timer.h +++ b/src/Timer.h @@ -26,7 +26,6 @@ enum TimerType { TIMER_FLOW_WEIRD_EXPIRE, TIMER_FRAG, TIMER_INCREMENTAL_SEND, - TIMER_INCREMENTAL_WRITE, TIMER_INTERCONN, TIMER_IP_TUNNEL_INACTIVITY, TIMER_NB_EXPIRE, diff --git a/src/main.cc b/src/main.cc index 6ea1a74b99..ce9e49ea7a 100644 --- a/src/main.cc +++ b/src/main.cc @@ -40,7 +40,6 @@ extern "C" { #include "Anon.h" #include "Serializer.h" #include "RemoteSerializer.h" -#include "PersistenceSerializer.h" #include "EventRegistry.h" #include "Stats.h" #include "Brofiler.h" @@ -101,7 +100,6 @@ name_list prefixes; Stmt* stmts; EventHandlerPtr net_done = 0; RuleMatcher* rule_matcher = 0; -PersistenceSerializer* persistence_serializer = 0; FileSerializer* event_serializer = 0; FileSerializer* state_serializer = 0; RemoteSerializer* remote_serializer = 0; @@ -167,7 +165,6 @@ void usage(int code = 1) fprintf(stderr, " -d|--debug-policy | activate policy file debugging\n"); fprintf(stderr, " -e|--exec | augment loaded policies by given code\n"); fprintf(stderr, " -f|--filter | tcpdump filter\n"); - fprintf(stderr, " -g|--dump-config | dump current config into .state dir\n"); fprintf(stderr, " -h|--help | command line help\n"); fprintf(stderr, " -i|--iface | read from given interface\n"); fprintf(stderr, " -p|--prefix | add given prefix to policy file resolution\n"); @@ -291,9 +288,6 @@ void done_with_network() true); } - // Save state before expiring the remaining events/timers. - persistence_serializer->WriteState(false); - if ( profiling_logger ) profiling_logger->Log(); @@ -371,7 +365,6 @@ void terminate_bro() delete zeexygen_mgr; delete timer_mgr; - delete persistence_serializer; delete event_serializer; delete state_serializer; delete event_registry; @@ -452,7 +445,6 @@ int main(int argc, char** argv) char* debug_streams = 0; int parse_only = false; int bare_mode = false; - int dump_cfg = false; int do_watchdog = 0; int override_ignore_checksums = 0; int rule_debug = 0; @@ -464,7 +456,6 @@ int main(int argc, char** argv) {"parse-only", no_argument, 0, 'a'}, {"bare-mode", no_argument, 0, 'b'}, {"debug-policy", no_argument, 0, 'd'}, - {"dump-config", no_argument, 0, 'g'}, {"exec", required_argument, 0, 'e'}, {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, @@ -565,10 +556,6 @@ int main(int argc, char** argv) user_pcap_filter = optarg; break; - case 'g': - dump_cfg = true; - break; - case 'h': usage(0); break; @@ -795,7 +782,6 @@ int main(int argc, char** argv) dns_mgr->SetDir(".state"); iosource_mgr = new iosource::Manager(); - persistence_serializer = new PersistenceSerializer(); remote_serializer = new RemoteSerializer(); event_registry = new EventRegistry(); analyzer_mgr = new analyzer::Manager(); @@ -1012,13 +998,9 @@ int main(int argc, char** argv) exit(0); } - persistence_serializer->SetDir((const char *)state_dir->AsString()->CheckString()); - // Print the ID. if ( id_name ) { - persistence_serializer->ReadAll(true, false); - ID* id = global_scope()->Lookup(id_name); if ( ! id ) reporter->FatalError("No such ID: %s\n", id_name); @@ -1032,14 +1014,6 @@ int main(int argc, char** argv) exit(0); } - persistence_serializer->ReadAll(true, true); - - if ( dump_cfg ) - { - persistence_serializer->WriteConfig(false); - exit(0); - } - if ( profiling_interval > 0 ) { profiling_logger = new ProfileLogger(profiling_file->AsFile(), @@ -1205,7 +1179,6 @@ int main(int argc, char** argv) } else { - persistence_serializer->WriteState(false); terminate_bro(); } diff --git a/src/parse.y b/src/parse.y index fb99f14e87..e53f2a3054 100644 --- a/src/parse.y +++ b/src/parse.y @@ -5,7 +5,7 @@ // Switching parser table type fixes ambiguity problems. %define lr.type ielr -%expect 141 +%expect 129 %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF From f2f06d66c0fa47b931e5680ce950fef2a5f14e97 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 2 May 2019 20:49:23 -0700 Subject: [PATCH 20/51] Remove previously deprecated policy/protocols/smb/__load__ --- CHANGES | 4 ++++ NEWS | 3 +++ VERSION | 2 +- doc | 2 +- scripts/policy/protocols/smb/__load__.zeek | 3 --- scripts/test-all-policy.zeek | 1 - scripts/zeexygen/__load__.zeek | 1 - testing/btest/Baseline/coverage.bare-mode-errors/errors | 2 -- 8 files changed, 9 insertions(+), 9 deletions(-) delete mode 100644 scripts/policy/protocols/smb/__load__.zeek diff --git a/CHANGES b/CHANGES index c8d5cf61b8..a232ce3d5c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-261 | 2019-05-02 20:49:23 -0700 + + * Remove previously deprecated policy/protocols/smb/__load__ (Jon Siwek, Corelight) + 2.6-260 | 2019-05-02 19:16:48 -0700 * GH-243: Remove deprecated functions/events from 2.6 and earlier (Johanna Amann, Corelight) diff --git a/NEWS b/NEWS index e7c88fee8a..b9bd761b07 100644 --- a/NEWS +++ b/NEWS @@ -243,6 +243,9 @@ Removed Functionality - ``dhcp_request`` - ``finished_send_state`` +- The deprecated script ``policy/protocols/smb/__load__.bro`` was removed. + Instead of ``@load policy/protocols/smb`` use ``@load base/protocols/smb``. + Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index c40efd81c6..55568b13e8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-260 +2.6-261 diff --git a/doc b/doc index ed52b61d93..f897256ad2 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit ed52b61d9300141cfa868759faed9c66142a80af +Subproject commit f897256ad219b644b99a14873473e0276cf430f6 diff --git a/scripts/policy/protocols/smb/__load__.zeek b/scripts/policy/protocols/smb/__load__.zeek deleted file mode 100644 index 9e826f7fd6..0000000000 --- a/scripts/policy/protocols/smb/__load__.zeek +++ /dev/null @@ -1,3 +0,0 @@ -@deprecated "Use '@load base/protocols/smb' instead" - -@load base/protocols/smb diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index 0968c038ee..0eadf0ff57 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -83,7 +83,6 @@ @load protocols/modbus/track-memmap.zeek @load protocols/mysql/software.zeek @load protocols/rdp/indicate_ssl.zeek -#@load protocols/smb/__load__.zeek @load protocols/smb/log-cmds.zeek @load protocols/smtp/blocklists.zeek @load protocols/smtp/detect-suspicious-orig.zeek diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeexygen/__load__.zeek index d074fe3660..00555c57bd 100644 --- a/scripts/zeexygen/__load__.zeek +++ b/scripts/zeexygen/__load__.zeek @@ -6,7 +6,6 @@ @load frameworks/control/controller.zeek @load frameworks/files/extract-all-files.zeek @load policy/misc/dump-events.zeek -@load policy/protocols/smb/__load__.zeek @load ./example.zeek diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 72de702972..e69de29bb2 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,2 +0,0 @@ -warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead" -warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" From 84ca12fdb41fe5568de7d48e69edb5b048cde569 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 2 May 2019 21:39:01 -0700 Subject: [PATCH 21/51] Rename Zeexygen to Zeekygen --- CHANGES | 4 + NEWS | 4 +- VERSION | 2 +- doc | 2 +- man/bro.8 | 4 +- scripts/{zeexygen => zeekygen}/README | 2 +- scripts/{zeexygen => zeekygen}/__load__.zeek | 0 scripts/{zeexygen => zeekygen}/example.zeek | 30 +++---- src/CMakeLists.txt | 2 +- src/DebugLogger.cc | 2 +- src/DebugLogger.h | 2 +- src/ID.cc | 4 +- src/Type.cc | 22 ++--- src/main.cc | 24 +++--- src/parse.y | 26 +++--- src/plugin/ComponentManager.h | 4 +- src/scan.l | 12 +-- src/{zeexygen => zeekygen}/CMakeLists.txt | 8 +- src/{zeexygen => zeekygen}/Configuration.cc | 12 +-- src/{zeexygen => zeekygen}/Configuration.h | 14 ++-- src/{zeexygen => zeekygen}/IdentifierInfo.cc | 4 +- src/{zeexygen => zeekygen}/IdentifierInfo.h | 16 ++-- src/{zeexygen => zeekygen}/Info.h | 10 +-- src/{zeexygen => zeekygen}/Manager.cc | 48 +++++------ src/{zeexygen => zeekygen}/Manager.h | 34 ++++---- src/{zeexygen => zeekygen}/PackageInfo.cc | 8 +- src/{zeexygen => zeekygen}/PackageInfo.h | 8 +- .../ReStructuredTextTable.cc | 2 +- .../ReStructuredTextTable.h | 8 +- src/{zeexygen => zeekygen}/ScriptInfo.cc | 46 +++++------ src/{zeexygen => zeekygen}/ScriptInfo.h | 12 +-- src/{zeexygen => zeekygen}/Target.cc | 50 ++++++------ src/{zeexygen => zeekygen}/Target.h | 14 ++-- src/{zeexygen => zeekygen}/utils.cc | 18 ++--- src/{zeexygen => zeekygen}/utils.h | 12 +-- .../zeexygen.bif => zeekygen/zeekygen.bif} | 24 +++--- .../btest/Baseline/core.plugins.hooks/output | 6 +- .../canonified_loaded_scripts.log | 2 +- .../canonified_loaded_scripts.log | 2 +- .../.stderr | 0 .../.stdout | 0 .../output | 0 .../out | 0 .../autogen-reST-enums.rst | 0 .../example.rst | 80 +++++++++---------- .../autogen-reST-func-params.rst | 0 .../test.rst | 78 +++++++++--------- .../test.rst | 16 ++-- .../test.rst | 4 +- .../autogen-reST-records.rst | 0 .../doc.zeekygen.script_index/test.rst | 5 ++ .../test.rst | 10 +-- .../autogen-reST-type-aliases.rst | 20 ++--- .../autogen-reST-vectors.rst | 0 .../doc.zeexygen.script_index/test.rst | 5 -- testing/btest/Baseline/plugins.hooks/output | 6 +- testing/btest/coverage/broxygen.sh | 10 +-- ...oxygen-docs.sh => sphinx-zeekygen-docs.sh} | 8 +- .../{zeexygen => zeekygen}/command_line.zeek | 0 .../comment_retrieval_bifs.zeek | 0 .../doc/{zeexygen => zeekygen}/enums.zeek | 4 +- testing/btest/doc/zeekygen/example.zeek | 8 ++ .../{zeexygen => zeekygen}/func-params.zeek | 4 +- testing/btest/doc/zeekygen/identifier.zeek | 9 +++ testing/btest/doc/zeekygen/package.zeek | 9 +++ testing/btest/doc/zeekygen/package_index.zeek | 9 +++ .../doc/{zeexygen => zeekygen}/records.zeek | 4 +- testing/btest/doc/zeekygen/script_index.zeek | 9 +++ .../btest/doc/zeekygen/script_summary.zeek | 9 +++ .../{zeexygen => zeekygen}/type-aliases.zeek | 8 +- .../doc/{zeexygen => zeekygen}/vectors.zeek | 4 +- testing/btest/doc/zeexygen/example.zeek | 8 -- testing/btest/doc/zeexygen/identifier.zeek | 9 --- testing/btest/doc/zeexygen/package.zeek | 9 --- testing/btest/doc/zeexygen/package_index.zeek | 9 --- testing/btest/doc/zeexygen/script_index.zeek | 9 --- .../btest/doc/zeexygen/script_summary.zeek | 9 --- ...exygen-docs.sh => update-zeekygen-docs.sh} | 8 +- 78 files changed, 444 insertions(+), 440 deletions(-) rename scripts/{zeexygen => zeekygen}/README (77%) rename scripts/{zeexygen => zeekygen}/__load__.zeek (100%) rename scripts/{zeexygen => zeekygen}/example.zeek (90%) rename src/{zeexygen => zeekygen}/CMakeLists.txt (73%) rename src/{zeexygen => zeekygen}/Configuration.cc (87%) rename src/{zeexygen => zeekygen}/Configuration.h (80%) rename src/{zeexygen => zeekygen}/IdentifierInfo.cc (97%) rename src/{zeexygen => zeekygen}/IdentifierInfo.h (92%) rename src/{zeexygen => zeekygen}/Info.h (89%) rename src/{zeexygen => zeekygen}/Manager.cc (87%) rename src/{zeexygen => zeekygen}/Manager.h (89%) rename src/{zeexygen => zeekygen}/PackageInfo.cc (85%) rename src/{zeexygen => zeekygen}/PackageInfo.h (89%) rename src/{zeexygen => zeekygen}/ReStructuredTextTable.cc (98%) rename src/{zeexygen => zeekygen}/ReStructuredTextTable.h (92%) rename src/{zeexygen => zeekygen}/ScriptInfo.cc (86%) rename src/{zeexygen => zeekygen}/ScriptInfo.h (92%) rename src/{zeexygen => zeekygen}/Target.cc (90%) rename src/{zeexygen => zeekygen}/Target.h (97%) rename src/{zeexygen => zeekygen}/utils.cc (83%) rename src/{zeexygen => zeekygen}/utils.h (88%) rename src/{zeexygen/zeexygen.bif => zeekygen/zeekygen.bif} (81%) rename testing/btest/Baseline/{doc.zeexygen.all_scripts => doc.zeekygen.all_scripts}/.stderr (100%) rename testing/btest/Baseline/{doc.zeexygen.all_scripts => doc.zeekygen.all_scripts}/.stdout (100%) rename testing/btest/Baseline/{doc.zeexygen.command_line => doc.zeekygen.command_line}/output (100%) rename testing/btest/Baseline/{doc.zeexygen.comment_retrieval_bifs => doc.zeekygen.comment_retrieval_bifs}/out (100%) rename testing/btest/Baseline/{doc.zeexygen.enums => doc.zeekygen.enums}/autogen-reST-enums.rst (100%) rename testing/btest/Baseline/{doc.zeexygen.example => doc.zeekygen.example}/example.rst (77%) rename testing/btest/Baseline/{doc.zeexygen.func-params => doc.zeekygen.func-params}/autogen-reST-func-params.rst (100%) rename testing/btest/Baseline/{doc.zeexygen.identifier => doc.zeekygen.identifier}/test.rst (70%) rename testing/btest/Baseline/{doc.zeexygen.package => doc.zeekygen.package}/test.rst (70%) rename testing/btest/Baseline/{doc.zeexygen.package_index => doc.zeekygen.package_index}/test.rst (68%) rename testing/btest/Baseline/{doc.zeexygen.records => doc.zeekygen.records}/autogen-reST-records.rst (100%) create mode 100644 testing/btest/Baseline/doc.zeekygen.script_index/test.rst rename testing/btest/Baseline/{doc.zeexygen.script_summary => doc.zeekygen.script_summary}/test.rst (71%) rename testing/btest/Baseline/{doc.zeexygen.type-aliases => doc.zeekygen.type-aliases}/autogen-reST-type-aliases.rst (60%) rename testing/btest/Baseline/{doc.zeexygen.vectors => doc.zeekygen.vectors}/autogen-reST-vectors.rst (100%) delete mode 100644 testing/btest/Baseline/doc.zeexygen.script_index/test.rst rename testing/btest/coverage/{sphinx-broxygen-docs.sh => sphinx-zeekygen-docs.sh} (85%) rename testing/btest/doc/{zeexygen => zeekygen}/command_line.zeek (100%) rename testing/btest/doc/{zeexygen => zeekygen}/comment_retrieval_bifs.zeek (100%) rename testing/btest/doc/{zeexygen => zeekygen}/enums.zeek (89%) create mode 100644 testing/btest/doc/zeekygen/example.zeek rename testing/btest/doc/{zeexygen => zeekygen}/func-params.zeek (83%) create mode 100644 testing/btest/doc/zeekygen/identifier.zeek create mode 100644 testing/btest/doc/zeekygen/package.zeek create mode 100644 testing/btest/doc/zeekygen/package_index.zeek rename testing/btest/doc/{zeexygen => zeekygen}/records.zeek (84%) create mode 100644 testing/btest/doc/zeekygen/script_index.zeek create mode 100644 testing/btest/doc/zeekygen/script_summary.zeek rename testing/btest/doc/{zeexygen => zeekygen}/type-aliases.zeek (81%) rename testing/btest/doc/{zeexygen => zeekygen}/vectors.zeek (83%) delete mode 100644 testing/btest/doc/zeexygen/example.zeek delete mode 100644 testing/btest/doc/zeexygen/identifier.zeek delete mode 100644 testing/btest/doc/zeexygen/package.zeek delete mode 100644 testing/btest/doc/zeexygen/package_index.zeek delete mode 100644 testing/btest/doc/zeexygen/script_index.zeek delete mode 100644 testing/btest/doc/zeexygen/script_summary.zeek rename testing/scripts/{gen-zeexygen-docs.sh => update-zeekygen-docs.sh} (88%) diff --git a/CHANGES b/CHANGES index a232ce3d5c..c011e1ca3b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-262 | 2019-05-02 21:39:01 -0700 + + * Rename Zeexygen to Zeekygen (Jon Siwek, Corelight) + 2.6-261 | 2019-05-02 20:49:23 -0700 * Remove previously deprecated policy/protocols/smb/__load__ (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index b9bd761b07..16c51b3c2b 100644 --- a/NEWS +++ b/NEWS @@ -180,10 +180,10 @@ Changed Functionality and aren't counted as true gaps. - The Broxygen component, which is used to generate our Doxygen-like - scripting API documentation has been renamed to Zeexygen. This likely has + scripting API documentation has been renamed to Zeekygen. This likely has no breaking or visible changes for most users, except in the case one used it to generate their own documentation via the ``--broxygen`` flag, - which is now named ``--zeexygen``. Besides that, the various documentation + which is now named ``--zeekygen``. Besides that, the various documentation in scripts has also been updated to replace Sphinx cross-referencing roles and directives like ":bro:see:" with ":zeek:zee:". diff --git a/VERSION b/VERSION index 55568b13e8..1733e8d0df 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-261 +2.6-262 diff --git a/doc b/doc index f897256ad2..8aa690e20d 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit f897256ad219b644b99a14873473e0276cf430f6 +Subproject commit 8aa690e20d19f79805d7f680e454e4ea10231add diff --git a/man/bro.8 b/man/bro.8 index a4c54d48f6..37c20bf0c5 100644 --- a/man/bro.8 +++ b/man/bro.8 @@ -99,7 +99,7 @@ Record process status in file \fB\-W\fR,\ \-\-watchdog activate watchdog timer .TP -\fB\-X\fR,\ \-\-zeexygen +\fB\-X\fR,\ \-\-zeekygen generate documentation based on config file .TP \fB\-\-pseudo\-realtime[=\fR] @@ -150,7 +150,7 @@ ASCII log file extension Output file for script execution statistics .TP .B BRO_DISABLE_BROXYGEN -Disable Zeexygen (Broxygen) documentation support +Disable Zeekygen (Broxygen) documentation support .SH AUTHOR .B bro was written by The Bro Project . diff --git a/scripts/zeexygen/README b/scripts/zeekygen/README similarity index 77% rename from scripts/zeexygen/README rename to scripts/zeekygen/README index f099b09833..94982b0730 100644 --- a/scripts/zeexygen/README +++ b/scripts/zeekygen/README @@ -1,4 +1,4 @@ This package is loaded during the process which automatically generates -reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeekygen/__load__.zeek similarity index 100% rename from scripts/zeexygen/__load__.zeek rename to scripts/zeekygen/__load__.zeek diff --git a/scripts/zeexygen/example.zeek b/scripts/zeekygen/example.zeek similarity index 90% rename from scripts/zeexygen/example.zeek rename to scripts/zeekygen/example.zeek index 69affed96a..1fcdd8390b 100644 --- a/scripts/zeexygen/example.zeek +++ b/scripts/zeekygen/example.zeek @@ -1,4 +1,4 @@ -##! This is an example script that demonstrates Zeexygen-style +##! This is an example script that demonstrates Zeekygen-style ##! documentation. It generally will make most sense when viewing ##! the script's raw source code and comparing to the HTML-rendered ##! version. @@ -13,12 +13,12 @@ ##! There's also a custom role to reference any identifier node in ##! the Zeek Sphinx domain that's good for "see alsos", e.g. ##! -##! See also: :zeek:see:`ZeexygenExample::a_var`, -##! :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` +##! See also: :zeek:see:`ZeekygenExample::a_var`, +##! :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` ##! ##! And a custom directive does the equivalent references: ##! -##! .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info +##! .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info # Comments that use a single pound sign (#) are not significant to # a script's auto-generated documentation, but ones that use a @@ -30,7 +30,7 @@ # variable declarations to associate with the last-declared identifier. # # Generally, the auto-doc comments (##) are associated with the -# next declaration/identifier found in the script, but Zeexygen +# next declaration/identifier found in the script, but Zeekygen # will track/render identifiers regardless of whether they have any # of these special comments associated with them. # @@ -49,19 +49,19 @@ # "module" statements are self-documenting, don't use any ``##`` style # comments with them. -module ZeexygenExample; +module ZeekygenExample; # Redefinitions of "Notice::Type" are self-documenting, but # more information can be supplied in two different ways. redef enum Notice::Type += { ## Any number of this type of comment - ## will document "Zeexygen_One". - Zeexygen_One, - Zeexygen_Two, ##< Any number of this type of comment - ##< will document "ZEEXYGEN_TWO". - Zeexygen_Three, + ## will document "Zeekygen_One". + Zeekygen_One, + Zeekygen_Two, ##< Any number of this type of comment + ##< will document "ZEEKYGEN_TWO". + Zeekygen_Three, ## Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - Zeexygen_Four, ##< it's probably best to use only one style consistently. + Zeekygen_Four, ##< it's probably best to use only one style consistently. }; # All redefs are automatically tracked. Comments of the "##" form can be use @@ -110,7 +110,7 @@ export { type ComplexRecord: record { field1: count; ##< Counts something. field2: bool; ##< Toggles something. - field3: SimpleRecord; ##< Zeexygen automatically tracks types + field3: SimpleRecord; ##< Zeekygen automatically tracks types ##< and cross-references are automatically ##< inserted in to generated docs. msg: string &default="blah"; ##< Attributes are self-documenting. @@ -163,9 +163,9 @@ export { ## Summarize "an_event" here. ## Give more details about "an_event" here. ## - ## ZeexygenExample::a_function should not be confused as a parameter + ## ZeekygenExample::a_function should not be confused as a parameter ## in the generated docs, but it also doesn't generate a cross-reference - ## link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + ## link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. ## ## name: Describe the argument here. global an_event: event(name: string); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94aca30eb9..262aaf07a5 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -143,7 +143,7 @@ set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE) add_subdirectory(analyzer) add_subdirectory(broker) -add_subdirectory(zeexygen) +add_subdirectory(zeekygen) add_subdirectory(file_analysis) add_subdirectory(input) add_subdirectory(iosource) diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index baddd2bdd8..8df6a5ef55 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -18,7 +18,7 @@ DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, { "threading", 0, false }, { "file_analysis", 0, false }, - { "plugins", 0, false }, { "zeexygen", 0, false }, + { "plugins", 0, false }, { "zeekygen", 0, false }, { "pktio", 0, false }, { "broker", 0, false }, { "scripts", 0, false} }; diff --git a/src/DebugLogger.h b/src/DebugLogger.h index 8026e8ba3c..dab9fd9758 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -30,7 +30,7 @@ enum DebugStream { DBG_THREADING, // Threading system DBG_FILE_ANALYSIS, // File analysis DBG_PLUGINS, // Plugin system - DBG_ZEEXYGEN, // Zeexygen + DBG_ZEEKYGEN, // Zeekygen DBG_PKTIO, // Packet sources and dumpers. DBG_BROKER, // Broker communication DBG_SCRIPTS, // Script initialization diff --git a/src/ID.cc b/src/ID.cc index 0ae1656533..e11625667a 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -14,7 +14,7 @@ #include "PersistenceSerializer.h" #include "Scope.h" #include "Traverse.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export) { @@ -680,7 +680,7 @@ void ID::DescribeReSTShort(ODesc* d) const if ( is_type ) d->Add(type_name(t)); else - d->Add(zeexygen_mgr->GetEnumTypeName(Name()).c_str()); + d->Add(zeekygen_mgr->GetEnumTypeName(Name()).c_str()); break; default: diff --git a/src/Type.cc b/src/Type.cc index 78c75a12df..19bed81412 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -8,8 +8,8 @@ #include "Scope.h" #include "Serializer.h" #include "Reporter.h" -#include "zeexygen/Manager.h" -#include "zeexygen/utils.h" +#include "zeekygen/Manager.h" +#include "zeekygen/utils.h" #include #include @@ -1197,8 +1197,8 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const if ( func_args ) continue; - using zeexygen::IdentifierInfo; - IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(GetName()); + using zeekygen::IdentifierInfo; + IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(GetName()); if ( ! doc ) { @@ -1217,7 +1217,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const field_from_script != type_from_script ) { d->PushIndent(); - d->Add(zeexygen::redef_indication(field_from_script).c_str()); + d->Add(zeekygen::redef_indication(field_from_script).c_str()); d->PopIndent(); } @@ -1237,7 +1237,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const { string s = cmnts[i]; - if ( zeexygen::prettify_params(s) ) + if ( zeekygen::prettify_params(s) ) d->NL(); d->Add(s.c_str()); @@ -1505,7 +1505,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, if ( deprecated ) id->MakeDeprecated(); - zeexygen_mgr->Identifier(id); + zeekygen_mgr->Identifier(id); } else { @@ -1618,8 +1618,8 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const else d->Add(fmt(".. zeek:enum:: %s %s", it->second.c_str(), GetName().c_str())); - using zeexygen::IdentifierInfo; - IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(it->second); + using zeekygen::IdentifierInfo; + IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(it->second); if ( ! doc ) { @@ -1634,7 +1634,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const if ( doc->GetDeclaringScript() ) enum_from_script = doc->GetDeclaringScript()->Name(); - IdentifierInfo* type_doc = zeexygen_mgr->GetIdentifierInfo(GetName()); + IdentifierInfo* type_doc = zeekygen_mgr->GetIdentifierInfo(GetName()); if ( type_doc && type_doc->GetDeclaringScript() ) type_from_script = type_doc->GetDeclaringScript()->Name(); @@ -1644,7 +1644,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const { d->NL(); d->PushIndent(); - d->Add(zeexygen::redef_indication(enum_from_script).c_str()); + d->Add(zeekygen::redef_indication(enum_from_script).c_str()); d->PopIndent(); } diff --git a/src/main.cc b/src/main.cc index 6ea1a74b99..160e6fd1d3 100644 --- a/src/main.cc +++ b/src/main.cc @@ -55,7 +55,7 @@ extern "C" { #include "analyzer/Tag.h" #include "plugin/Manager.h" #include "file_analysis/Manager.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "iosource/Manager.h" #include "broker/Manager.h" @@ -91,7 +91,7 @@ input::Manager* input_mgr = 0; plugin::Manager* plugin_mgr = 0; analyzer::Manager* analyzer_mgr = 0; file_analysis::Manager* file_mgr = 0; -zeexygen::Manager* zeexygen_mgr = 0; +zeekygen::Manager* zeekygen_mgr = 0; iosource::Manager* iosource_mgr = 0; bro_broker::Manager* broker_mgr = 0; @@ -193,7 +193,7 @@ void usage(int code = 1) fprintf(stderr, " -T|--re-level | set 'RE_level' for rules\n"); fprintf(stderr, " -U|--status-file | Record process status in file\n"); fprintf(stderr, " -W|--watchdog | activate watchdog timer\n"); - fprintf(stderr, " -X|--zeexygen | generate documentation based on config file\n"); + fprintf(stderr, " -X|--zeekygen | generate documentation based on config file\n"); #ifdef USE_PERFTOOLS_DEBUG fprintf(stderr, " -m|--mem-leaks | show leaks [perftools]\n"); @@ -213,7 +213,7 @@ void usage(int code = 1) fprintf(stderr, " $BRO_SEED_FILE | file to load seeds from (not set)\n"); fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); - fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeekygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); fprintf(stderr, " $ZEEK_DNS_RESOLVER | IPv4/IPv6 address of DNS resolver to use (%s)\n", getenv("ZEEK_DNS_RESOLVER") ? getenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf"); fprintf(stderr, "\n"); @@ -369,7 +369,7 @@ void terminate_bro() plugin_mgr->FinishPlugins(); - delete zeexygen_mgr; + delete zeekygen_mgr; delete timer_mgr; delete persistence_serializer; delete event_serializer; @@ -469,7 +469,7 @@ int main(int argc, char** argv) {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, {"iface", required_argument, 0, 'i'}, - {"zeexygen", required_argument, 0, 'X'}, + {"zeekygen", required_argument, 0, 'X'}, {"prefix", required_argument, 0, 'p'}, {"readfile", required_argument, 0, 'r'}, {"rulefile", required_argument, 0, 's'}, @@ -521,7 +521,7 @@ int main(int argc, char** argv) if ( p ) add_to_name_list(p, ':', prefixes); - string zeexygen_config; + string zeekygen_config; #ifdef USE_IDMEF string libidmef_dtd_path = "idmef-message.dtd"; @@ -674,7 +674,7 @@ int main(int argc, char** argv) break; case 'X': - zeexygen_config = optarg; + zeekygen_config = optarg; break; #ifdef USE_PERFTOOLS_DEBUG @@ -756,7 +756,7 @@ int main(int argc, char** argv) timer_mgr = new PQ_TimerMgr(""); // timer_mgr = new CQ_TimerMgr(); - zeexygen_mgr = new zeexygen::Manager(zeexygen_config, bro_argv[0]); + zeekygen_mgr = new zeekygen::Manager(zeekygen_config, bro_argv[0]); add_essential_input_file("base/init-bare.zeek"); add_essential_input_file("base/init-frameworks-and-bifs.zeek"); @@ -807,7 +807,7 @@ int main(int argc, char** argv) plugin_mgr->InitPreScript(); analyzer_mgr->InitPreScript(); file_mgr->InitPreScript(); - zeexygen_mgr->InitPreScript(); + zeekygen_mgr->InitPreScript(); bool missing_plugin = false; @@ -876,7 +876,7 @@ int main(int argc, char** argv) exit(1); plugin_mgr->InitPostScript(); - zeexygen_mgr->InitPostScript(); + zeekygen_mgr->InitPostScript(); broker_mgr->InitPostScript(); if ( print_plugins ) @@ -906,7 +906,7 @@ int main(int argc, char** argv) } reporter->InitOptions(); - zeexygen_mgr->GenerateDocs(); + zeekygen_mgr->GenerateDocs(); if ( user_pcap_filter ) { diff --git a/src/parse.y b/src/parse.y index 0e363eb321..076e73f53e 100644 --- a/src/parse.y +++ b/src/parse.y @@ -88,7 +88,7 @@ #include "Scope.h" #include "Reporter.h" #include "Brofiler.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include #include @@ -1039,7 +1039,7 @@ type_decl: $$ = new TypeDecl($3, $1, $4, (in_record > 0)); if ( in_record > 0 && cur_decl_type_id ) - zeexygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); + zeekygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); } ; @@ -1073,7 +1073,7 @@ decl: TOK_MODULE TOK_ID ';' { current_module = $2; - zeexygen_mgr->ModuleUsage(::filename, current_module); + zeekygen_mgr->ModuleUsage(::filename, current_module); } | TOK_EXPORT '{' { is_export = true; } decl_list '}' @@ -1082,36 +1082,36 @@ decl: | TOK_GLOBAL def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REGULAR); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_OPTION); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_CONST); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REDEF); - zeexygen_mgr->Redef($2, ::filename); + zeekygen_mgr->Redef($2, ::filename); } | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO '{' - { parser_redef_enum($3); zeexygen_mgr->Redef($3, ::filename); } + { parser_redef_enum($3); zeekygen_mgr->Redef($3, ::filename); } enum_body '}' ';' { - // Zeexygen already grabbed new enum IDs as the type created them. + // Zeekygen already grabbed new enum IDs as the type created them. } | TOK_REDEF TOK_RECORD global_id - { cur_decl_type_id = $3; zeexygen_mgr->Redef($3, ::filename); } + { cur_decl_type_id = $3; zeekygen_mgr->Redef($3, ::filename); } TOK_ADD_TO '{' { ++in_record; } type_decl_list @@ -1127,12 +1127,12 @@ decl: } | TOK_TYPE global_id ':' - { cur_decl_type_id = $2; zeexygen_mgr->StartType($2); } + { cur_decl_type_id = $2; zeekygen_mgr->StartType($2); } type opt_attr ';' { cur_decl_type_id = 0; add_type($2, $5, $6); - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | func_hdr func_body @@ -1167,7 +1167,7 @@ func_hdr: begin_func($2, current_module.c_str(), FUNC_FLAVOR_FUNCTION, 0, $3, $4); $$ = $3; - zeexygen_mgr->Identifier($2); + zeekygen_mgr->Identifier($2); } | TOK_EVENT event_id func_params opt_attr { diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index 22bd2dd302..399c704551 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -10,7 +10,7 @@ #include "Var.h" #include "Val.h" #include "Reporter.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" namespace plugin { @@ -134,7 +134,7 @@ ComponentManager::ComponentManager(const string& arg_module, const string& tag_enum_type = new EnumType(module + "::" + local_id); ::ID* id = install_ID(local_id.c_str(), module.c_str(), true, true); add_type(id, tag_enum_type, 0); - zeexygen_mgr->Identifier(id); + zeekygen_mgr->Identifier(id); } template diff --git a/src/scan.l b/src/scan.l index fd54cfab40..6b2610ee3f 100644 --- a/src/scan.l +++ b/src/scan.l @@ -29,7 +29,7 @@ #include "Traverse.h" #include "analyzer/Analyzer.h" -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "plugin/Manager.h" @@ -162,19 +162,19 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) %% ##!.* { - zeexygen_mgr->SummaryComment(::filename, yytext + 3); + zeekygen_mgr->SummaryComment(::filename, yytext + 3); } ##<.* { string hint(cur_enum_type && last_id_tok ? make_full_var_name(current_module.c_str(), last_id_tok) : ""); - zeexygen_mgr->PostComment(yytext + 3, hint); + zeekygen_mgr->PostComment(yytext + 3, hint); } ##.* { if ( yytext[2] != '#' ) - zeexygen_mgr->PreComment(yytext + 2); + zeekygen_mgr->PreComment(yytext + 2); } #{OWS}@no-test.* return TOK_NO_TEST; @@ -375,7 +375,7 @@ when return TOK_WHEN; string loader = ::filename; // load_files may change ::filename, save copy string loading = find_relative_script_file(new_file); (void) load_files(new_file); - zeexygen_mgr->ScriptDependency(loader, loading); + zeekygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { @@ -719,7 +719,7 @@ static int load_files(const char* orig_file) else file_stack.append(new FileInfo); - zeexygen_mgr->Script(file_path); + zeekygen_mgr->Script(file_path); DBG_LOG(DBG_SCRIPTS, "Loading %s", file_path.c_str()); diff --git a/src/zeexygen/CMakeLists.txt b/src/zeekygen/CMakeLists.txt similarity index 73% rename from src/zeexygen/CMakeLists.txt rename to src/zeekygen/CMakeLists.txt index 43060866a9..de50378f5a 100644 --- a/src/zeexygen/CMakeLists.txt +++ b/src/zeekygen/CMakeLists.txt @@ -7,7 +7,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR} ) -set(zeexygen_SRCS +set(zeekygen_SRCS Manager.cc Info.h PackageInfo.cc @@ -19,7 +19,7 @@ set(zeexygen_SRCS utils.cc ) -bif_target(zeexygen.bif) -bro_add_subdir_library(zeexygen ${zeexygen_SRCS}) +bif_target(zeekygen.bif) +bro_add_subdir_library(zeekygen ${zeekygen_SRCS}) -add_dependencies(bro_zeexygen generate_outputs) +add_dependencies(bro_zeekygen generate_outputs) diff --git a/src/zeexygen/Configuration.cc b/src/zeekygen/Configuration.cc similarity index 87% rename from src/zeexygen/Configuration.cc rename to src/zeekygen/Configuration.cc index 7b1f5e35fd..dbbbebf578 100644 --- a/src/zeexygen/Configuration.cc +++ b/src/zeekygen/Configuration.cc @@ -11,7 +11,7 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; static TargetFactory create_target_factory() @@ -37,7 +37,7 @@ Config::Config(const string& arg_file, const string& delim) ifstream f(file.c_str()); if ( ! f.is_open() ) - reporter->FatalError("failed to open Zeexygen config file '%s': %s", + reporter->FatalError("failed to open Zeekygen config file '%s': %s", file.c_str(), strerror(errno)); string line; @@ -59,20 +59,20 @@ Config::Config(const string& arg_file, const string& delim) continue; if ( tokens.size() != 3 ) - reporter->FatalError("malformed Zeexygen target in %s:%u: %s", + reporter->FatalError("malformed Zeekygen target in %s:%u: %s", file.c_str(), line_number, line.c_str()); Target* target = target_factory.Create(tokens[0], tokens[2], tokens[1]); if ( ! target ) - reporter->FatalError("unknown Zeexygen target type: %s", + reporter->FatalError("unknown Zeekygen target type: %s", tokens[0].c_str()); targets.push_back(target); } if ( f.bad() ) - reporter->InternalError("error reading Zeexygen config file '%s': %s", + reporter->InternalError("error reading Zeekygen config file '%s': %s", file.c_str(), strerror(errno)); } @@ -99,5 +99,5 @@ time_t Config::GetModificationTime() const if ( file.empty() ) return 0; - return zeexygen::get_mtime(file); + return zeekygen::get_mtime(file); } diff --git a/src/zeexygen/Configuration.h b/src/zeekygen/Configuration.h similarity index 80% rename from src/zeexygen/Configuration.h rename to src/zeekygen/Configuration.h index a0da9761bc..97ca125275 100644 --- a/src/zeexygen/Configuration.h +++ b/src/zeekygen/Configuration.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_CONFIGURATION_H -#define ZEEXYGEN_CONFIGURATION_H +#ifndef ZEEKYGEN_CONFIGURATION_H +#define ZEEKYGEN_CONFIGURATION_H #include "Info.h" #include "Target.h" @@ -9,7 +9,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Manages the generation of reStructuredText documents corresponding to @@ -22,8 +22,8 @@ class Config { public: /** - * Read a Zeexygen configuration file, parsing all targets in it. - * @param file The file containing a list of Zeexygen targets. If it's + * Read a Zeekygen configuration file, parsing all targets in it. + * @param file The file containing a list of Zeekygen targets. If it's * an empty string most methods are a no-op. * @param delim The delimiter between target fields. */ @@ -41,7 +41,7 @@ public: void FindDependencies(const std::vector& infos); /** - * Build each Zeexygen target (i.e. write out the reST documents to disk). + * Build each Zeekygen target (i.e. write out the reST documents to disk). */ void GenerateDocs() const; @@ -58,6 +58,6 @@ private: TargetFactory target_factory; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/IdentifierInfo.cc b/src/zeekygen/IdentifierInfo.cc similarity index 97% rename from src/zeexygen/IdentifierInfo.cc rename to src/zeekygen/IdentifierInfo.cc index ebb15373bf..5c494799b4 100644 --- a/src/zeexygen/IdentifierInfo.cc +++ b/src/zeekygen/IdentifierInfo.cc @@ -7,7 +7,7 @@ #include "Val.h" using namespace std; -using namespace zeexygen; +using namespace zeekygen; IdentifierInfo::IdentifierInfo(ID* arg_id, ScriptInfo* script) : Info(), @@ -128,7 +128,7 @@ string IdentifierInfo::DoReStructuredText(bool roles_only) const { string s = comments[i]; - if ( zeexygen::prettify_params(s) ) + if ( zeekygen::prettify_params(s) ) d.NL(); d.Add(s.c_str()); diff --git a/src/zeexygen/IdentifierInfo.h b/src/zeekygen/IdentifierInfo.h similarity index 92% rename from src/zeexygen/IdentifierInfo.h rename to src/zeekygen/IdentifierInfo.h index a930f67feb..868dd3781b 100644 --- a/src/zeexygen/IdentifierInfo.h +++ b/src/zeekygen/IdentifierInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_IDENTIFIERINFO_H -#define ZEEXYGEN_IDENTIFIERINFO_H +#ifndef ZEEKYGEN_IDENTIFIERINFO_H +#define ZEEKYGEN_IDENTIFIERINFO_H #include "Info.h" #include "ScriptInfo.h" @@ -14,7 +14,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { class ScriptInfo; @@ -42,7 +42,7 @@ public: * Add a comment associated with the identifier. If the identifier is a * record type and it's in the middle of parsing fields, the comment is * associated with the last field that was parsed. - * @param comment A string extracted from Zeexygen-style comment. + * @param comment A string extracted from Zeekygen-style comment. */ void AddComment(const std::string& comment) { last_field_seen ? last_field_seen->comments.push_back(comment) @@ -102,13 +102,13 @@ public: std::string GetDeclaringScriptForField(const std::string& field) const; /** - * @return All Zeexygen comments associated with the identifier. + * @return All Zeekygen comments associated with the identifier. */ std::vector GetComments() const; /** * @param field A record field name. - * @return All Zeexygen comments associated with the record field. + * @return All Zeekygen comments associated with the record field. */ std::vector GetFieldComments(const std::string& field) const; @@ -118,7 +118,7 @@ public: struct Redefinition { std::string from_script; /**< Name of script doing the redef. */ std::string new_val_desc; /**< Description of new value bound to ID. */ - std::vector comments; /**< Zeexygen comments on redef. */ + std::vector comments; /**< Zeekygen comments on redef. */ }; /** @@ -159,6 +159,6 @@ private: ScriptInfo* declaring_script; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Info.h b/src/zeekygen/Info.h similarity index 89% rename from src/zeexygen/Info.h rename to src/zeekygen/Info.h index 46fba7b7b6..f6e09cb498 100644 --- a/src/zeexygen/Info.h +++ b/src/zeekygen/Info.h @@ -1,15 +1,15 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_INFO_H -#define ZEEXYGEN_INFO_H +#ifndef ZEEKYGEN_INFO_H +#define ZEEKYGEN_INFO_H #include #include -namespace zeexygen { +namespace zeekygen { /** - * Abstract base class for any thing that Zeexygen can document. + * Abstract base class for any thing that Zeekygen can document. */ class Info { @@ -68,6 +68,6 @@ private: { } }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Manager.cc b/src/zeekygen/Manager.cc similarity index 87% rename from src/zeexygen/Manager.cc rename to src/zeekygen/Manager.cc index d638705d8b..5cddac0901 100644 --- a/src/zeexygen/Manager.cc +++ b/src/zeekygen/Manager.cc @@ -7,7 +7,7 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; static void DbgAndWarn(const char* msg) @@ -19,7 +19,7 @@ static void DbgAndWarn(const char* msg) return; reporter->Warning("%s", msg); - DBG_LOG(DBG_ZEEXYGEN, "%s", msg); + DBG_LOG(DBG_ZEEKYGEN, "%s", msg); } static void WarnMissingScript(const char* type, const ID* id, @@ -28,7 +28,7 @@ static void WarnMissingScript(const char* type, const ID* id, if ( script == "" ) return; - DbgAndWarn(fmt("Can't generate Zeexygen doumentation for %s %s, " + DbgAndWarn(fmt("Can't generate Zeekygen doumentation for %s %s, " "lookup of %s failed", type, id->Name(), script.c_str())); } @@ -83,7 +83,7 @@ Manager::Manager(const string& arg_config, const string& bro_command) // a PATH component that starts with a tilde (such as "~/bin"). A simple // workaround is to just run bro with a relative or absolute path. if ( path_to_bro.empty() || stat(path_to_bro.c_str(), &s) < 0 ) - reporter->InternalError("Zeexygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", + reporter->InternalError("Zeekygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", path_to_bro.c_str(), strerror(errno)); bro_mtime = s.st_mtime; @@ -129,7 +129,7 @@ void Manager::Script(const string& path) if ( scripts.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeexygen script documentation: %s", + DbgAndWarn(fmt("Duplicate Zeekygen script documentation: %s", name.c_str())); return; } @@ -137,7 +137,7 @@ void Manager::Script(const string& path) ScriptInfo* info = new ScriptInfo(name, path); scripts.map[name] = info; all_info.push_back(info); - DBG_LOG(DBG_ZEEXYGEN, "Made ScriptInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Made ScriptInfo %s", name.c_str()); if ( ! info->IsPkgLoader() ) return; @@ -146,7 +146,7 @@ void Manager::Script(const string& path) if ( packages.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeexygen package documentation: %s", + DbgAndWarn(fmt("Duplicate Zeekygen package documentation: %s", name.c_str())); return; } @@ -154,7 +154,7 @@ void Manager::Script(const string& path) PackageInfo* pkginfo = new PackageInfo(name); packages.map[name] = pkginfo; all_info.push_back(pkginfo); - DBG_LOG(DBG_ZEEXYGEN, "Made PackageInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Made PackageInfo %s", name.c_str()); } void Manager::ScriptDependency(const string& path, const string& dep) @@ -164,7 +164,7 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( dep.empty() ) { - DbgAndWarn(fmt("Empty Zeexygen script doc dependency: %s", + DbgAndWarn(fmt("Empty Zeekygen script doc dependency: %s", path.c_str())); return; } @@ -175,17 +175,17 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeexygen script doc dependency %s " + DbgAndWarn(fmt("Failed to add Zeekygen script doc dependency %s " "for %s", depname.c_str(), name.c_str())); return; } script_info->AddDependency(depname); - DBG_LOG(DBG_ZEEXYGEN, "Added script dependency %s for %s", + DBG_LOG(DBG_ZEEKYGEN, "Added script dependency %s for %s", depname.c_str(), name.c_str()); for ( size_t i = 0; i < comment_buffer.size(); ++i ) - DbgAndWarn(fmt("Discarded extraneous Zeexygen comment: %s", + DbgAndWarn(fmt("Discarded extraneous Zeekygen comment: %s", comment_buffer[i].c_str())); } @@ -199,13 +199,13 @@ void Manager::ModuleUsage(const string& path, const string& module) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeexygen module usage %s in %s", + DbgAndWarn(fmt("Failed to add Zeekygen module usage %s in %s", module.c_str(), name.c_str())); return; } script_info->AddModule(module); - DBG_LOG(DBG_ZEEXYGEN, "Added module usage %s in %s", + DBG_LOG(DBG_ZEEKYGEN, "Added module usage %s in %s", module.c_str(), name.c_str()); } @@ -246,7 +246,7 @@ void Manager::StartType(ID* id) if ( id->GetLocationInfo() == &no_location ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for %s, " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for %s, " "no location available", id->Name())); return; } @@ -261,7 +261,7 @@ void Manager::StartType(ID* id) } incomplete_type = CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo (incomplete) %s, in %s", + DBG_LOG(DBG_ZEEKYGEN, "Made IdentifierInfo (incomplete) %s, in %s", id->Name(), script.c_str()); } @@ -279,7 +279,7 @@ void Manager::Identifier(ID* id) { if ( incomplete_type->Name() == id->Name() ) { - DBG_LOG(DBG_ZEEXYGEN, "Finished document for type %s", id->Name()); + DBG_LOG(DBG_ZEEKYGEN, "Finished document for type %s", id->Name()); incomplete_type->CompletedTypeDecl(); incomplete_type = 0; return; @@ -309,7 +309,7 @@ void Manager::Identifier(ID* id) { // Internally-created identifier (e.g. file/proto analyzer enum tags). // Handled specially since they don't have a script location. - DBG_LOG(DBG_ZEEXYGEN, "Made internal IdentifierInfo %s", + DBG_LOG(DBG_ZEEKYGEN, "Made internal IdentifierInfo %s", id->Name()); CreateIdentifierInfo(id, 0); return; @@ -325,7 +325,7 @@ void Manager::Identifier(ID* id) } CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo %s, in script %s", + DBG_LOG(DBG_ZEEKYGEN, "Made IdentifierInfo %s, in script %s", id->Name(), script.c_str()); } @@ -339,7 +339,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, if ( ! idd ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for " "record field %s, unknown record: %s", field->id, id->Name())); return; @@ -348,7 +348,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, string script = NormalizeScriptPath(path); idd->AddRecordField(field, script, comment_buffer); comment_buffer.clear(); - DBG_LOG(DBG_ZEEXYGEN, "Document record field %s, identifier %s, script %s", + DBG_LOG(DBG_ZEEKYGEN, "Document record field %s, identifier %s, script %s", field->id, id->Name(), script.c_str()); } @@ -365,7 +365,7 @@ void Manager::Redef(const ID* id, const string& path) if ( ! id_info ) { - DbgAndWarn(fmt("Can't generate zeexygen doumentation for " + DbgAndWarn(fmt("Can't generate zeekygen doumentation for " "redef of %s, identifier lookup failed", id->Name())); return; @@ -384,7 +384,7 @@ void Manager::Redef(const ID* id, const string& path) script_info->AddRedef(id_info); comment_buffer.clear(); last_identifier_seen = id_info; - DBG_LOG(DBG_ZEEXYGEN, "Added redef of %s from %s", + DBG_LOG(DBG_ZEEKYGEN, "Added redef of %s from %s", id->Name(), from_script.c_str()); } @@ -421,7 +421,7 @@ void Manager::PostComment(const string& comment, const string& id_hint) if ( last_identifier_seen ) last_identifier_seen->AddComment(RemoveLeadingSpace(comment)); else - DbgAndWarn(fmt("Discarded unassociated Zeexygen comment %s", + DbgAndWarn(fmt("Discarded unassociated Zeekygen comment %s", comment.c_str())); return; diff --git a/src/zeexygen/Manager.h b/src/zeekygen/Manager.h similarity index 89% rename from src/zeexygen/Manager.h rename to src/zeekygen/Manager.h index 5b2142e047..ad4d98f668 100644 --- a/src/zeexygen/Manager.h +++ b/src/zeekygen/Manager.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_MANAGER_H -#define ZEEXYGEN_MANAGER_H +#ifndef ZEEKYGEN_MANAGER_H +#define ZEEKYGEN_MANAGER_H #include "Configuration.h" #include "Info.h" @@ -21,7 +21,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Map of info objects. Just a wrapper around std::map to improve code @@ -54,7 +54,7 @@ public: /** * Ctor. - * @param config Path to a Zeexygen config file if documentation is to be + * @param config Path to a Zeekygen config file if documentation is to be * written to disk. * @param bro_command The command used to invoke the bro process. * It's used when checking for out-of-date targets. If the bro binary is @@ -80,7 +80,7 @@ public: void InitPostScript(); /** - * Builds all Zeexygen targets specified by config file and write out + * Builds all Zeekygen targets specified by config file and write out * documentation to disk. */ void GenerateDocs() const; @@ -140,24 +140,24 @@ public: void Redef(const ID* id, const std::string& path); /** - * Register Zeexygen script summary content. + * Register Zeekygen script summary content. * @param path Absolute path to a Bro script. - * @param comment Zeexygen-style summary comment ("##!") to associate with + * @param comment Zeekygen-style summary comment ("##!") to associate with * script given by \a path. */ void SummaryComment(const std::string& path, const std::string& comment); /** - * Register a Zeexygen comment ("##") for an upcoming identifier (i.e. + * Register a Zeekygen comment ("##") for an upcoming identifier (i.e. * this content is buffered and consumed by next identifier/field * declaration. - * @param comment Content of the Zeexygen comment. + * @param comment Content of the Zeekygen comment. */ void PreComment(const std::string& comment); /** - * Register a Zeexygen comment ("##<") for the last identifier seen. - * @param comment Content of the Zeexygen comment. + * Register a Zeekygen comment ("##<") for the last identifier seen. + * @param comment Content of the Zeekygen comment. * @param identifier_hint Expected name of identifier with which to * associate \a comment. */ @@ -197,11 +197,11 @@ public: { return packages.GetInfo(name); } /** - * Check if a Zeexygen target is up-to-date. - * @param target_file output file of a Zeexygen target. + * Check if a Zeekygen target is up-to-date. + * @param target_file output file of a Zeekygen target. * @param dependencies all dependencies of the target. * @return true if modification time of \a target_file is newer than - * modification time of Bro binary, Zeexygen config file, and all + * modification time of Bro binary, Zeekygen config file, and all * dependencies, else false. */ template @@ -241,7 +241,7 @@ bool Manager::IsUpToDate(const string& target_file, // Doesn't exist. return false; - reporter->InternalError("Zeexygen failed to stat target file '%s': %s", + reporter->InternalError("Zeekygen failed to stat target file '%s': %s", target_file.c_str(), strerror(errno)); } @@ -258,8 +258,8 @@ bool Manager::IsUpToDate(const string& target_file, return true; } -} // namespace zeexygen +} // namespace zeekygen -extern zeexygen::Manager* zeexygen_mgr; +extern zeekygen::Manager* zeekygen_mgr; #endif diff --git a/src/zeexygen/PackageInfo.cc b/src/zeekygen/PackageInfo.cc similarity index 85% rename from src/zeexygen/PackageInfo.cc rename to src/zeekygen/PackageInfo.cc index 1fd607fd08..4fe1ba8ad9 100644 --- a/src/zeexygen/PackageInfo.cc +++ b/src/zeekygen/PackageInfo.cc @@ -9,7 +9,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; PackageInfo::PackageInfo(const string& arg_name) : Info(), @@ -23,7 +23,7 @@ PackageInfo::PackageInfo(const string& arg_name) ifstream f(readme_file.c_str()); if ( ! f.is_open() ) - reporter->InternalWarning("Zeexygen failed to open '%s': %s", + reporter->InternalWarning("Zeekygen failed to open '%s': %s", readme_file.c_str(), strerror(errno)); string line; @@ -32,7 +32,7 @@ PackageInfo::PackageInfo(const string& arg_name) readme.push_back(line); if ( f.bad() ) - reporter->InternalWarning("Zeexygen error reading '%s': %s", + reporter->InternalWarning("Zeekygen error reading '%s': %s", readme_file.c_str(), strerror(errno)); } @@ -54,5 +54,5 @@ time_t PackageInfo::DoGetModificationTime() const if ( readme_file.empty() ) return 0; - return zeexygen::get_mtime(readme_file); + return zeekygen::get_mtime(readme_file); } diff --git a/src/zeexygen/PackageInfo.h b/src/zeekygen/PackageInfo.h similarity index 89% rename from src/zeexygen/PackageInfo.h rename to src/zeekygen/PackageInfo.h index 977f31fece..4db2718944 100644 --- a/src/zeexygen/PackageInfo.h +++ b/src/zeekygen/PackageInfo.h @@ -1,14 +1,14 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_PACKAGEINFO_H -#define ZEEXYGEN_PACKAGEINFO_H +#ifndef ZEEKYGEN_PACKAGEINFO_H +#define ZEEKYGEN_PACKAGEINFO_H #include "Info.h" #include #include -namespace zeexygen { +namespace zeekygen { /** * Information about a Bro script package. @@ -45,6 +45,6 @@ private: std::vector readme; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/ReStructuredTextTable.cc b/src/zeekygen/ReStructuredTextTable.cc similarity index 98% rename from src/zeexygen/ReStructuredTextTable.cc rename to src/zeekygen/ReStructuredTextTable.cc index c8306313e5..55c576a2a4 100644 --- a/src/zeexygen/ReStructuredTextTable.cc +++ b/src/zeekygen/ReStructuredTextTable.cc @@ -5,7 +5,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; ReStructuredTextTable::ReStructuredTextTable(size_t arg_num_cols) : num_cols(arg_num_cols), rows(), longest_row_in_column() diff --git a/src/zeexygen/ReStructuredTextTable.h b/src/zeekygen/ReStructuredTextTable.h similarity index 92% rename from src/zeexygen/ReStructuredTextTable.h rename to src/zeekygen/ReStructuredTextTable.h index 9a4059ca83..aefa8aaa26 100644 --- a/src/zeexygen/ReStructuredTextTable.h +++ b/src/zeekygen/ReStructuredTextTable.h @@ -1,12 +1,12 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_RESTTABLE_H -#define ZEEXYGEN_RESTTABLE_H +#ifndef ZEEKYGEN_RESTTABLE_H +#define ZEEKYGEN_RESTTABLE_H #include #include -namespace zeexygen { +namespace zeekygen { /** * A reST table with arbitrary number of columns. @@ -48,6 +48,6 @@ private: std::vector longest_row_in_column; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/ScriptInfo.cc b/src/zeekygen/ScriptInfo.cc similarity index 86% rename from src/zeexygen/ScriptInfo.cc rename to src/zeekygen/ScriptInfo.cc index 47769c615a..d55b42b7bc 100644 --- a/src/zeexygen/ScriptInfo.cc +++ b/src/zeekygen/ScriptInfo.cc @@ -10,7 +10,7 @@ #include "Desc.h" using namespace std; -using namespace zeexygen; +using namespace zeekygen; bool IdInfoComp::operator ()(const IdentifierInfo* lhs, const IdentifierInfo* rhs) const @@ -24,11 +24,11 @@ static vector summary_comment(const vector& cmnts) for ( size_t i = 0; i < cmnts.size(); ++i ) { - size_t end = zeexygen::end_of_first_sentence(cmnts[i]); + size_t end = zeekygen::end_of_first_sentence(cmnts[i]); if ( end == string::npos ) { - if ( zeexygen::is_all_whitespace(cmnts[i]) ) + if ( zeekygen::is_all_whitespace(cmnts[i]) ) break; rval.push_back(cmnts[i]); @@ -86,7 +86,7 @@ static string make_summary(const string& heading, char underline, char border, add_summary_rows(d, summary_comment((*it)->GetComments()), &table); } - return zeexygen::make_heading(heading, underline) + table.AsString(border) + return zeekygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -115,7 +115,7 @@ static string make_redef_summary(const string& heading, char underline, add_summary_rows(d, summary_comment(iit->comments), &table); } - return zeexygen::make_heading(heading, underline) + table.AsString(border) + return zeekygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -125,7 +125,7 @@ static string make_details(const string& heading, char underline, if ( id_list.empty() ) return ""; - string rval = zeexygen::make_heading(heading, underline); + string rval = zeekygen::make_heading(heading, underline); for ( id_info_list::const_iterator it = id_list.begin(); it != id_list.end(); ++it ) @@ -143,7 +143,7 @@ static string make_redef_details(const string& heading, char underline, if ( id_set.empty() ) return ""; - string rval = zeexygen::make_heading(heading, underline); + string rval = zeekygen::make_heading(heading, underline); for ( id_info_set::const_iterator it = id_set.begin(); it != id_set.end(); ++it ) @@ -178,13 +178,13 @@ void ScriptInfo::DoInitPostScript() IdentifierInfo* info = it->second; ID* id = info->GetID(); - if ( ! zeexygen::is_public_api(id) ) + if ( ! zeekygen::is_public_api(id) ) continue; if ( id->AsType() ) { types.push_back(info); - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a type", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a type", id->Name(), name.c_str()); continue; } @@ -193,17 +193,17 @@ void ScriptInfo::DoInitPostScript() { switch ( id->Type()->AsFuncType()->Flavor() ) { case FUNC_FLAVOR_HOOK: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a hook", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a hook", id->Name(), name.c_str()); hooks.push_back(info); break; case FUNC_FLAVOR_EVENT: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a event", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a event", id->Name(), name.c_str()); events.push_back(info); break; case FUNC_FLAVOR_FUNCTION: - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a function", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a function", id->Name(), name.c_str()); functions.push_back(info); break; @@ -219,13 +219,13 @@ void ScriptInfo::DoInitPostScript() { if ( id->FindAttr(ATTR_REDEF) ) { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a redef_option", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a redef_option", id->Name(), name.c_str()); redef_options.push_back(info); } else { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a constant", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a constant", id->Name(), name.c_str()); constants.push_back(info); } @@ -234,7 +234,7 @@ void ScriptInfo::DoInitPostScript() } else if ( id->IsOption() ) { - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as an runtime option", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as an runtime option", id->Name(), name.c_str()); options.push_back(info); @@ -246,7 +246,7 @@ void ScriptInfo::DoInitPostScript() // documentation. continue; - DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a state variable", + DBG_LOG(DBG_ZEEKYGEN, "Filter id '%s' in '%s' as a state variable", id->Name(), name.c_str()); state_vars.push_back(info); } @@ -275,7 +275,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const string rval; rval += ":tocdepth: 3\n\n"; - rval += zeexygen::make_heading(name, '='); + rval += zeekygen::make_heading(name, '='); for ( string_set::const_iterator it = module_usages.begin(); it != module_usages.end(); ++it ) @@ -329,7 +329,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const //rval += fmt(":Source File: :download:`/scripts/%s`\n", name.c_str()); rval += "\n"; - rval += zeexygen::make_heading("Summary", '~'); + rval += zeekygen::make_heading("Summary", '~'); rval += make_summary("Runtime Options", '#', '=', options); rval += make_summary("Redefinable Options", '#', '=', redef_options); rval += make_summary("Constants", '#', '=', constants); @@ -340,7 +340,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const rval += make_summary("Hooks", '#', '=', hooks); rval += make_summary("Functions", '#', '=', functions); rval += "\n"; - rval += zeexygen::make_heading("Detailed Interface", '~'); + rval += zeekygen::make_heading("Detailed Interface", '~'); rval += make_details("Runtime Options", '#', options); rval += make_details("Redefinable Options", '#', redef_options); rval += make_details("Constants", '#', constants); @@ -356,25 +356,25 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const time_t ScriptInfo::DoGetModificationTime() const { - time_t most_recent = zeexygen::get_mtime(path); + time_t most_recent = zeekygen::get_mtime(path); for ( string_set::const_iterator it = dependencies.begin(); it != dependencies.end(); ++it ) { - Info* info = zeexygen_mgr->GetScriptInfo(*it); + Info* info = zeekygen_mgr->GetScriptInfo(*it); if ( ! info ) { for (const string& ext : script_extensions) { string pkg_name = *it + "/__load__" + ext; - info = zeexygen_mgr->GetScriptInfo(pkg_name); + info = zeekygen_mgr->GetScriptInfo(pkg_name); if ( info ) break; } if ( ! info ) - reporter->InternalWarning("Zeexygen failed to get mtime of %s", + reporter->InternalWarning("Zeekygen failed to get mtime of %s", it->c_str()); continue; } diff --git a/src/zeexygen/ScriptInfo.h b/src/zeekygen/ScriptInfo.h similarity index 92% rename from src/zeexygen/ScriptInfo.h rename to src/zeekygen/ScriptInfo.h index fb0f0c15ae..dde7560544 100644 --- a/src/zeexygen/ScriptInfo.h +++ b/src/zeekygen/ScriptInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_SCRIPTINFO_H -#define ZEEXYGEN_SCRIPTINFO_H +#ifndef ZEEKYGEN_SCRIPTINFO_H +#define ZEEKYGEN_SCRIPTINFO_H #include "Info.h" #include "IdentifierInfo.h" @@ -12,7 +12,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { class IdentifierInfo; @@ -39,7 +39,7 @@ public: ScriptInfo(const std::string& name, const std::string& path); /** - * Associate a Zeexygen summary comment ("##!") with the script. + * Associate a Zeekygen summary comment ("##!") with the script. * @param comment String extracted from the comment. */ void AddComment(const std::string& comment) @@ -83,7 +83,7 @@ public: { return is_pkg_loader; } /** - * @return All the scripts Zeexygen summary comments. + * @return All the scripts Zeekygen summary comments. */ std::vector GetComments() const; @@ -119,6 +119,6 @@ private: id_info_set redefs; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/Target.cc b/src/zeekygen/Target.cc similarity index 90% rename from src/zeexygen/Target.cc rename to src/zeekygen/Target.cc index 406f6ffe4d..0e40defee3 100644 --- a/src/zeexygen/Target.cc +++ b/src/zeekygen/Target.cc @@ -16,7 +16,7 @@ #include using namespace std; -using namespace zeexygen; +using namespace zeekygen; static void write_plugin_section_heading(FILE* f, const plugin::Plugin* p) { @@ -123,13 +123,13 @@ static void write_plugin_bif_items(FILE* f, const plugin::Plugin* p, for ( it = bifitems.begin(); it != bifitems.end(); ++it ) { - zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo( + zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo( it->GetID()); if ( doc ) fprintf(f, "%s\n\n", doc->ReStructuredText().c_str()); else - reporter->InternalWarning("Zeexygen ID lookup failed: %s\n", + reporter->InternalWarning("Zeekygen ID lookup failed: %s\n", it->GetID().c_str()); } } @@ -138,10 +138,10 @@ static void WriteAnalyzerTagDefn(FILE* f, const string& module) { string tag_id = module + "::Tag"; - zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(tag_id); + zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(tag_id); if ( ! doc ) - reporter->InternalError("Zeexygen failed analyzer tag lookup: %s", + reporter->InternalError("Zeekygen failed analyzer tag lookup: %s", tag_id.c_str()); fprintf(f, "%s\n", doc->ReStructuredText().c_str()); @@ -177,7 +177,7 @@ static vector filter_matches(const vector& from, Target* t) if ( t->MatchesPattern(d) ) { - DBG_LOG(DBG_ZEEXYGEN, "'%s' matched pattern for target '%s'", + DBG_LOG(DBG_ZEEKYGEN, "'%s' matched pattern for target '%s'", d->Name().c_str(), t->Name().c_str()); rval.push_back(d); } @@ -194,14 +194,14 @@ TargetFile::TargetFile(const string& arg_name) string dir = SafeDirname(name).result; if ( ! ensure_intermediate_dirs(dir.c_str()) ) - reporter->FatalError("Zeexygen failed to make dir %s", + reporter->FatalError("Zeekygen failed to make dir %s", dir.c_str()); } f = fopen(name.c_str(), "w"); if ( ! f ) - reporter->FatalError("Zeexygen failed to open '%s' for writing: %s", + reporter->FatalError("Zeekygen failed to open '%s' for writing: %s", name.c_str(), strerror(errno)); } @@ -210,7 +210,7 @@ TargetFile::~TargetFile() if ( f ) fclose(f); - DBG_LOG(DBG_ZEEXYGEN, "Wrote out-of-date target '%s'", name.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Wrote out-of-date target '%s'", name.c_str()); } @@ -245,11 +245,11 @@ void AnalyzerTarget::DoFindDependencies(const std::vector& infos) void AnalyzerTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), vector()) ) + if ( zeekygen_mgr->IsUpToDate(Name(), vector()) ) return; if ( Pattern() != "*" ) - reporter->InternalWarning("Zeexygen only implements analyzer target" + reporter->InternalWarning("Zeekygen only implements analyzer target" " pattern '*'"); TargetFile file(Name()); @@ -313,7 +313,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); for ( size_t i = 0; i < infos.size(); ++i ) @@ -329,7 +329,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps[j]->Name().size())) continue; - DBG_LOG(DBG_ZEEXYGEN, "Script %s associated with package %s", + DBG_LOG(DBG_ZEEKYGEN, "Script %s associated with package %s", script->Name().c_str(), pkg_deps[j]->Name().c_str()); pkg_manifest[pkg_deps[j]].push_back(script); script_deps.push_back(script); @@ -339,8 +339,8 @@ void PackageTarget::DoFindDependencies(const vector& infos) void PackageTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) && - zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) && + zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -382,13 +382,13 @@ void PackageIndexTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void PackageIndexTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -402,7 +402,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) script_deps = filter_matches(infos, this); if ( script_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); if ( ! IsDir() ) @@ -483,7 +483,7 @@ void ScriptTarget::DoGenerate() const vector dep; dep.push_back(script_deps[i]); - if ( zeexygen_mgr->IsUpToDate(target_filename, dep) ) + if ( zeekygen_mgr->IsUpToDate(target_filename, dep) ) continue; TargetFile file(target_filename); @@ -508,7 +508,7 @@ void ScriptTarget::DoGenerate() const reporter->Warning("Failed to unlink %s: %s", f.c_str(), strerror(errno)); - DBG_LOG(DBG_ZEEXYGEN, "Delete stale script file %s", f.c_str()); + DBG_LOG(DBG_ZEEKYGEN, "Delete stale script file %s", f.c_str()); } return; @@ -516,7 +516,7 @@ void ScriptTarget::DoGenerate() const // Target is a single file, all matching scripts get written there. - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -527,7 +527,7 @@ void ScriptTarget::DoGenerate() const void ScriptSummaryTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -552,7 +552,7 @@ void ScriptSummaryTarget::DoGenerate() const void ScriptIndexTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -577,13 +577,13 @@ void IdentifierTarget::DoFindDependencies(const vector& infos) id_deps = filter_matches(infos, this); if ( id_deps.empty() ) - reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeekygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void IdentifierTarget::DoGenerate() const { - if ( zeexygen_mgr->IsUpToDate(Name(), id_deps) ) + if ( zeekygen_mgr->IsUpToDate(Name(), id_deps) ) return; TargetFile file(Name()); diff --git a/src/zeexygen/Target.h b/src/zeekygen/Target.h similarity index 97% rename from src/zeexygen/Target.h rename to src/zeekygen/Target.h index ef3c8b2e00..1129fe42ed 100644 --- a/src/zeexygen/Target.h +++ b/src/zeekygen/Target.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_TARGET_H -#define ZEEXYGEN_TARGET_H +#ifndef ZEEKYGEN_TARGET_H +#define ZEEKYGEN_TARGET_H #include "Info.h" #include "PackageInfo.h" @@ -13,7 +13,7 @@ #include #include -namespace zeexygen { +namespace zeekygen { /** * Helper class to create files in arbitrary file paths and automatically @@ -39,7 +39,7 @@ struct TargetFile { }; /** - * A Zeexygen target abstract base class. A target is generally any portion of + * A Zeekygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. @@ -125,7 +125,7 @@ public: /** * Register a new target type. - * @param type_name The target type name as it will appear in Zeexygen + * @param type_name The target type name as it will appear in Zeekygen * config files. */ template @@ -136,7 +136,7 @@ public: /** * Instantiate a target. - * @param type_name The target type name as it appears in Zeexygen config + * @param type_name The target type name as it appears in Zeekygen config * files. * @param name The output file name of the target. * @param pattern The dependency pattern of the target. @@ -384,6 +384,6 @@ private: std::vector id_deps; }; -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/utils.cc b/src/zeekygen/utils.cc similarity index 83% rename from src/zeexygen/utils.cc rename to src/zeekygen/utils.cc index 5cf76c1af6..b04790ee92 100644 --- a/src/zeexygen/utils.cc +++ b/src/zeekygen/utils.cc @@ -7,10 +7,10 @@ #include #include -using namespace zeexygen; +using namespace zeekygen; using namespace std; -bool zeexygen::prettify_params(string& s) +bool zeekygen::prettify_params(string& s) { size_t identifier_start_pos = 0; bool in_identifier = false; @@ -76,29 +76,29 @@ bool zeexygen::prettify_params(string& s) return false; } -bool zeexygen::is_public_api(const ID* id) +bool zeekygen::is_public_api(const ID* id) { return (id->Scope() == SCOPE_GLOBAL) || (id->Scope() == SCOPE_MODULE && id->IsExport()); } -time_t zeexygen::get_mtime(const string& filename) +time_t zeekygen::get_mtime(const string& filename) { struct stat s; if ( stat(filename.c_str(), &s) < 0 ) - reporter->InternalError("Zeexygen failed to stat file '%s': %s", + reporter->InternalError("Zeekygen failed to stat file '%s': %s", filename.c_str(), strerror(errno)); return s.st_mtime; } -string zeexygen::make_heading(const string& heading, char underline) +string zeekygen::make_heading(const string& heading, char underline) { return heading + "\n" + string(heading.size(), underline) + "\n"; } -size_t zeexygen::end_of_first_sentence(const string& s) +size_t zeekygen::end_of_first_sentence(const string& s) { size_t rval = 0; @@ -119,7 +119,7 @@ size_t zeexygen::end_of_first_sentence(const string& s) return rval; } -bool zeexygen::is_all_whitespace(const string& s) +bool zeekygen::is_all_whitespace(const string& s) { for ( size_t i = 0; i < s.size(); ++i ) if ( ! isspace(s[i]) ) @@ -128,7 +128,7 @@ bool zeexygen::is_all_whitespace(const string& s) return true; } -string zeexygen::redef_indication(const string& from_script) +string zeekygen::redef_indication(const string& from_script) { return fmt("(present if :doc:`/scripts/%s` is loaded)", from_script.c_str()); diff --git a/src/zeexygen/utils.h b/src/zeekygen/utils.h similarity index 88% rename from src/zeexygen/utils.h rename to src/zeekygen/utils.h index b9a99a71f7..07430f66ba 100644 --- a/src/zeexygen/utils.h +++ b/src/zeekygen/utils.h @@ -1,18 +1,18 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef ZEEXYGEN_UTILS_H -#define ZEEXYGEN_UTILS_H +#ifndef ZEEKYGEN_UTILS_H +#define ZEEKYGEN_UTILS_H #include "ID.h" #include -namespace zeexygen { +namespace zeekygen { /** - * Transform content of a Zeexygen comment which may contain function + * Transform content of a Zeekygen comment which may contain function * parameter or return value documentation to a prettier reST format. - * @param s Content from a Zeexygen comment to transform. "id: ..." and + * @param s Content from a Zeekygen comment to transform. "id: ..." and * "Returns: ..." change to ":id: ..." and ":returns: ...". * @return Whether any content in \a s was transformed. */ @@ -62,6 +62,6 @@ bool is_all_whitespace(const std::string& s); */ std::string redef_indication(const std::string& from_script); -} // namespace zeexygen +} // namespace zeekygen #endif diff --git a/src/zeexygen/zeexygen.bif b/src/zeekygen/zeekygen.bif similarity index 81% rename from src/zeexygen/zeexygen.bif rename to src/zeekygen/zeekygen.bif index f7ce04d292..e10ee9f3ec 100644 --- a/src/zeexygen/zeexygen.bif +++ b/src/zeekygen/zeekygen.bif @@ -3,7 +3,7 @@ ##! Functions for querying script, package, or variable documentation. %%{ -#include "zeexygen/Manager.h" +#include "zeekygen/Manager.h" #include "util.h" static StringVal* comments_to_val(const vector& comments) @@ -12,7 +12,7 @@ static StringVal* comments_to_val(const vector& comments) } %%} -## Retrieve the Zeexygen-style comments (``##``) associated with an identifier +## Retrieve the Zeekygen-style comments (``##``) associated with an identifier ## (e.g. a variable or type). ## ## name: a script-level identifier for which to retrieve comments. @@ -21,8 +21,8 @@ static StringVal* comments_to_val(const vector& comments) ## identifier, an empty string is returned. function get_identifier_comments%(name: string%): string %{ - using namespace zeexygen; - IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(name->CheckString()); + using namespace zeekygen; + IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -30,7 +30,7 @@ function get_identifier_comments%(name: string%): string return comments_to_val(d->GetComments()); %} -## Retrieve the Zeexygen-style summary comments (``##!``) associated with +## Retrieve the Zeekygen-style summary comments (``##!``) associated with ## a Bro script. ## ## name: the name of a Bro script. It must be a relative path to where @@ -41,8 +41,8 @@ function get_identifier_comments%(name: string%): string ## *name* is not a known script, an empty string is returned. function get_script_comments%(name: string%): string %{ - using namespace zeexygen; - ScriptInfo* d = zeexygen_mgr->GetScriptInfo(name->CheckString()); + using namespace zeekygen; + ScriptInfo* d = zeekygen_mgr->GetScriptInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -59,8 +59,8 @@ function get_script_comments%(name: string%): string ## package, an empty string is returned. function get_package_readme%(name: string%): string %{ - using namespace zeexygen; - PackageInfo* d = zeexygen_mgr->GetPackageInfo(name->CheckString()); + using namespace zeekygen; + PackageInfo* d = zeekygen_mgr->GetPackageInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -68,7 +68,7 @@ function get_package_readme%(name: string%): string return comments_to_val(d->GetReadme()); %} -## Retrieve the Zeexygen-style comments (``##``) associated with a record field. +## Retrieve the Zeekygen-style comments (``##``) associated with a record field. ## ## name: the name of a record type and a field within it formatted like ## a typical record field access: "$". @@ -78,7 +78,7 @@ function get_package_readme%(name: string%): string ## type, an empty string is returned. function get_record_field_comments%(name: string%): string %{ - using namespace zeexygen; + using namespace zeekygen; string accessor = name->CheckString(); size_t i = accessor.find('$'); @@ -87,7 +87,7 @@ function get_record_field_comments%(name: string%): string string id = accessor.substr(0, i); - IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(id); + IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(id); if ( ! d ) return val_mgr->GetEmptyString(); diff --git a/testing/btest/Baseline/core.plugins.hooks/output b/testing/btest/Baseline/core.plugins.hooks/output index 2725e48507..138d019b34 100644 --- a/testing/btest/Baseline/core.plugins.hooks/output +++ b/testing/btest/Baseline/core.plugins.hooks/output @@ -275,7 +275,7 @@ 0.000000 MetaHookPost LoadFile(./average) -> -1 0.000000 MetaHookPost LoadFile(./bloom-filter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./bro.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(./zeexygen.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./zeekygen.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./cardinality-counter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./const.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./consts) -> -1 @@ -855,7 +855,7 @@ 0.000000 MetaHookPre LoadFile(./average) 0.000000 MetaHookPre LoadFile(./bloom-filter.bif.bro) 0.000000 MetaHookPre LoadFile(./bro.bif.bro) -0.000000 MetaHookPre LoadFile(./zeexygen.bif.bro) +0.000000 MetaHookPre LoadFile(./zeekygen.bif.bro) 0.000000 MetaHookPre LoadFile(./cardinality-counter.bif.bro) 0.000000 MetaHookPre LoadFile(./const.bif.bro) 0.000000 MetaHookPre LoadFile(./consts) @@ -1435,7 +1435,7 @@ 0.000000 | HookLoadFile ./average.bro/bro 0.000000 | HookLoadFile ./bloom-filter.bif.bro/bro 0.000000 | HookLoadFile ./bro.bif.bro/bro -0.000000 | HookLoadFile ./zeexygen.bif.bro/bro +0.000000 | HookLoadFile ./zeekygen.bif.bro/bro 0.000000 | HookLoadFile ./cardinality-counter.bif.bro/bro 0.000000 | HookLoadFile ./const.bif.bro/bro 0.000000 | HookLoadFile ./consts.bif.bro/bro diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 1976784e41..a4caf4f6be 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/zeexygen.bif.zeek + build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 7951d68e2b..4c33718ad2 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/zeexygen.bif.zeek + build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr b/testing/btest/Baseline/doc.zeekygen.all_scripts/.stderr similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr rename to testing/btest/Baseline/doc.zeekygen.all_scripts/.stderr diff --git a/testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout b/testing/btest/Baseline/doc.zeekygen.all_scripts/.stdout similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout rename to testing/btest/Baseline/doc.zeekygen.all_scripts/.stdout diff --git a/testing/btest/Baseline/doc.zeexygen.command_line/output b/testing/btest/Baseline/doc.zeekygen.command_line/output similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.command_line/output rename to testing/btest/Baseline/doc.zeekygen.command_line/output diff --git a/testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out b/testing/btest/Baseline/doc.zeekygen.comment_retrieval_bifs/out similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out rename to testing/btest/Baseline/doc.zeekygen.comment_retrieval_bifs/out diff --git a/testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst b/testing/btest/Baseline/doc.zeekygen.enums/autogen-reST-enums.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst rename to testing/btest/Baseline/doc.zeekygen.enums/autogen-reST-enums.rst diff --git a/testing/btest/Baseline/doc.zeexygen.example/example.rst b/testing/btest/Baseline/doc.zeekygen.example/example.rst similarity index 77% rename from testing/btest/Baseline/doc.zeexygen.example/example.rst rename to testing/btest/Baseline/doc.zeekygen.example/example.rst index 4ea8dfe0c3..141a06cc2a 100644 --- a/testing/btest/Baseline/doc.zeexygen.example/example.rst +++ b/testing/btest/Baseline/doc.zeekygen.example/example.rst @@ -1,10 +1,10 @@ :tocdepth: 3 -zeexygen/example.zeek +zeekygen/example.zeek ===================== -.. zeek:namespace:: ZeexygenExample +.. zeek:namespace:: ZeekygenExample -This is an example script that demonstrates Zeexygen-style +This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -19,14 +19,14 @@ purpose. They are transferred directly in to the generated There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. -See also: :zeek:see:`ZeexygenExample::a_var`, -:zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` +See also: :zeek:see:`ZeekygenExample::a_var`, +:zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: -.. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info +.. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info -:Namespace: ZeexygenExample +:Namespace: ZeekygenExample :Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` Summary @@ -34,25 +34,25 @@ Summary Redefinable Options ################### ======================================================================================= ======================================================= -:zeek:id:`ZeexygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. -:zeek:id:`ZeexygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. +:zeek:id:`ZeekygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. +:zeek:id:`ZeekygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. ======================================================================================= ======================================================= State Variables ############### ========================================================================== ======================================================================== -:zeek:id:`ZeexygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. -:zeek:id:`ZeexygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. -:zeek:id:`ZeexygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. +:zeek:id:`ZeekygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. +:zeek:id:`ZeekygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. +:zeek:id:`ZeekygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. ========================================================================== ======================================================================== Types ##### ==================================================================================== =========================================================== -:zeek:type:`ZeexygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. -:zeek:type:`ZeexygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. -:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. -:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. +:zeek:type:`ZeekygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. +:zeek:type:`ZeekygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. +:zeek:type:`ZeekygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. +:zeek:type:`ZeekygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. ==================================================================================== =========================================================== Redefinitions @@ -60,21 +60,21 @@ Redefinitions =============================================================== ==================================================================== :zeek:type:`Log::ID`: :zeek:type:`enum` :zeek:type:`Notice::Type`: :zeek:type:`enum` -:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding +:zeek:type:`ZeekygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding the *redef* itself. -:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. +:zeek:type:`ZeekygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. =============================================================== ==================================================================== Events ###### ======================================================== ========================== -:zeek:id:`ZeexygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. +:zeek:id:`ZeekygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. ======================================================== ========================== Functions ######### ============================================================= ======================================= -:zeek:id:`ZeexygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. +:zeek:id:`ZeekygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. ============================================================= ======================================= @@ -82,7 +82,7 @@ Detailed Interface ~~~~~~~~~~~~~~~~~~ Redefinable Options ################### -.. zeek:id:: ZeexygenExample::an_option +.. zeek:id:: ZeekygenExample::an_option :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] :Attributes: :zeek:attr:`&redef` @@ -91,7 +91,7 @@ Redefinable Options Add documentation for "an_option" here. The type/attribute information is all generated automatically. -.. zeek:id:: ZeexygenExample::option_with_init +.. zeek:id:: ZeekygenExample::option_with_init :Type: :zeek:type:`interval` :Attributes: :zeek:attr:`&redef` @@ -102,7 +102,7 @@ Redefinable Options State Variables ############### -.. zeek:id:: ZeexygenExample::a_var +.. zeek:id:: ZeekygenExample::a_var :Type: :zeek:type:`bool` @@ -110,7 +110,7 @@ State Variables isn't a function/event/hook is classified as a "state variable" in the generated docs. -.. zeek:id:: ZeexygenExample::summary_test +.. zeek:id:: ZeekygenExample::summary_test :Type: :zeek:type:`string` @@ -118,7 +118,7 @@ State Variables And this second sentence doesn't show in the short description provided by the table of all identifiers declared by this script. -.. zeek:id:: ZeexygenExample::var_without_explicit_type +.. zeek:id:: ZeekygenExample::var_without_explicit_type :Type: :zeek:type:`string` :Default: ``"this works"`` @@ -127,7 +127,7 @@ State Variables Types ##### -.. zeek:type:: ZeexygenExample::ComplexRecord +.. zeek:type:: ZeekygenExample::ComplexRecord :Type: :zeek:type:`record` @@ -137,8 +137,8 @@ Types field2: :zeek:type:`bool` Toggles something. - field3: :zeek:type:`ZeexygenExample::SimpleRecord` - Zeexygen automatically tracks types + field3: :zeek:type:`ZeekygenExample::SimpleRecord` + Zeekygen automatically tracks types and cross-references are automatically inserted in to generated docs. @@ -148,7 +148,7 @@ Types General documentation for a type "ComplexRecord" goes here. -.. zeek:type:: ZeexygenExample::Info +.. zeek:type:: ZeekygenExample::Info :Type: :zeek:type:`record` @@ -164,33 +164,33 @@ Types fields plus the extensions and the scripts which contributed to it (provided they are also @load'ed). -.. zeek:type:: ZeexygenExample::SimpleEnum +.. zeek:type:: ZeekygenExample::SimpleEnum :Type: :zeek:type:`enum` - .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::ONE ZeekygenExample::SimpleEnum Documentation for particular enum values is added like this. And can also span multiple lines. - .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::TWO ZeekygenExample::SimpleEnum Or this style is valid to document the preceding enum value. - .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::THREE ZeekygenExample::SimpleEnum - .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FOUR ZeekygenExample::SimpleEnum And some documentation for "FOUR". - .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FIVE ZeekygenExample::SimpleEnum Also "FIVE". Documentation for the "SimpleEnum" type goes here. It can span multiple lines. -.. zeek:type:: ZeexygenExample::SimpleRecord +.. zeek:type:: ZeekygenExample::SimpleRecord :Type: :zeek:type:`record` @@ -210,23 +210,23 @@ Types Events ###### -.. zeek:id:: ZeexygenExample::an_event +.. zeek:id:: ZeekygenExample::an_event :Type: :zeek:type:`event` (name: :zeek:type:`string`) Summarize "an_event" here. Give more details about "an_event" here. - ZeexygenExample::a_function should not be confused as a parameter + ZeekygenExample::a_function should not be confused as a parameter in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. :name: Describe the argument here. Functions ######### -.. zeek:id:: ZeexygenExample::a_function +.. zeek:id:: ZeekygenExample::a_function :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` diff --git a/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.zeekygen.func-params/autogen-reST-func-params.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst rename to testing/btest/Baseline/doc.zeekygen.func-params/autogen-reST-func-params.rst diff --git a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst b/testing/btest/Baseline/doc.zeekygen.identifier/test.rst similarity index 70% rename from testing/btest/Baseline/doc.zeexygen.identifier/test.rst rename to testing/btest/Baseline/doc.zeekygen.identifier/test.rst index 128e1c6a5f..34c4ae71a6 100644 --- a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.identifier/test.rst @@ -1,91 +1,91 @@ -.. zeek:id:: ZeexygenExample::Zeexygen_One +.. zeek:id:: ZeekygenExample::Zeekygen_One :Type: :zeek:type:`Notice::Type` Any number of this type of comment - will document "Zeexygen_One". + will document "Zeekygen_One". -.. zeek:id:: ZeexygenExample::Zeexygen_Two +.. zeek:id:: ZeekygenExample::Zeekygen_Two :Type: :zeek:type:`Notice::Type` Any number of this type of comment - will document "ZEEXYGEN_TWO". + will document "ZEEKYGEN_TWO". -.. zeek:id:: ZeexygenExample::Zeexygen_Three +.. zeek:id:: ZeekygenExample::Zeekygen_Three :Type: :zeek:type:`Notice::Type` -.. zeek:id:: ZeexygenExample::Zeexygen_Four +.. zeek:id:: ZeekygenExample::Zeekygen_Four :Type: :zeek:type:`Notice::Type` Omitting comments is fine, and so is mixing ``##`` and ``##<``, but it's probably best to use only one style consistently. -.. zeek:id:: ZeexygenExample::LOG +.. zeek:id:: ZeekygenExample::LOG :Type: :zeek:type:`Log::ID` -.. zeek:type:: ZeexygenExample::SimpleEnum +.. zeek:type:: ZeekygenExample::SimpleEnum :Type: :zeek:type:`enum` - .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::ONE ZeekygenExample::SimpleEnum Documentation for particular enum values is added like this. And can also span multiple lines. - .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::TWO ZeekygenExample::SimpleEnum Or this style is valid to document the preceding enum value. - .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::THREE ZeekygenExample::SimpleEnum - .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FOUR ZeekygenExample::SimpleEnum And some documentation for "FOUR". - .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + .. zeek:enum:: ZeekygenExample::FIVE ZeekygenExample::SimpleEnum Also "FIVE". Documentation for the "SimpleEnum" type goes here. It can span multiple lines. -.. zeek:id:: ZeexygenExample::ONE +.. zeek:id:: ZeekygenExample::ONE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Documentation for particular enum values is added like this. And can also span multiple lines. -.. zeek:id:: ZeexygenExample::TWO +.. zeek:id:: ZeekygenExample::TWO - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Or this style is valid to document the preceding enum value. -.. zeek:id:: ZeexygenExample::THREE +.. zeek:id:: ZeekygenExample::THREE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` -.. zeek:id:: ZeexygenExample::FOUR +.. zeek:id:: ZeekygenExample::FOUR - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` And some documentation for "FOUR". -.. zeek:id:: ZeexygenExample::FIVE +.. zeek:id:: ZeekygenExample::FIVE - :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + :Type: :zeek:type:`ZeekygenExample::SimpleEnum` Also "FIVE". -.. zeek:type:: ZeexygenExample::SimpleRecord +.. zeek:type:: ZeekygenExample::SimpleRecord :Type: :zeek:type:`record` @@ -103,7 +103,7 @@ The way fields can be documented is similar to what's already seen for enums. -.. zeek:type:: ZeexygenExample::ComplexRecord +.. zeek:type:: ZeekygenExample::ComplexRecord :Type: :zeek:type:`record` @@ -113,8 +113,8 @@ field2: :zeek:type:`bool` Toggles something. - field3: :zeek:type:`ZeexygenExample::SimpleRecord` - Zeexygen automatically tracks types + field3: :zeek:type:`ZeekygenExample::SimpleRecord` + Zeekygen automatically tracks types and cross-references are automatically inserted in to generated docs. @@ -124,7 +124,7 @@ General documentation for a type "ComplexRecord" goes here. -.. zeek:type:: ZeexygenExample::Info +.. zeek:type:: ZeekygenExample::Info :Type: :zeek:type:`record` @@ -140,7 +140,7 @@ fields plus the extensions and the scripts which contributed to it (provided they are also @load'ed). -.. zeek:id:: ZeexygenExample::an_option +.. zeek:id:: ZeekygenExample::an_option :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] :Attributes: :zeek:attr:`&redef` @@ -149,7 +149,7 @@ Add documentation for "an_option" here. The type/attribute information is all generated automatically. -.. zeek:id:: ZeexygenExample::option_with_init +.. zeek:id:: ZeekygenExample::option_with_init :Type: :zeek:type:`interval` :Attributes: :zeek:attr:`&redef` @@ -158,7 +158,7 @@ Default initialization will be generated automatically. More docs can be added here. -.. zeek:id:: ZeexygenExample::a_var +.. zeek:id:: ZeekygenExample::a_var :Type: :zeek:type:`bool` @@ -166,14 +166,14 @@ isn't a function/event/hook is classified as a "state variable" in the generated docs. -.. zeek:id:: ZeexygenExample::var_without_explicit_type +.. zeek:id:: ZeekygenExample::var_without_explicit_type :Type: :zeek:type:`string` :Default: ``"this works"`` Types are inferred, that information is self-documenting. -.. zeek:id:: ZeexygenExample::summary_test +.. zeek:id:: ZeekygenExample::summary_test :Type: :zeek:type:`string` @@ -181,7 +181,7 @@ And this second sentence doesn't show in the short description provided by the table of all identifiers declared by this script. -.. zeek:id:: ZeexygenExample::a_function +.. zeek:id:: ZeekygenExample::a_function :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` @@ -200,26 +200,26 @@ :returns: Describe the return type here. -.. zeek:id:: ZeexygenExample::an_event +.. zeek:id:: ZeekygenExample::an_event :Type: :zeek:type:`event` (name: :zeek:type:`string`) Summarize "an_event" here. Give more details about "an_event" here. - ZeexygenExample::a_function should not be confused as a parameter + ZeekygenExample::a_function should not be confused as a parameter in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + link. Use the see role instead: :zeek:see:`ZeekygenExample::a_function`. :name: Describe the argument here. -.. zeek:id:: ZeexygenExample::function_without_proto +.. zeek:id:: ZeekygenExample::function_without_proto :Type: :zeek:type:`function` (tag: :zeek:type:`string`) : :zeek:type:`string` -.. zeek:type:: ZeexygenExample::PrivateRecord +.. zeek:type:: ZeekygenExample::PrivateRecord :Type: :zeek:type:`record` diff --git a/testing/btest/Baseline/doc.zeexygen.package/test.rst b/testing/btest/Baseline/doc.zeekygen.package/test.rst similarity index 70% rename from testing/btest/Baseline/doc.zeexygen.package/test.rst rename to testing/btest/Baseline/doc.zeekygen.package/test.rst index 345b2b6847..6ced7b797e 100644 --- a/testing/btest/Baseline/doc.zeexygen.package/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.package/test.rst @@ -1,19 +1,19 @@ :orphan: -Package: zeexygen +Package: zeekygen ================= This package is loaded during the process which automatically generates -reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/zeexygen/__load__.zeek` +:doc:`/scripts/zeekygen/__load__.zeek` -:doc:`/scripts/zeexygen/example.zeek` +:doc:`/scripts/zeekygen/example.zeek` - This is an example script that demonstrates Zeexygen-style + This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -28,10 +28,10 @@ extra scripts needed or used by the documentation process. There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :zeek:see:`ZeexygenExample::a_var`, - :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + See also: :zeek:see:`ZeekygenExample::a_var`, + :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst b/testing/btest/Baseline/doc.zeekygen.package_index/test.rst similarity index 68% rename from testing/btest/Baseline/doc.zeexygen.package_index/test.rst rename to testing/btest/Baseline/doc.zeekygen.package_index/test.rst index 4a854e9736..df9907bd1b 100644 --- a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.package_index/test.rst @@ -1,7 +1,7 @@ -:doc:`zeexygen ` +:doc:`zeekygen ` This package is loaded during the process which automatically generates - reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only + reference documentation for all Zeek scripts (i.e. "Zeekygen"). Its only purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. diff --git a/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.zeekygen.records/autogen-reST-records.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst rename to testing/btest/Baseline/doc.zeekygen.records/autogen-reST-records.rst diff --git a/testing/btest/Baseline/doc.zeekygen.script_index/test.rst b/testing/btest/Baseline/doc.zeekygen.script_index/test.rst new file mode 100644 index 0000000000..1ca04759bb --- /dev/null +++ b/testing/btest/Baseline/doc.zeekygen.script_index/test.rst @@ -0,0 +1,5 @@ +.. toctree:: + :maxdepth: 1 + + zeekygen/__load__.zeek + zeekygen/example.zeek diff --git a/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst b/testing/btest/Baseline/doc.zeekygen.script_summary/test.rst similarity index 71% rename from testing/btest/Baseline/doc.zeexygen.script_summary/test.rst rename to testing/btest/Baseline/doc.zeekygen.script_summary/test.rst index 3dd189ca77..7f3885b86e 100644 --- a/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.zeekygen.script_summary/test.rst @@ -1,5 +1,5 @@ -:doc:`/scripts/zeexygen/example.zeek` - This is an example script that demonstrates Zeexygen-style +:doc:`/scripts/zeekygen/example.zeek` + This is an example script that demonstrates Zeekygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -14,10 +14,10 @@ There's also a custom role to reference any identifier node in the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :zeek:see:`ZeexygenExample::a_var`, - :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + See also: :zeek:see:`ZeekygenExample::a_var`, + :zeek:see:`ZeekygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + .. zeek:see:: ZeekygenExample::a_var ZeekygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst similarity index 60% rename from testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst rename to testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst index 7f60859a5a..4dfae471c4 100644 --- a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst +++ b/testing/btest/Baseline/doc.zeekygen.type-aliases/autogen-reST-type-aliases.rst @@ -1,16 +1,16 @@ -.. zeek:type:: ZeexygenTest::TypeAlias +.. zeek:type:: ZeekygenTest::TypeAlias :Type: :zeek:type:`bool` This is just an alias for a builtin type ``bool``. -.. zeek:type:: ZeexygenTest::NotTypeAlias +.. zeek:type:: ZeekygenTest::NotTypeAlias :Type: :zeek:type:`bool` This type should get its own comments, not associated w/ TypeAlias. -.. zeek:type:: ZeexygenTest::OtherTypeAlias +.. zeek:type:: ZeekygenTest::OtherTypeAlias :Type: :zeek:type:`bool` @@ -19,25 +19,25 @@ one doesn't have to click through the full type alias chain to find out what the actual type is... -.. zeek:id:: ZeexygenTest::a +.. zeek:id:: ZeekygenTest::a - :Type: :zeek:type:`ZeexygenTest::TypeAlias` + :Type: :zeek:type:`ZeekygenTest::TypeAlias` But this should reference a type of ``TypeAlias``. -.. zeek:id:: ZeexygenTest::b +.. zeek:id:: ZeekygenTest::b - :Type: :zeek:type:`ZeexygenTest::OtherTypeAlias` + :Type: :zeek:type:`ZeekygenTest::OtherTypeAlias` And this should reference a type of ``OtherTypeAlias``. -.. zeek:type:: ZeexygenTest::MyRecord +.. zeek:type:: ZeekygenTest::MyRecord :Type: :zeek:type:`record` - f1: :zeek:type:`ZeexygenTest::TypeAlias` + f1: :zeek:type:`ZeekygenTest::TypeAlias` - f2: :zeek:type:`ZeexygenTest::OtherTypeAlias` + f2: :zeek:type:`ZeekygenTest::OtherTypeAlias` f3: :zeek:type:`bool` diff --git a/testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst b/testing/btest/Baseline/doc.zeekygen.vectors/autogen-reST-vectors.rst similarity index 100% rename from testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst rename to testing/btest/Baseline/doc.zeekygen.vectors/autogen-reST-vectors.rst diff --git a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst b/testing/btest/Baseline/doc.zeexygen.script_index/test.rst deleted file mode 100644 index eab6c439b2..0000000000 --- a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst +++ /dev/null @@ -1,5 +0,0 @@ -.. toctree:: - :maxdepth: 1 - - zeexygen/__load__.zeek - zeexygen/example.zeek diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index aa27d73819..0fea39bacc 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -785,7 +785,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/zeexygen.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/zeekygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 @@ -1688,7 +1688,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/utils.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/variance.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/zeexygen.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/zeekygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) @@ -2599,7 +2599,7 @@ 0.000000 | HookLoadFile .<...>/variance.zeek 0.000000 | HookLoadFile .<...>/video.sig 0.000000 | HookLoadFile .<...>/weird.zeek -0.000000 | HookLoadFile .<...>/zeexygen.bif.zeek +0.000000 | HookLoadFile .<...>/zeekygen.bif.zeek 0.000000 | HookLoadFile <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.zeek diff --git a/testing/btest/coverage/broxygen.sh b/testing/btest/coverage/broxygen.sh index 4dd12f27fe..6bc43d9c90 100644 --- a/testing/btest/coverage/broxygen.sh +++ b/testing/btest/coverage/broxygen.sh @@ -1,12 +1,12 @@ # This check piggy-backs on the test-all-policy.zeek test, assuming that every # loadable script is referenced there. The only additional check here is -# that the zeexygen package should even load scripts that are commented -# out in test-all-policy.zeek because the zeexygen package is only loaded +# that the zeekygen package should even load scripts that are commented +# out in test-all-policy.zeek because the zeekygen package is only loaded # when generated documentation and will terminate has soon as zeek_init # is handled, even if a script will e.g. put Zeek into listen mode or otherwise # cause it to not terminate after scripts are parsed. -# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeexygen/__load__.zeek +# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeekygen/__load__.zeek error_count=0 @@ -22,10 +22,10 @@ if [ $# -ne 2 ]; then fi all_loads=$(egrep "#[[:space:]]*@load.*" $1 | sed 's/#[[:space:]]*@load[[:space:]]*//g') -zeexygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') +zeekygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') for f in $all_loads; do - echo "$zeexygen_loads" | grep -q $f || error_msg "$f not loaded in zeexygen/__load__.zeek" + echo "$zeekygen_loads" | grep -q $f || error_msg "$f not loaded in zeekygen/__load__.zeek" done if [ $error_count -gt 0 ]; then diff --git a/testing/btest/coverage/sphinx-broxygen-docs.sh b/testing/btest/coverage/sphinx-zeekygen-docs.sh similarity index 85% rename from testing/btest/coverage/sphinx-broxygen-docs.sh rename to testing/btest/coverage/sphinx-zeekygen-docs.sh index d508a8361f..b5e3d7262c 100644 --- a/testing/btest/coverage/sphinx-broxygen-docs.sh +++ b/testing/btest/coverage/sphinx-zeekygen-docs.sh @@ -1,11 +1,11 @@ -# This script checks whether the reST docs generated by zeexygen are stale. +# This script checks whether the reST docs generated by zeekygen are stale. # If this test fails when testing the master branch, then simply run: # -# testing/scripts/gen-zeexygen-docs.sh +# testing/scripts/update-zeekygen-docs.sh # # and then commit the changes. # -# @TEST-EXEC: bash $SCRIPTS/gen-zeexygen-docs.sh ./doc +# @TEST-EXEC: bash $SCRIPTS/update-zeekygen-docs.sh ./doc # @TEST-EXEC: bash %INPUT if [ -n "$TRAVIS_PULL_REQUEST" ]; then @@ -33,7 +33,7 @@ function check_diff echo "If this fails in the master branch or when merging to master," 1>&2 echo "re-run the following command:" 1>&2 echo "" 1>&2 - echo " $SCRIPTS/gen-zeexygen-docs.sh" 1>&2 + echo " $SCRIPTS/update-zeekygen-docs.sh" 1>&2 echo "" 1>&2 echo "Then commit/push the changes in the zeek-docs repo" 1>&2 echo "(the doc/ directory in the zeek repo)." 1>&2 diff --git a/testing/btest/doc/zeexygen/command_line.zeek b/testing/btest/doc/zeekygen/command_line.zeek similarity index 100% rename from testing/btest/doc/zeexygen/command_line.zeek rename to testing/btest/doc/zeekygen/command_line.zeek diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeekygen/comment_retrieval_bifs.zeek similarity index 100% rename from testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek rename to testing/btest/doc/zeekygen/comment_retrieval_bifs.zeek diff --git a/testing/btest/doc/zeexygen/enums.zeek b/testing/btest/doc/zeekygen/enums.zeek similarity index 89% rename from testing/btest/doc/zeexygen/enums.zeek rename to testing/btest/doc/zeekygen/enums.zeek index a385a36a6c..59115a4631 100644 --- a/testing/btest/doc/zeexygen/enums.zeek +++ b/testing/btest/doc/zeekygen/enums.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-enums.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier TestEnum* autogen-reST-enums.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/example.zeek b/testing/btest/doc/zeekygen/example.zeek new file mode 100644 index 0000000000..b4c7c713ef --- /dev/null +++ b/testing/btest/doc/zeekygen/example.zeek @@ -0,0 +1,8 @@ +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeekygen.config %INPUT +# @TEST-EXEC: btest-diff example.rst + +@TEST-START-FILE zeekygen.config +script zeekygen/example.zeek example.rst +@TEST-END-FILE + +@load zeekygen/example diff --git a/testing/btest/doc/zeexygen/func-params.zeek b/testing/btest/doc/zeekygen/func-params.zeek similarity index 83% rename from testing/btest/doc/zeexygen/func-params.zeek rename to testing/btest/doc/zeekygen/func-params.zeek index 5facba3e05..2b87aa2ea1 100644 --- a/testing/btest/doc/zeexygen/func-params.zeek +++ b/testing/btest/doc/zeekygen/func-params.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-func-params.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier test_func_params* autogen-reST-func-params.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/identifier.zeek b/testing/btest/doc/zeekygen/identifier.zeek new file mode 100644 index 0000000000..383c43be09 --- /dev/null +++ b/testing/btest/doc/zeekygen/identifier.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +identifier ZeekygenExample::* test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/package.zeek b/testing/btest/doc/zeekygen/package.zeek new file mode 100644 index 0000000000..7cb30cff21 --- /dev/null +++ b/testing/btest/doc/zeekygen/package.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +package zeekygen test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/package_index.zeek b/testing/btest/doc/zeekygen/package_index.zeek new file mode 100644 index 0000000000..4d746509b5 --- /dev/null +++ b/testing/btest/doc/zeekygen/package_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +package_index zeekygen test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeexygen/records.zeek b/testing/btest/doc/zeekygen/records.zeek similarity index 84% rename from testing/btest/doc/zeexygen/records.zeek rename to testing/btest/doc/zeekygen/records.zeek index 0c1f668df9..67757f0c61 100644 --- a/testing/btest/doc/zeexygen/records.zeek +++ b/testing/btest/doc/zeekygen/records.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-records.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier TestRecord* autogen-reST-records.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeekygen/script_index.zeek b/testing/btest/doc/zeekygen/script_index.zeek new file mode 100644 index 0000000000..5db6141a0b --- /dev/null +++ b/testing/btest/doc/zeekygen/script_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +script_index zeekygen/* test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeekygen/script_summary.zeek b/testing/btest/doc/zeekygen/script_summary.zeek new file mode 100644 index 0000000000..c3d647ea0c --- /dev/null +++ b/testing/btest/doc/zeekygen/script_summary.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeekygen.config +script_summary zeekygen/example.zeek test.rst +@TEST-END-FILE + +@load zeekygen diff --git a/testing/btest/doc/zeexygen/type-aliases.zeek b/testing/btest/doc/zeekygen/type-aliases.zeek similarity index 81% rename from testing/btest/doc/zeexygen/type-aliases.zeek rename to testing/btest/doc/zeekygen/type-aliases.zeek index 40a6e24417..e42b953d58 100644 --- a/testing/btest/doc/zeexygen/type-aliases.zeek +++ b/testing/btest/doc/zeekygen/type-aliases.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst -@TEST-START-FILE zeexygen.config -identifier ZeexygenTest::* autogen-reST-type-aliases.rst +@TEST-START-FILE zeekygen.config +identifier ZeekygenTest::* autogen-reST-type-aliases.rst @TEST-END-FILE -module ZeexygenTest; +module ZeekygenTest; export { ## This is just an alias for a builtin type ``bool``. diff --git a/testing/btest/doc/zeexygen/vectors.zeek b/testing/btest/doc/zeekygen/vectors.zeek similarity index 83% rename from testing/btest/doc/zeexygen/vectors.zeek rename to testing/btest/doc/zeekygen/vectors.zeek index 8a16a58149..431413a337 100644 --- a/testing/btest/doc/zeexygen/vectors.zeek +++ b/testing/btest/doc/zeekygen/vectors.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-vectors.rst -@TEST-START-FILE zeexygen.config +@TEST-START-FILE zeekygen.config identifier test_vector* autogen-reST-vectors.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/example.zeek b/testing/btest/doc/zeexygen/example.zeek deleted file mode 100644 index 53179dac39..0000000000 --- a/testing/btest/doc/zeexygen/example.zeek +++ /dev/null @@ -1,8 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeexygen.config %INPUT -# @TEST-EXEC: btest-diff example.rst - -@TEST-START-FILE zeexygen.config -script zeexygen/example.zeek example.rst -@TEST-END-FILE - -@load zeexygen/example diff --git a/testing/btest/doc/zeexygen/identifier.zeek b/testing/btest/doc/zeexygen/identifier.zeek deleted file mode 100644 index 38a4f274ad..0000000000 --- a/testing/btest/doc/zeexygen/identifier.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -identifier ZeexygenExample::* test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/package.zeek b/testing/btest/doc/zeexygen/package.zeek deleted file mode 100644 index 7038b5b50a..0000000000 --- a/testing/btest/doc/zeexygen/package.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -package zeexygen test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/package_index.zeek b/testing/btest/doc/zeexygen/package_index.zeek deleted file mode 100644 index 3a0c92ca71..0000000000 --- a/testing/btest/doc/zeexygen/package_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -package_index zeexygen test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_index.zeek b/testing/btest/doc/zeexygen/script_index.zeek deleted file mode 100644 index f92513d632..0000000000 --- a/testing/btest/doc/zeexygen/script_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -script_index zeexygen/* test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_summary.zeek b/testing/btest/doc/zeexygen/script_summary.zeek deleted file mode 100644 index 9378417f08..0000000000 --- a/testing/btest/doc/zeexygen/script_summary.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE zeexygen.config -script_summary zeexygen/example.zeek test.rst -@TEST-END-FILE - -@load zeexygen diff --git a/testing/scripts/gen-zeexygen-docs.sh b/testing/scripts/update-zeekygen-docs.sh similarity index 88% rename from testing/scripts/gen-zeexygen-docs.sh rename to testing/scripts/update-zeekygen-docs.sh index 66287b01aa..19369ae46a 100755 --- a/testing/scripts/gen-zeexygen-docs.sh +++ b/testing/scripts/update-zeekygen-docs.sh @@ -11,9 +11,9 @@ unset BRO_DEFAULT_CONNECT_RETRY dir="$( cd "$( dirname "$0" )" && pwd )" source_dir="$( cd $dir/../.. && pwd )" build_dir=$source_dir/build -conf_file=$build_dir/zeexygen-test.conf +conf_file=$build_dir/zeekygen-test.conf output_dir=$source_dir/doc -zeek_error_file=$build_dir/zeexygen-test-stderr.txt +zeek_error_file=$build_dir/zeekygen-test-stderr.txt if [ -n "$1" ]; then output_dir=$1 @@ -30,10 +30,10 @@ export BRO_SEED_FILE=$source_dir/testing/btest/random.seed function run_zeek { - ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeexygen >/dev/null 2>$zeek_error_file + ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeekygen >/dev/null 2>$zeek_error_file if [ $? -ne 0 ]; then - echo "Failed running zeek with zeexygen config file $conf_file" + echo "Failed running zeek with zeekygen config file $conf_file" echo "See stderr in $zeek_error_file" exit 1 fi From c640dd70cc4229b07192a9739ece5f90d02151da Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 2 May 2019 22:49:40 -0700 Subject: [PATCH 22/51] Install local.zeek as symlink to pre-existing local.bro This a convenience for those that are upgrading. If we didn't do this, then deployments can silently break until the user intervenes since BroControl now prefers to load the initially-vanilla local.zeek instead of the formerly-customized local.bro. --- CHANGES | 9 +++++++++ NEWS | 11 +++++++---- VERSION | 2 +- scripts/CMakeLists.txt | 23 +++++++++++++++++++++-- 4 files changed, 38 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index c011e1ca3b..11e3ec5d8f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,13 @@ +2.6-263 | 2019-05-02 22:49:40 -0700 + + * Install local.zeek as symlink to pre-existing local.bro (Jon Siwek, Corelight) + + This a convenience for those that are upgrading. If we didn't do + this, then deployments can silently break until the user intervenes + since BroControl now prefers to load the initially-vanilla local.zeek + instead of the formerly-customized local.bro. + 2.6-262 | 2019-05-02 21:39:01 -0700 * Rename Zeexygen to Zeekygen (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index 16c51b3c2b..082ad782b1 100644 --- a/NEWS +++ b/NEWS @@ -80,10 +80,13 @@ Changed Functionality --------------------- - ``$prefix/share/bro/site/local.bro`` has been renamed to - ``local.zeek``. If you have made customizations to that file, it - will no longer be loaded by default by BroControl (ZeekControl), - but you can simply copy it to ``local.zeek`. You may also want to - remove old ``local.bro`` files to avoid potential confusion. + ``local.zeek``. If you have a ``local.bro`` file from a previous + installation, possibly with customizations made to it, the new + version of Zeek will install a ``local.zeek`` file that is a symlink + to the pre-existing ``local.bro``. In that case, you may want to + just copy ``local.bro`` into the new ``local.zeek`` location to + avoid confusion, but things are otherwise meant to work properly + without intervention. - All scripts ending in ``.bro`` that ship with the Zeek source tree have been renamed to ``.zeek``. diff --git a/VERSION b/VERSION index 1733e8d0df..733b341e51 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-262 +2.6-263 diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 189c9b9df8..9a3f596add 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -8,8 +8,27 @@ install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING PATTERN "*.fp" ) -# Install all local* scripts as config files since they are meant to be -# user modify-able. +if ( NOT BINARY_PACKAGING_MODE ) + # If the user has a local.bro file from a previous installation, prefer to + # symlink local.zeek to it to avoid breaking their custom configuration -- + # because BroControl will now prefer to load local.zeek rather than local.bro + # and we're about to install a default version of local.zeek. + + set(_local_bro_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.bro) + set(_local_zeek_dst ${BRO_SCRIPT_INSTALL_PATH}/site/local.zeek) + + install(CODE " + if ( \"\$ENV{DESTDIR}\" STREQUAL \"\" ) + if ( EXISTS \"${_local_bro_dst}\" AND NOT EXISTS \"${_local_zeek_dst}\" ) + message(STATUS \"WARNING: installed ${_local_zeek_dst} as symlink to ${_local_bro_dst}\") + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink + \"${_local_bro_dst}\" \"${_local_zeek_dst}\") + endif () + endif () + ") +endif () + +# Install local script as a config file since it's meant to be modified directly. InstallPackageConfigFile( ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek ${BRO_SCRIPT_INSTALL_PATH}/site From eda761080690debd64d25eab0bc027c185ef743a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 3 May 2019 11:16:38 -0700 Subject: [PATCH 23/51] Fix sporadic openflow/broker test failure Looked like a possible race condition in how the test was structured: an endpoint sees its peer got lost and likewise exits immediately before having a chance to process events the peer had sent just before exiting. Fix is to reverse which endpoint initiates the termination sequence so we can be sure we see the required events. --- CHANGES | 4 +++ VERSION | 2 +- .../frameworks/openflow/broker-basic.zeek | 31 +++++++------------ 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index 11e3ec5d8f..7ac58d9f4a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-264 | 2019-05-03 11:16:38 -0700 + + * Fix sporadic openflow/broker test failure (Jon Siwek, Corelight) + 2.6-263 | 2019-05-02 22:49:40 -0700 * Install local.zeek as symlink to pre-existing local.bro (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 733b341e51..70f4699737 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-263 +2.6-264 diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index 3cce7bda1e..70c7203170 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -55,14 +55,26 @@ event connection_established(c: connection) OpenFlow::flow_mod(of_controller, match_rev, flow_mod); } +global msg_count: count = 0; + +function got_message() + { + ++msg_count; + + if ( msg_count == 6 ) + terminate(); + } + event OpenFlow::flow_mod_success(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string) { print "Flow_mod_success"; + got_message(); } event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string) { print "Flow_mod_failure"; + got_message(); } @TEST-END-FILE @@ -73,13 +85,6 @@ event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_ redef exit_only_after_terminate = T; -global msg_count: count = 0; - -event die() - { - terminate(); - } - event zeek_init() { Broker::subscribe("bro/openflow"); @@ -96,28 +101,16 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) terminate(); } -function got_message() - { - ++msg_count; - - if ( msg_count >= 4 ) - { - schedule 2sec { die() }; - } - } - event OpenFlow::broker_flow_mod(name: string, dpid: count, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod) { print "got flow_mod", dpid, match, flow_mod; Broker::publish("bro/openflow", OpenFlow::flow_mod_success, name, match, flow_mod, ""); Broker::publish("bro/openflow", OpenFlow::flow_mod_failure, name, match, flow_mod, ""); - got_message(); } event OpenFlow::broker_flow_clear(name: string, dpid: count) { print "flow_clear", dpid; - got_message(); } @TEST-END-FILE From dcd645453082b1bef5e004338dcf3dbadb00e4f5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 3 May 2019 13:07:21 -0700 Subject: [PATCH 24/51] Remove RemoteSerializer and related code/types. Also removes broccoli from the source tree. --- .gitmodules | 3 - CMakeLists.txt | 2 - NEWS | 6 + aux/broccoli | 1 - configure | 6 - .../base/frameworks/cluster/nodes/logger.zeek | 3 - .../frameworks/cluster/nodes/manager.zeek | 3 - .../base/frameworks/cluster/nodes/proxy.zeek | 4 - .../frameworks/packet-filter/cluster.zeek | 8 +- scripts/base/init-bare.zeek | 87 - src/CMakeLists.txt | 1 - src/ChunkedIO.cc | 3 +- src/Event.cc | 18 - src/Event.h | 3 - src/EventHandler.cc | 18 - src/EventHandler.h | 7 - src/EventRegistry.cc | 2 +- src/Expr.cc | 1 - src/Func.cc | 1 - src/ID.cc | 6 - src/Net.cc | 9 +- src/Net.h | 4 - src/NetVar.cc | 21 - src/NetVar.h | 10 - src/RemoteSerializer.cc | 4586 ----------------- src/RemoteSerializer.h | 524 -- src/SerialInfo.h | 2 + src/Serializer.cc | 1 - src/Sessions.h | 1 - src/StateAccess.cc | 208 +- src/StateAccess.h | 2 - src/Stmt.cc | 4 - src/Timer.cc | 1 - src/Timer.h | 1 - src/Val.cc | 36 +- src/Var.cc | 1 - src/analyzer/protocol/tcp/TCP_Reassembler.cc | 1 + src/analyzer/protocol/tcp/functions.bif | 1 + src/bro.bif | 6 +- src/broker/Data.cc | 1 + src/broker/Manager.h | 1 + src/event.bif | 195 - src/file_analysis/analyzer/extract/Extract.cc | 1 + src/input/Manager.h | 1 - src/iosource/Packet.cc | 2 + src/iosource/PktSrc.cc | 24 - src/logging/Manager.cc | 41 +- src/logging/Manager.h | 6 - src/logging/WriterBackend.cc | 1 + src/logging/WriterBackend.h | 2 - src/logging/WriterFrontend.cc | 12 - src/main.cc | 13 - src/threading/SerialTypes.cc | 4 +- src/threading/SerialTypes.h | 3 - .../Baseline/coverage.bare-mode-errors/errors | 4 + 55 files changed, 79 insertions(+), 5834 deletions(-) delete mode 160000 aux/broccoli delete mode 100644 src/RemoteSerializer.cc delete mode 100644 src/RemoteSerializer.h diff --git a/.gitmodules b/.gitmodules index 5efc3b0fb8..c7a9313543 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,9 +4,6 @@ [submodule "aux/binpac"] path = aux/binpac url = https://github.com/zeek/binpac -[submodule "aux/broccoli"] - path = aux/broccoli - url = https://github.com/zeek/broccoli [submodule "aux/broctl"] path = aux/broctl url = https://github.com/zeek/broctl diff --git a/CMakeLists.txt b/CMakeLists.txt index cfe0b29ed9..c2110d3da8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -326,7 +326,6 @@ include(CheckOptionalBuildSources) CheckOptionalBuildSources(aux/broctl Broctl INSTALL_BROCTL) CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS) -CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI) ######################################################################## ## Packaging Setup @@ -366,7 +365,6 @@ message( "\nCXXFLAGS: ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}" "\nCPP: ${CMAKE_CXX_COMPILER}" "\n" - "\nBroccoli: ${INSTALL_BROCCOLI}" "\nBroctl: ${INSTALL_BROCTL}" "\nAux. Tools: ${INSTALL_AUX_TOOLS}" "\n" diff --git a/NEWS b/NEWS index 2dd94ccc4b..bd3cb601c0 100644 --- a/NEWS +++ b/NEWS @@ -241,6 +241,12 @@ Removed Functionality - ``dhcp_offer`` - ``dhcp_release`` - ``dhcp_request`` + - ``remote_state_access_performed`` + - ``remote_state_inconsistency`` + - ``remote_log_peer`` + - ``remote_log`` + - ``finished_send_state`` + - ``remote_pong`` Deprecated Functionality ------------------------ diff --git a/aux/broccoli b/aux/broccoli deleted file mode 160000 index 8668422406..0000000000 --- a/aux/broccoli +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8668422406cb74f4f0c574a0c9b6365a21f3e81a diff --git a/configure b/configure index 98bfc5308d..12ef158d9b 100755 --- a/configure +++ b/configure @@ -51,7 +51,6 @@ Usage: $0 [OPTION]... [VAR=VALUE]... (automatically on when perftools is present on Linux) --enable-perftools-debug use Google's perftools for debugging --enable-jemalloc link against jemalloc - --enable-broccoli build or install the Broccoli library (deprecated) --enable-static-broker build broker statically (ignored if --with-broker is specified) --enable-static-binpac build binpac statically (ignored if --with-binpac is specified) --disable-broctl don't install Broctl @@ -140,7 +139,6 @@ append_cache_entry ENABLE_PERFTOOLS BOOL false append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false append_cache_entry ENABLE_JEMALLOC BOOL false append_cache_entry BUILD_SHARED_LIBS BOOL true -append_cache_entry INSTALL_BROCCOLI BOOL false append_cache_entry INSTALL_AUX_TOOLS BOOL true append_cache_entry INSTALL_BROCTL BOOL true append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING @@ -221,10 +219,6 @@ while [ $# -ne 0 ]; do --enable-jemalloc) append_cache_entry ENABLE_JEMALLOC BOOL true ;; - --enable-broccoli) - append_cache_entry DISABLE_RUBY_BINDINGS BOOL true - append_cache_entry INSTALL_BROCCOLI BOOL yes - ;; --enable-static-broker) append_cache_entry BUILD_STATIC_BROKER BOOL true ;; diff --git a/scripts/base/frameworks/cluster/nodes/logger.zeek b/scripts/base/frameworks/cluster/nodes/logger.zeek index 39dcb751df..03a422e460 100644 --- a/scripts/base/frameworks/cluster/nodes/logger.zeek +++ b/scripts/base/frameworks/cluster/nodes/logger.zeek @@ -24,6 +24,3 @@ redef Log::default_mail_alarms_interval = 24 hrs; ## Use the cluster's archive logging script. redef Log::default_rotation_postprocessor_cmd = "archive-log"; - -## We're processing essentially *only* remote events. -redef max_remote_events_processed = 10000; diff --git a/scripts/base/frameworks/cluster/nodes/manager.zeek b/scripts/base/frameworks/cluster/nodes/manager.zeek index e54b090522..8858025a25 100644 --- a/scripts/base/frameworks/cluster/nodes/manager.zeek +++ b/scripts/base/frameworks/cluster/nodes/manager.zeek @@ -21,6 +21,3 @@ redef Log::default_rotation_interval = 24 hrs; ## Use the cluster's delete-log script. redef Log::default_rotation_postprocessor_cmd = "delete-log"; - -## We're processing essentially *only* remote events. -redef max_remote_events_processed = 10000; diff --git a/scripts/base/frameworks/cluster/nodes/proxy.zeek b/scripts/base/frameworks/cluster/nodes/proxy.zeek index e38a5e9109..df2a7c552b 100644 --- a/scripts/base/frameworks/cluster/nodes/proxy.zeek +++ b/scripts/base/frameworks/cluster/nodes/proxy.zeek @@ -5,10 +5,6 @@ @prefixes += cluster-proxy -## The proxy only syncs state; does not forward events. -redef forward_remote_events = F; -redef forward_remote_state_changes = T; - ## Don't do any local logging. redef Log::enable_local_logging = F; diff --git a/scripts/base/frameworks/packet-filter/cluster.zeek b/scripts/base/frameworks/packet-filter/cluster.zeek index 6e41a6045f..b1e1ceaddf 100644 --- a/scripts/base/frameworks/packet-filter/cluster.zeek +++ b/scripts/base/frameworks/packet-filter/cluster.zeek @@ -4,11 +4,11 @@ module PacketFilter; -event remote_connection_handshake_done(p: event_peer) &priority=3 +event Cluster::hello(name: string, id: string) &priority=-3 { - if ( Cluster::local_node_type() == Cluster::WORKER && - p$descr in Cluster::nodes && - Cluster::nodes[p$descr]$node_type == Cluster::MANAGER ) + if ( Cluster::local_node_type() == Cluster::WORKER && + name in Cluster::nodes && + Cluster::nodes[name]$node_type == Cluster::MANAGER ) { # This ensures that a packet filter is installed and logged # after the manager connects to us. diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index d8c3212533..4f9d30ab11 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -775,32 +775,6 @@ type IPAddrAnonymizationClass: enum { OTHER_ADDR, }; -## A locally unique ID identifying a communication peer. The ID is returned by -## :zeek:id:`connect`. -## -## .. zeek:see:: connect -type peer_id: count; - -## A communication peer. -## -## .. zeek:see:: finished_send_state remote_capture_filter -## remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log_peer remote_pong -## send_state -## -## .. todo::The type's name is too narrow these days, should rename. -type event_peer: record { - id: peer_id; ##< Locally unique ID of peer (returned by :zeek:id:`connect`). - host: addr; ##< The IP address of the peer. - ## Either the port we connected to at the peer; or our port the peer - ## connected to if the session is remotely initiated. - p: port; - is_local: bool; ##< True if this record describes the local process. - descr: string; ##< The peer's :zeek:see:`peer_description`. - class: string &optional; ##< The self-assigned *class* of the peer. -}; - ## Deprecated. ## ## .. zeek:see:: rotate_file rotate_file_by_name rotate_interval @@ -1970,10 +1944,6 @@ const watchdog_interval = 10 sec &redef; ## "process all expired timers with each new packet". const max_timer_expires = 300 &redef; -## With a similar trade-off, this gives the number of remote events -## to process in a batch before interleaving other activity. -const max_remote_events_processed = 10 &redef; - # These need to match the definitions in Login.h. # # .. zeek:see:: get_login_state @@ -4740,71 +4710,14 @@ const packet_filter_default = F &redef; ## Maximum size of regular expression groups for signature matching. const sig_max_group_size = 50 &redef; -## Deprecated. No longer functional. -const enable_syslog = F &redef; - ## Description transmitted to remote communication peers for identification. const peer_description = "bro" &redef; -## If true, broadcast events received from one peer to all other peers. -## -## .. zeek:see:: forward_remote_state_changes -## -## .. note:: This option is only temporary and will disappear once we get a -## more sophisticated script-level communication framework. -const forward_remote_events = F &redef; - -## If true, broadcast state updates received from one peer to all other peers. -## -## .. zeek:see:: forward_remote_events -## -## .. note:: This option is only temporary and will disappear once we get a -## more sophisticated script-level communication framework. -const forward_remote_state_changes = F &redef; - ## The number of IO chunks allowed to be buffered between the child ## and parent process of remote communication before Bro starts dropping ## connections to remote peers in an attempt to catch up. const chunked_io_buffer_soft_cap = 800000 &redef; -## Place-holder constant indicating "no peer". -const PEER_ID_NONE = 0; - -# Signature payload pattern types. -# todo:: use enum to help autodoc -# todo:: Still used? -#const SIG_PATTERN_PAYLOAD = 0; -#const SIG_PATTERN_HTTP = 1; -#const SIG_PATTERN_FTP = 2; -#const SIG_PATTERN_FINGER = 3; - -# Deprecated. -# todo::Should use the new logging framework directly. -const REMOTE_LOG_INFO = 1; ##< Deprecated. -const REMOTE_LOG_ERROR = 2; ##< Deprecated. - -# Source of logging messages from the communication framework. -# todo:: these should go into an enum to make them autodoc'able. -const REMOTE_SRC_CHILD = 1; ##< Message from the child process. -const REMOTE_SRC_PARENT = 2; ##< Message from the parent process. -const REMOTE_SRC_SCRIPT = 3; ##< Message from a policy script. - -## Synchronize trace processing at a regular basis in pseudo-realtime mode. -## -## .. zeek:see:: remote_trace_sync_peers -const remote_trace_sync_interval = 0 secs &redef; - -## Number of peers across which to synchronize trace processing in -## pseudo-realtime mode. -## -## .. zeek:see:: remote_trace_sync_interval -const remote_trace_sync_peers = 0 &redef; - -## Whether for :zeek:attr:`&synchronized` state to send the old value as a -## consistency check. -const remote_check_sync_consistency = F &redef; - -## Reassemble the beginning of all TCP connections before doing ## signature matching. Enabling this provides more accurate matching at the ## expense of CPU cycles. ## diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index dcf787043e..b15bc1fd36 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -295,7 +295,6 @@ set(bro_SRCS RandTest.cc RE.cc Reassem.cc - RemoteSerializer.cc Rule.cc RuleAction.cc RuleCondition.cc diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index d2cdbc6425..c57ab34dc8 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -14,7 +14,6 @@ #include "bro-config.h" #include "ChunkedIO.h" #include "NetVar.h" -#include "RemoteSerializer.h" ChunkedIO::ChunkedIO() : stats(), tag(), pure() { @@ -377,7 +376,7 @@ ChunkedIO::Chunk* ChunkedIOFd::ConcatChunks(Chunk* c1, Chunk* c2) void ChunkedIO::Log(const char* str) { - RemoteSerializer::Log(RemoteSerializer::LogError, str); + //RemoteSerializer::Log(RemoteSerializer::LogError, str); } bool ChunkedIOFd::Read(Chunk** chunk, bool may_block) diff --git a/src/Event.cc b/src/Event.cc index 8b87caa9b1..f033a01e40 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -189,21 +189,3 @@ void EventMgr::Describe(ODesc* d) const d->NL(); } } - -RecordVal* EventMgr::GetLocalPeerVal() - { - if ( ! src_val ) - { - src_val = new RecordVal(peer); - src_val->Assign(0, val_mgr->GetCount(0)); - src_val->Assign(1, new AddrVal("127.0.0.1")); - src_val->Assign(2, val_mgr->GetPort(0)); - src_val->Assign(3, val_mgr->GetTrue()); - - Ref(peer_description); - src_val->Assign(4, peer_description); - src_val->Assign(5, 0); // class (optional). - } - - return src_val; - } diff --git a/src/Event.h b/src/Event.h index 1b23f304f2..cafe0057d6 100644 --- a/src/Event.h +++ b/src/Event.h @@ -129,9 +129,6 @@ public: int Size() const { return num_events_queued - num_events_dispatched; } - // Returns a peer record describing the local Bro. - RecordVal* GetLocalPeerVal(); - void Describe(ODesc* d) const override; protected: diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 08e8728d6f..718e6d6ae8 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -2,7 +2,6 @@ #include "EventHandler.h" #include "Func.h" #include "Scope.h" -#include "RemoteSerializer.h" #include "NetVar.h" #include "broker/Manager.h" @@ -28,7 +27,6 @@ EventHandler::~EventHandler() EventHandler::operator bool() const { return enabled && ((local && local->HasBodies()) - || receivers.length() || generate_always || ! auto_publish.empty()); } @@ -73,12 +71,6 @@ void EventHandler::Call(val_list* vl, bool no_remote) if ( ! no_remote ) { - loop_over_list(receivers, i) - { - SerialInfo info(remote_serializer); - remote_serializer->SendCall(&info, receivers[i], name, vl); - } - if ( ! auto_publish.empty() ) { // Send event in form [name, xs...] where xs represent the arguments. @@ -179,16 +171,6 @@ void EventHandler::NewEvent(val_list* vl) mgr.Dispatch(ev); } -void EventHandler::AddRemoteHandler(SourceID peer) - { - receivers.append(peer); - } - -void EventHandler::RemoveRemoteHandler(SourceID peer) - { - receivers.remove(peer); - } - bool EventHandler::Serialize(SerialInfo* info) const { return SERIALIZE(name); diff --git a/src/EventHandler.h b/src/EventHandler.h index bad3d278fa..216badee4b 100644 --- a/src/EventHandler.h +++ b/src/EventHandler.h @@ -26,9 +26,6 @@ public: void SetLocalHandler(Func* f); - void AddRemoteHandler(SourceID peer); - void RemoveRemoteHandler(SourceID peer); - void AutoPublish(std::string topic) { auto_publish.insert(std::move(topic)); @@ -75,10 +72,6 @@ private: bool error_handler; // this handler reports error messages. bool generate_always; - declare(List, SourceID); - typedef List(SourceID) receiver_list; - receiver_list receivers; - std::unordered_set auto_publish; }; diff --git a/src/EventRegistry.cc b/src/EventRegistry.cc index e28c7b4176..be3cf13799 100644 --- a/src/EventRegistry.cc +++ b/src/EventRegistry.cc @@ -1,6 +1,6 @@ #include "EventRegistry.h" #include "RE.h" -#include "RemoteSerializer.h" +#include "Reporter.h" void EventRegistry::Register(EventHandlerPtr handler) { diff --git a/src/Expr.cc b/src/Expr.cc index ff039ece35..eccdf1a6b8 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -10,7 +10,6 @@ #include "Scope.h" #include "Stmt.h" #include "EventRegistry.h" -#include "RemoteSerializer.h" #include "Net.h" #include "Traverse.h" #include "Trigger.h" diff --git a/src/Func.cc b/src/Func.cc index cbbbef6fa5..d34f97c197 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -42,7 +42,6 @@ #include "Sessions.h" #include "RE.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "Event.h" #include "Traverse.h" #include "Reporter.h" diff --git a/src/ID.cc b/src/ID.cc index 8b8db85faa..71f7d5f008 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -10,7 +10,6 @@ #include "Scope.h" #include "File.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "Scope.h" #include "Traverse.h" #include "zeexygen/Manager.h" @@ -361,11 +360,6 @@ ID* ID::Unserialize(UnserialInfo* info) else { - if ( info->id_policy != UnserialInfo::InstantiateNew ) - { - remote_serializer->Unregister(current); - } - switch ( info->id_policy ) { case UnserialInfo::Keep: diff --git a/src/Net.cc b/src/Net.cc index b61d365a2a..79b66e1a80 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -49,8 +49,6 @@ int reading_live = 0; int reading_traces = 0; int have_pending_timers = 0; double pseudo_realtime = 0.0; -bool using_communication = false; - double network_time = 0.0; // time according to last packet timestamp // (or current time) double processing_start_time = 0.0; // time started working on current pkt @@ -309,7 +307,7 @@ void net_run() } #endif current_iosrc = src; - auto communication_enabled = using_communication || broker_mgr->Active(); + auto communication_enabled = broker_mgr->Active(); if ( src ) src->Process(); // which will call net_packet_dispatch() @@ -372,11 +370,6 @@ void net_run() // current packet and its related events. termination_signal(); -#ifdef DEBUG_COMMUNICATION - if ( signal_val == SIGPROF && remote_serializer ) - remote_serializer->DumpDebugData(); -#endif - if ( ! reading_traces ) // Check whether we have timers scheduled for // the future on which we need to wait. diff --git a/src/Net.h b/src/Net.h index caea61c436..26a3d0f883 100644 --- a/src/Net.h +++ b/src/Net.h @@ -7,7 +7,6 @@ #include "util.h" #include "List.h" #include "Func.h" -#include "RemoteSerializer.h" #include "iosource/IOSource.h" #include "iosource/PktSrc.h" #include "iosource/PktDumper.h" @@ -67,9 +66,6 @@ extern double bro_start_network_time; // True if we're a in the process of cleaning-up just before termination. extern bool terminating; -// True if the remote serializer is to be activated. -extern bool using_communication; - // True if Bro is currently parsing scripts. extern bool is_parsing; diff --git a/src/NetVar.cc b/src/NetVar.cc index 57a5452123..37ee24914f 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -30,7 +30,6 @@ RecordType* mime_match; int watchdog_interval; int max_timer_expires; -int max_remote_events_processed; int ignore_checksums; int partial_connection_ok; @@ -173,10 +172,6 @@ StringVal* log_encryption_key; StringVal* log_rotate_base_time; StringVal* peer_description; -RecordType* peer; -int forward_remote_state_changes; -int forward_remote_events; -int remote_check_sync_consistency; bro_uint_t chunked_io_buffer_soft_cap; StringVal* ssl_ca_certificate; @@ -212,9 +207,6 @@ int dpd_ignore_ports; TableVal* likely_server_ports; -double remote_trace_sync_interval; -int remote_trace_sync_peers; - int check_for_unused_event_handlers; int dump_used_event_handlers; @@ -267,12 +259,6 @@ void init_general_global_var() peer_description = internal_val("peer_description")->AsStringVal(); - peer = internal_type("event_peer")->AsRecordType(); - forward_remote_state_changes = - opt_internal_int("forward_remote_state_changes"); - forward_remote_events = opt_internal_int("forward_remote_events"); - remote_check_sync_consistency = - opt_internal_int("remote_check_sync_consistency"); chunked_io_buffer_soft_cap = opt_internal_unsigned("chunked_io_buffer_soft_cap"); ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal(); @@ -282,7 +268,6 @@ void init_general_global_var() packet_filter_default = opt_internal_int("packet_filter_default"); sig_max_group_size = opt_internal_int("sig_max_group_size"); - enable_syslog = opt_internal_int("enable_syslog"); check_for_unused_event_handlers = opt_internal_int("check_for_unused_event_handlers"); @@ -395,8 +380,6 @@ void init_net_var() watchdog_interval = int(opt_internal_double("watchdog_interval")); max_timer_expires = opt_internal_int("max_timer_expires"); - max_remote_events_processed = - opt_internal_int("max_remote_events_processed"); skip_authentication = internal_list_val("skip_authentication"); direct_login_prompts = internal_list_val("direct_login_prompts"); @@ -498,10 +481,6 @@ void init_net_var() irc_join_list = internal_type("irc_join_list")->AsTableType(); irc_servers = internal_val("irc_servers")->AsTableVal(); - remote_trace_sync_interval = - opt_internal_double("remote_trace_sync_interval"); - remote_trace_sync_peers = opt_internal_int("remote_trace_sync_peers"); - dpd_reassemble_first_packets = opt_internal_int("dpd_reassemble_first_packets"); dpd_buffer_size = opt_internal_int("dpd_buffer_size"); diff --git a/src/NetVar.h b/src/NetVar.h index 1dee27f372..92d717f50a 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -33,7 +33,6 @@ extern RecordType* mime_match; extern int watchdog_interval; extern int max_timer_expires; -extern int max_remote_events_processed; extern int ignore_checksums; extern int partial_connection_ok; @@ -176,10 +175,6 @@ extern StringVal* log_encryption_key; extern StringVal* log_rotate_base_time; extern StringVal* peer_description; -extern RecordType* peer; -extern int forward_remote_state_changes; -extern int forward_remote_events; -extern int remote_check_sync_consistency; extern bro_uint_t chunked_io_buffer_soft_cap; extern StringVal* ssl_ca_certificate; @@ -201,8 +196,6 @@ extern int packet_filter_default; extern int sig_max_group_size; -extern int enable_syslog; - extern TableType* irc_join_list; extern RecordType* irc_join_info; extern TableVal* irc_servers; @@ -214,9 +207,6 @@ extern int dpd_ignore_ports; extern TableVal* likely_server_ports; -extern double remote_trace_sync_interval; -extern int remote_trace_sync_peers; - extern int check_for_unused_event_handlers; extern int dump_used_event_handlers; diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc deleted file mode 100644 index 152a8b4e34..0000000000 --- a/src/RemoteSerializer.cc +++ /dev/null @@ -1,4586 +0,0 @@ -// Processes involved in the communication: -// -// (Local-Parent) <-> (Local-Child) <-> (Remote-Child) <-> (Remote-Parent) -// -// Message types (for parent<->child communication the CMsg's peer indicates -// about whom we're talking). -// -// Communication protocol version -// VERSION -// [] -// -// Send serialization -// SERIAL -// -// Terminate(d) connection -// CLOSE -// -// Close(d) all connections -// CLOSE_ALL -// -// Connect to remote side -// CONNECT_TO -// -// Connected to remote side -// CONNECTED -// -// Request events from remote side -// REQUEST_EVENTS -// -// Request synchronization of IDs with remote side -// REQUEST_SYNC -// -// Listen for connection on ip/port (ip may be INADDR_ANY) -// LISTEN -// -// Close listen ports. -// LISTEN_STOP -// -// Error caused by host -// ERROR -// -// Some statistics about the given peer connection -// STATS -// -// Requests to set a new capture_filter -// CAPTURE_FILTER -// -// Ping to peer -// PING -// -// Pong from peer -// PONG -// -// Announce our capabilities -// CAPS -// -// Activate compression (parent->child) -// COMPRESS -// -// Indicate that all following blocks are compressed (child->child) -// COMPRESS -// -// Synchronize for pseudo-realtime processing. -// Signals that we have reached sync-point number . -// SYNC_POINT -// -// Signals the child that we want to terminate. Anything sent after this may -// get lost. When the child answers with another TERMINATE it is safe to -// shutdown. -// TERMINATE -// -// Debug-only: tell child to dump recently received/sent data to disk. -// DEBUG_DUMP -// -// Valid messages between processes: -// -// Main -> Child -// CONNECT_TO -// REQUEST_EVENTS -// SERIAL -// CLOSE -// CLOSE_ALL -// LISTEN -// LISTEN_STOP -// CAPTURE_FILTER -// VERSION -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// COMPRESS -// SYNC_POINT -// DEBUG_DUMP -// REMOTE_PRINT -// -// Child -> Main -// CONNECTED -// REQUEST_EVENTS -// SERIAL -// CLOSE -// ERROR -// STATS -// VERSION -// CAPTURE_FILTER -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// LOG -// SYNC_POINT -// REMOTE_PRINT -// -// Child <-> Child -// VERSION -// SERIAL -// REQUEST_EVENTS -// CAPTURE_FILTER -// REQUEST_SYNC -// PHASE_DONE -// PING -// PONG -// CAPS -// COMPRESS -// SYNC_POINT -// REMOTE_PRINT -// -// A connection between two peers has four phases: -// -// Setup: -// Initial phase. -// VERSION messages must be exchanged. -// Ends when both peers have sent VERSION. -// Handshake: -// REQUEST_EVENTS/REQUEST_SYNC/CAPTURE_FILTER/CAPS/selected SERIALs -// may be exchanged. -// Phase ends when both peers have sent PHASE_DONE. -// State synchronization: -// Entered iff at least one of the peers has sent REQUEST_SYNC. -// The peer with the smallest runtime (incl. in VERSION msg) sends -// SERIAL messages compromising all of its state. -// Phase ends when peer sends another PHASE_DONE. -// Running: -// Peers exchange SERIAL (and PING/PONG) messages. -// Phase ends with connection tear-down by one of the peers. - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "bro-config.h" -#ifdef TIME_WITH_SYS_TIME -# include -# include -#else -# ifdef HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif -#include - -#include -#include -#include -#include - -#include "RemoteSerializer.h" -#include "Func.h" -#include "EventRegistry.h" -#include "Event.h" -#include "Net.h" -#include "NetVar.h" -#include "Scope.h" -#include "Sessions.h" -#include "File.h" -#include "Conn.h" -#include "Reporter.h" -#include "IPAddr.h" -#include "bro_inet_ntop.h" -#include "iosource/Manager.h" -#include "logging/Manager.h" -#include "logging/logging.bif.h" - -extern "C" { -#include "setsignal.h" -}; - -// Gets incremented each time there's an incompatible change -// to the communication internals. -static const unsigned short PROTOCOL_VERSION = 0x07; - -static const char MSG_NONE = 0x00; -static const char MSG_VERSION = 0x01; -static const char MSG_SERIAL = 0x02; -static const char MSG_CLOSE = 0x03; -static const char MSG_CLOSE_ALL = 0x04; -static const char MSG_ERROR = 0x05; -static const char MSG_CONNECT_TO = 0x06; -static const char MSG_CONNECTED = 0x07; -static const char MSG_REQUEST_EVENTS = 0x08; -static const char MSG_LISTEN = 0x09; -static const char MSG_LISTEN_STOP = 0x0a; -static const char MSG_STATS = 0x0b; -static const char MSG_CAPTURE_FILTER = 0x0c; -static const char MSG_REQUEST_SYNC = 0x0d; -static const char MSG_PHASE_DONE = 0x0e; -static const char MSG_PING = 0x0f; -static const char MSG_PONG = 0x10; -static const char MSG_CAPS = 0x11; -static const char MSG_COMPRESS = 0x12; -static const char MSG_LOG = 0x13; -static const char MSG_SYNC_POINT = 0x14; -static const char MSG_TERMINATE = 0x15; -static const char MSG_DEBUG_DUMP = 0x16; -static const char MSG_REMOTE_PRINT = 0x17; -static const char MSG_LOG_CREATE_WRITER = 0x18; -static const char MSG_LOG_WRITE = 0x19; -static const char MSG_REQUEST_LOGS = 0x20; - -// Update this one whenever adding a new ID: -static const char MSG_ID_MAX = MSG_REQUEST_LOGS; - -static const uint32 FINAL_SYNC_POINT = /* UINT32_MAX */ 4294967295U; - -// Buffer size for remote-print data -static const int PRINT_BUFFER_SIZE = 10 * 1024; -static const int SOCKBUF_SIZE = 1024 * 1024; - -// Buffer size for remote-log data. -static const int LOG_BUFFER_SIZE = 50 * 1024; - -struct ping_args { - uint32 seq; - double time1; // Round-trip time parent1<->parent2 - double time2; // Round-trip time child1<->parent2 - double time3; // Round-trip time child2<->parent2 -}; - -#ifdef DEBUG -# define DEBUG_COMM(msg) DBG_LOG(DBG_COMM, "%s", msg) -#else -# define DEBUG_COMM(msg) -#endif - -#define READ_CHUNK(i, c, do_if_eof, kill_me) \ - { \ - if ( ! i->Read(&c) ) \ - { \ - if ( i->Eof() ) \ - { \ - do_if_eof; \ - } \ - else \ - Error(fmt("can't read data chunk: %s", io->Error()), kill_me); \ - return false; \ - } \ - \ - if ( ! c ) \ - return true; \ - } - -#define READ_CHUNK_FROM_CHILD(c) \ - { \ - if ( ! io->Read(&c) ) \ - { \ - if ( io->Eof() ) \ - ChildDied(); \ - else \ - Error(fmt("can't read data chunk: %s", io->Error())); \ - return false; \ - } \ - \ - if ( ! c ) \ - { \ - SetIdle(io->IsIdle());\ - return true; \ - } \ - SetIdle(false); \ - } - -static const char* msgToStr(int msg) - { -# define MSG_STR(x) case x: return #x; - switch ( msg ) { - MSG_STR(MSG_VERSION) - MSG_STR(MSG_NONE) - MSG_STR(MSG_SERIAL) - MSG_STR(MSG_CLOSE) - MSG_STR(MSG_CLOSE_ALL) - MSG_STR(MSG_ERROR) - MSG_STR(MSG_CONNECT_TO) - MSG_STR(MSG_CONNECTED) - MSG_STR(MSG_REQUEST_EVENTS) - MSG_STR(MSG_LISTEN) - MSG_STR(MSG_LISTEN_STOP) - MSG_STR(MSG_STATS) - MSG_STR(MSG_CAPTURE_FILTER) - MSG_STR(MSG_REQUEST_SYNC) - MSG_STR(MSG_PHASE_DONE) - MSG_STR(MSG_PING) - MSG_STR(MSG_PONG) - MSG_STR(MSG_CAPS) - MSG_STR(MSG_COMPRESS) - MSG_STR(MSG_LOG) - MSG_STR(MSG_SYNC_POINT) - MSG_STR(MSG_TERMINATE) - MSG_STR(MSG_DEBUG_DUMP) - MSG_STR(MSG_REMOTE_PRINT) - MSG_STR(MSG_LOG_CREATE_WRITER) - MSG_STR(MSG_LOG_WRITE) - MSG_STR(MSG_REQUEST_LOGS) - default: - return "UNKNOWN_MSG"; - } - } - -static vector tokenize(const string& s, char delim) - { - vector tokens; - stringstream ss(s); - string token; - - while ( std::getline(ss, token, delim) ) - tokens.push_back(token); - - return tokens; - } - -// Start of every message between two processes. We do the low-level work -// ourselves to make this 64-bit safe. (The actual layout is an artifact of -// an earlier design that depended on how a 32-bit GCC lays out its structs ...) -class CMsg { -public: - CMsg(char type, RemoteSerializer::PeerID peer) - { - buffer[0] = type; - uint32 tmp = htonl(peer); - memcpy(buffer + 4, &tmp, sizeof(tmp)); - } - - char Type() { return buffer[0]; } - - RemoteSerializer::PeerID Peer() - { - uint32 tmp; - memcpy(&tmp, buffer + 4, sizeof(tmp)); - return ntohl(tmp); - } - - const char* Raw() { return buffer; } - -private: - char buffer[8]; -}; - -static bool sendCMsg(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id) - { - // We use the new[] operator here to avoid mismatches - // when deleting the data. - CMsg* msg = (CMsg*) new char[sizeof(CMsg)]; - new (msg) CMsg(msg_type, id); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)msg, sizeof(CMsg)); - return io->Write(c); - } - -static ChunkedIO::Chunk* makeSerialMsg(RemoteSerializer::PeerID id) - { - // We use the new[] operator here to avoid mismatches - // when deleting the data. - CMsg* msg = (CMsg*) new char[sizeof(CMsg)]; - new (msg) CMsg(MSG_SERIAL, id); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)msg, sizeof(CMsg)); - return c; - } - -inline void RemoteSerializer::SetupSerialInfo(SerialInfo* info, Peer* peer) - { - info->chunk = makeSerialMsg(peer->id); - if ( peer->caps & Peer::NO_CACHING ) - info->cache = false; - - if ( ! (peer->caps & Peer::PID_64BIT) || peer->phase != Peer::RUNNING ) - info->pid_32bit = true; - - if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) && - peer->phase == Peer::RUNNING ) - info->new_cache_strategy = true; - - if ( (peer->caps & Peer::BROCCOLI_PEER) ) - info->broccoli_peer = true; - - info->include_locations = false; - } - -static bool sendToIO(ChunkedIO* io, ChunkedIO::Chunk* c) - { - if ( ! io->Write(c) ) - { - reporter->Warning("can't send chunk: %s", io->Error()); - return false; - } - - return true; - } - -static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id, - const char* str, int len = -1, bool delete_with_free = false) - { - if ( ! sendCMsg(io, msg_type, id) ) - { - reporter->Warning("can't send message of type %d: %s", msg_type, io->Error()); - return false; - } - - uint32 sz = len >= 0 ? len : strlen(str) + 1; - ChunkedIO::Chunk* c = new ChunkedIO::Chunk(const_cast(str), sz); - - if ( delete_with_free ) - c->free_func = ChunkedIO::Chunk::free_func_free; - else - c->free_func = ChunkedIO::Chunk::free_func_delete; - - return sendToIO(io, c); - } - -static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id, - int nargs, va_list ap) - { - if ( ! sendCMsg(io, msg_type, id) ) - { - reporter->Warning("can't send message of type %d: %s", msg_type, io->Error()); - return false; - } - - if ( nargs == 0 ) - return true; - - uint32* args = new uint32[nargs]; - - for ( int i = 0; i < nargs; i++ ) - args[i] = htonl(va_arg(ap, uint32)); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk((char*)args, - sizeof(uint32) * nargs); - return sendToIO(io, c); - } - -#ifdef DEBUG -static inline char* fmt_uint32s(int nargs, va_list ap) - { - static char buf[512]; - char* p = buf; - *p = '\0'; - for ( int i = 0; i < nargs; i++ ) - p += snprintf(p, sizeof(buf) - (p - buf), - " 0x%08x", va_arg(ap, uint32)); - buf[511] = '\0'; - return buf; - } -#endif - -static pid_t child_pid = 0; - -// Return true if message type is sent by a peer (rather than the child -// process itself). -static inline bool is_peer_msg(int msg) - { - return msg == MSG_VERSION || - msg == MSG_SERIAL || - msg == MSG_REQUEST_EVENTS || - msg == MSG_REQUEST_SYNC || - msg == MSG_CAPTURE_FILTER || - msg == MSG_PHASE_DONE || - msg == MSG_PING || - msg == MSG_PONG || - msg == MSG_CAPS || - msg == MSG_COMPRESS || - msg == MSG_SYNC_POINT || - msg == MSG_REMOTE_PRINT || - msg == MSG_LOG_CREATE_WRITER || - msg == MSG_LOG_WRITE || - msg == MSG_REQUEST_LOGS; - } - -bool RemoteSerializer::IsConnectedPeer(PeerID id) - { - if ( id == PEER_NONE ) - return true; - - return LookupPeer(id, true) != 0; - } - -class IncrementalSendTimer : public Timer { -public: - IncrementalSendTimer(double t, RemoteSerializer::Peer* p, SerialInfo* i) - : Timer(t, TIMER_INCREMENTAL_SEND), info(i), peer(p) {} - virtual void Dispatch(double t, int is_expire) - { - // Never suspend when we're finishing up. - if ( terminating ) - info->may_suspend = false; - - remote_serializer->SendAllSynchronized(peer, info); - } - - SerialInfo* info; - RemoteSerializer::Peer* peer; -}; - -RemoteSerializer::RemoteSerializer() - { - initialized = false; - current_peer = 0; - msgstate = TYPE; - id_counter = 1; - listening = false; - ignore_accesses = false; - propagate_accesses = 1; - current_sync_point = 0; - syncing_times = false; - io = 0; - terminating = false; - in_sync = 0; - last_flush = 0; - received_logs = 0; - current_id = 0; - current_msgtype = 0; - current_args = 0; - source_peer = 0; - - // Register as a "dont-count" source first, we may change that later. - iosource_mgr->Register(this, true); - } - -RemoteSerializer::~RemoteSerializer() - { - if ( child_pid ) - { - if ( kill(child_pid, SIGKILL) < 0 ) - reporter->Warning("warning: cannot kill child (pid %d), %s", child_pid, strerror(errno)); - - else if ( waitpid(child_pid, 0, 0) < 0 ) - reporter->Warning("warning: error encountered during waitpid(%d), %s", child_pid, strerror(errno)); - } - - delete io; - } - -void RemoteSerializer::Enable() - { - if ( initialized ) - return; - - if ( reading_traces && ! pseudo_realtime ) - { - using_communication = 0; - return; - } - - Fork(); - - Log(LogInfo, fmt("communication started, parent pid is %d, child pid is %d", getpid(), child_pid)); - initialized = 1; - } - -void RemoteSerializer::SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose) - { - int defsize = 0; - socklen_t len = sizeof(defsize); - - if ( getsockopt(fd, SOL_SOCKET, opt, (void *)&defsize, &len) < 0 ) - { - if ( verbose ) - Log(LogInfo, fmt("warning: cannot get socket buffer size (%s): %s", what, strerror(errno))); - return; - } - - for ( int trysize = size; trysize > defsize; trysize -= 1024 ) - { - if ( setsockopt(fd, SOL_SOCKET, opt, &trysize, sizeof(trysize)) >= 0 ) - { - if ( verbose ) - { - if ( trysize == size ) - Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK", defsize / 1024, trysize / 1024)); - else - Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK (%dK was requested)", defsize / 1024, trysize / 1024, size / 1024)); - } - return; - } - } - - Log(LogInfo, fmt("warning: cannot increase %s socket buffer size from %dK (%dK was requested)", what, defsize / 1024, size / 1024)); - } - -void RemoteSerializer::Fork() - { - if ( child_pid ) - return; - - // Register as a "does-count" source now. - iosource_mgr->Register(this, false); - - // If we are re-forking, remove old entries - loop_over_list(peers, i) - RemovePeer(peers[i]); - - // Create pipe for communication between parent and child. - int pipe[2]; - - if ( socketpair(AF_UNIX, SOCK_STREAM, 0, pipe) < 0 ) - { - Error(fmt("can't create pipe: %s", strerror(errno))); - return; - } - - // Try to increase the size of the socket send and receive buffers. - SetSocketBufferSize(pipe[0], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 1); - SetSocketBufferSize(pipe[0], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); - SetSocketBufferSize(pipe[1], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 0); - SetSocketBufferSize(pipe[1], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0); - - child_pid = 0; - - int pid = fork(); - - if ( pid < 0 ) - { - Error(fmt("can't fork: %s", strerror(errno))); - return; - } - - if ( pid > 0 ) - { - // Parent - child_pid = pid; - - io = new ChunkedIOFd(pipe[0], "parent->child", child_pid); - if ( ! io->Init() ) - { - Error(fmt("can't init child io: %s", io->Error())); - exit(1); // FIXME: Better way to handle this? - } - - safe_close(pipe[1]); - - return; - } - else - { // child - SocketComm child; - - ChunkedIOFd* io = - new ChunkedIOFd(pipe[1], "child->parent", getppid()); - if ( ! io->Init() ) - { - Error(fmt("can't init parent io: %s", io->Error())); - exit(1); - } - - child.SetParentIO(io); - safe_close(pipe[0]); - - // Close file descriptors. - safe_close(0); - safe_close(1); - safe_close(2); - - // Be nice. - setpriority(PRIO_PROCESS, 0, 5); - - child.Run(); - reporter->InternalError("cannot be reached"); - } - } - -RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip, - const string& zone_id, uint16 port, const char* our_class, double retry, - bool use_ssl) - { - if ( ! using_communication ) - return true; - - if ( ! initialized ) - reporter->InternalError("remote serializer not initialized"); - - if ( ! child_pid ) - Fork(); - - Peer* p = AddPeer(ip, port); - p->orig = true; - - if ( our_class ) - p->our_class = our_class; - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, - "%" PRI_PTR_COMPAT_UINT",%s,%s,%" PRIu16",%" PRIu32",%d", p->id, - ip.AsString().c_str(), zone_id.c_str(), port, uint32(retry), - use_ssl); - - if ( ! SendToChild(MSG_CONNECT_TO, p, data) ) - { - RemovePeer(p); - return false; - } - - p->state = Peer::PENDING; - return p->id; - } - -bool RemoteSerializer::CloseConnection(PeerID id) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for closing connection", int(id)); - return false; - } - - return CloseConnection(peer); - } - -bool RemoteSerializer::CloseConnection(Peer* peer) - { - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - if ( peer->state == Peer::CLOSING ) - return true; - - FlushPrintBuffer(peer); - FlushLogBuffer(peer); - - Log(LogInfo, "closing connection", peer); - - peer->state = Peer::CLOSING; - return SendToChild(MSG_CLOSE, peer, 0); - } - -bool RemoteSerializer::RequestSync(PeerID id, bool auth) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request sync", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request sync from peer; wrong phase %d", - peer->phase); - return false; - } - - if ( ! SendToChild(MSG_REQUEST_SYNC, peer, 1, auth ? 1 : 0) ) - return false; - - peer->sync_requested |= Peer::WE | (auth ? Peer::AUTH_WE : 0); - - return true; - } - -bool RemoteSerializer::RequestLogs(PeerID id) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request logs", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request logs from peer; wrong phase %d", - peer->phase); - return false; - } - - if ( ! SendToChild(MSG_REQUEST_LOGS, peer, 0) ) - return false; - - return true; - } - -bool RemoteSerializer::RequestEvents(PeerID id, RE_Matcher* pattern) - { - if ( ! using_communication ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - { - reporter->Error("unknown peer id %d for request sync", int(id)); - return false; - } - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't request events from peer; wrong phase %d", - peer->phase); - return false; - } - - EventRegistry::string_list* handlers = event_registry->Match(pattern); - - // Concat the handlers' names. - int len = 0; - loop_over_list(*handlers, i) - len += strlen((*handlers)[i]) + 1; - - if ( ! len ) - { - Log(LogInfo, "warning: no events to request"); - delete handlers; - return true; - } - - char* data = new char[len]; - char* d = data; - loop_over_list(*handlers, j) - { - for ( const char* p = (*handlers)[j]; *p; *d++ = *p++ ) - ; - *d++ = '\0'; - } - - delete handlers; - - return SendToChild(MSG_REQUEST_EVENTS, peer, data, len); - } - -bool RemoteSerializer::SetAcceptState(PeerID id, bool accept) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - p->accept_state = accept; - return true; - } - -bool RemoteSerializer::SetCompressionLevel(PeerID id, int level) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - p->comp_level = level; - return true; - } - -bool RemoteSerializer::CompleteHandshake(PeerID id) - { - Peer* p = LookupPeer(id, false); - if ( ! p ) - return true; - - if ( p->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't complete handshake; wrong phase %d", - p->phase); - return false; - } - - p->handshake_done |= Peer::WE; - - if ( ! SendToChild(MSG_PHASE_DONE, p, 0) ) - return false; - - if ( p->handshake_done == Peer::BOTH ) - HandshakeDone(p); - - return true; - } - -bool RemoteSerializer::SendCall(SerialInfo* info, PeerID id, - const char* name, val_list* vl) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - return SendCall(info, peer, name, vl); - } - -bool RemoteSerializer::SendCall(SerialInfo* info, Peer* peer, - const char* name, val_list* vl) - { - if ( peer->phase != Peer::RUNNING || terminating ) - return false; - - ++stats.events.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, name, vl) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendCall(SerialInfo* info, const char* name, - val_list* vl) - { - if ( ! IsOpen() || ! PropagateAccesses() || terminating ) - return true; - - loop_over_list(peers, i) - { - // Do not send event back to originating peer. - if ( peers[i] == current_peer ) - continue; - - SerialInfo new_info(*info); - if ( ! SendCall(&new_info, peers[i], name, vl) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, Peer* peer, - const StateAccess& access) - { - if ( ! (peer->sync_requested & Peer::PEER) || terminating ) - return true; - -#ifdef DEBUG - ODesc desc; - access.Describe(&desc); - DBG_LOG(DBG_COMM, "Sending %s", desc.Description()); -#endif - - ++stats.accesses.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - info->globals_as_names = true; - - if ( ! Serialize(info, access) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, PeerID pid, - const StateAccess& access) - { - Peer* p = LookupPeer(pid, false); - if ( ! p ) - return true; - - return SendAccess(info, p, access); - } - -bool RemoteSerializer::SendAccess(SerialInfo* info, const StateAccess& access) - { - if ( ! IsOpen() || ! PropagateAccesses() || terminating ) - return true; - - // A real broadcast would be nice here. But the different peers have - // different serialization caches, so we cannot simply send the same - // serialization to all of them ... - loop_over_list(peers, i) - { - // Do not send access back to originating peer. - if ( peers[i] == source_peer ) - continue; - - // Only sent accesses for fully setup peers. - if ( peers[i]->phase != Peer::RUNNING ) - continue; - - SerialInfo new_info(*info); - if ( ! SendAccess(&new_info, peers[i], access) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendAllSynchronized(Peer* peer, SerialInfo* info) - { - // FIXME: When suspending ID serialization works, remove! - DisableSuspend suspend(info); - - current_peer = peer; - - Continuation* cont = &info->cont; - ptr_compat_int index; - - if ( info->cont.NewInstance() ) - { - Log(LogInfo, "starting to send full state", peer); - index = 0; - } - - else - { - index = int(ptr_compat_int(cont->RestoreState())); - if ( ! cont->ChildSuspended() ) - cont->Resume(); - } - - for ( ; index < sync_ids.length(); ++index ) - { - if ( ! sync_ids[index]->ID_Val() ) - { -#ifdef DEBUG - DBG_LOG(DBG_COMM, "Skip sync of ID with null value: %s\n", - sync_ids[index]->Name()); -#endif - continue; - } - cont->SaveContext(); - - StateAccess sa(OP_ASSIGN, sync_ids[index], - sync_ids[index]->ID_Val()); - // FIXME: When suspending ID serialization works, we need to - // addsupport to StateAccesses, too. - bool result = SendAccess(info, peer, sa); - cont->RestoreContext(); - - if ( ! result ) - return false; - - if ( cont->ChildSuspended() || info->may_suspend ) - { - double t = network_time + state_write_delay; - timer_mgr->Add(new IncrementalSendTimer(t, peer, info)); - - cont->SaveState((void*) index); - if ( info->may_suspend ) - cont->Suspend(); - - return true; - } - } - - if ( ! SendToChild(MSG_PHASE_DONE, peer, 0) ) - return false; - - suspend.Release(); - delete info; - - Log(LogInfo, "done sending full state", peer); - - return EnterPhaseRunning(peer); - } - -bool RemoteSerializer::SendID(SerialInfo* info, Peer* peer, const ID& id) - { - if ( terminating ) - return true; - - // FIXME: When suspending ID serialization works, remove! - DisableSuspend suspend(info); - - if ( info->cont.NewInstance() ) - ++stats.ids.out; - - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - info->cont.SaveContext(); - bool result = Serialize(info, id); - info->cont.RestoreContext(); - - if ( ! result ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendID(SerialInfo* info, PeerID pid, const ID& id) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(pid, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::RUNNING ) - return false; - - return SendID(info, peer, id); - } - -bool RemoteSerializer::SendConnection(SerialInfo* info, PeerID id, - const Connection& c) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::RUNNING ) - return false; - - ++stats.conns.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, c) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendCaptureFilter(PeerID id, const char* filter) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't sent capture filter to peer; wrong phase %d", peer->phase); - return false; - } - - return SendToChild(MSG_CAPTURE_FILTER, peer, copy_string(filter)); - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, const Packet& p) - { - if ( ! IsOpen() || !PropagateAccesses() || terminating ) - return true; - - loop_over_list(peers, i) - { - // Only sent packet for fully setup peers. - if ( peers[i]->phase != Peer::RUNNING ) - continue; - - SerialInfo new_info(*info); - if ( ! SendPacket(&new_info, peers[i], p) ) - return false; - } - - return true; - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, PeerID id, const Packet& p) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - return SendPacket(info, peer, p); - } - -bool RemoteSerializer::SendPacket(SerialInfo* info, Peer* peer, const Packet& p) - { - ++stats.packets.out; - SetCache(peer->cache_out); - SetupSerialInfo(info, peer); - - if ( ! Serialize(info, p) ) - { - FatalError(io->Error()); - return false; - } - - return true; - } - -bool RemoteSerializer::SendPing(PeerID id, uint32 seq) - { - if ( ! using_communication || terminating ) - return true; - - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return false; - - char* data = new char[sizeof(ping_args)]; - - ping_args* args = (ping_args*) data; - args->seq = htonl(seq); - args->time1 = htond(current_time(true)); - args->time2 = 0; - args->time3 = 0; - - return SendToChild(MSG_PING, peer, data, sizeof(ping_args)); - } - -bool RemoteSerializer::SendCapabilities(Peer* peer) - { - if ( peer->phase != Peer::HANDSHAKE ) - { - reporter->Error("can't sent capabilties to peer; wrong phase %d", - peer->phase); - return false; - } - - uint32 caps = 0; - - caps |= Peer::COMPRESSION; - caps |= Peer::PID_64BIT; - caps |= Peer::NEW_CACHE_STRATEGY; - - return SendToChild(MSG_CAPS, peer, 3, caps, 0, 0); - } - -bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl, - bool ipv6, const string& zone_id, double retry) - { - if ( ! using_communication ) - return true; - - if ( ! initialized ) - reporter->InternalError("remote serializer not initialized"); - - if ( ! ipv6 && ip.GetFamily() == IPv6 && - ip != IPAddr("0.0.0.0") && ip != IPAddr("::") ) - reporter->FatalError("Attempt to listen on address %s, but IPv6 " - "communication disabled", ip.AsString().c_str()); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu16",%d,%d,%s,%" PRIu32, - ip.AsString().c_str(), port, expect_ssl, ipv6, zone_id.c_str(), - (uint32) retry); - - if ( ! SendToChild(MSG_LISTEN, 0, data) ) - return false; - - listening = true; - SetClosed(false); - return true; - } - -void RemoteSerializer::SendSyncPoint(uint32 point) - { - if ( ! (remote_trace_sync_interval && pseudo_realtime) || terminating ) - return; - - current_sync_point = point; - - loop_over_list(peers, i) - if ( peers[i]->phase == Peer::RUNNING && - ! SendToChild(MSG_SYNC_POINT, peers[i], - 1, current_sync_point) ) - return; - - if ( ! syncing_times ) - { - Log(LogInfo, "waiting for peers"); - syncing_times = true; - - loop_over_list(peers, i) - { - // Need to do this once per peer to correctly - // track the number of suspend calls. - net_suspend_processing(); - peers[i]->suspended_processing = true; - } - } - - CheckSyncPoints(); - } - -uint32 RemoteSerializer::SendSyncPoint() - { - Log(LogInfo, fmt("reached sync-point %u", current_sync_point)); - SendSyncPoint(current_sync_point + 1); - return current_sync_point; - } - -void RemoteSerializer::SendFinalSyncPoint() - { - Log(LogInfo, fmt("reached end of trace, sending final sync point")); - SendSyncPoint(FINAL_SYNC_POINT); - } - -bool RemoteSerializer::Terminate() - { - loop_over_list(peers, i) - { - FlushPrintBuffer(peers[i]); - FlushLogBuffer(peers[i]); - } - - Log(LogInfo, fmt("terminating...")); - - return terminating = SendToChild(MSG_TERMINATE, 0, 0); - } - -bool RemoteSerializer::StopListening() - { - if ( ! listening ) - return true; - - if ( ! SendToChild(MSG_LISTEN_STOP, 0, 0) ) - return false; - - listening = false; - SetClosed(! IsActive()); - return true; - } - -void RemoteSerializer::Register(ID* id) - { - DBG_LOG(DBG_STATE, "&synchronized %s", id->Name()); - Unregister(id); - Ref(id); - sync_ids.append(id); - } - -void RemoteSerializer::Unregister(ID* id) - { - loop_over_list(sync_ids, i) - if ( streq(sync_ids[i]->Name(), id->Name()) ) - { - Unref(sync_ids[i]); - sync_ids.remove_nth(i); - break; - } - } - -void RemoteSerializer::GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) - { - read->Insert(io->Fd()); - read->Insert(io->ExtraReadFDs()); - - if ( io->CanWrite() ) - write->Insert(io->Fd()); - } - -double RemoteSerializer::NextTimestamp(double* local_network_time) - { - Poll(false); - - if ( received_logs > 0 ) - { - // If we processed logs last time, assume there's more. - SetIdle(false); - received_logs = 0; - return timer_mgr->Time(); - } - - double et = events.length() ? events[0]->time : -1; - double pt = packets.length() ? packets[0]->time : -1; - - if ( ! et ) - et = timer_mgr->Time(); - - if ( ! pt ) - pt = timer_mgr->Time(); - - if ( packets.length() ) - SetIdle(false); - - if ( et >= 0 && (et < pt || pt < 0) ) - return et; - - if ( pt >= 0 ) - { - // Return packet time as network time. - *local_network_time = packets[0]->p->time; - return pt; - } - - return -1; - } - -TimerMgr::Tag* RemoteSerializer::GetCurrentTag() - { - return packets.length() ? &packets[0]->p->tag : 0; - } - -void RemoteSerializer::Process() - { - Poll(false); - - int i = 0; - while ( events.length() ) - { - if ( max_remote_events_processed && - ++i > max_remote_events_processed ) - break; - - BufferedEvent* be = events[0]; - ::Event* event = new ::Event(be->handler, std::move(*be->args), be->src); - delete be->args; - be->args = nullptr; - - Peer* old_current_peer = current_peer; - // Prevent the source peer from getting the event back. - current_peer = LookupPeer(be->src, true); // may be null. - mgr.Dispatch(event, ! forward_remote_events); - current_peer = old_current_peer; - - assert(events[0] == be); - delete be; - events.remove_nth(0); - } - - // We shouldn't pass along more than one packet, as otherwise the - // timer mgr will not advance. - if ( packets.length() ) - { - BufferedPacket* bp = packets[0]; - const Packet* p = bp->p; - - // FIXME: The following chunk of code is copied from - // net_packet_dispatch(). We should change that function - // to accept an IOSource instead of the PktSrc. - net_update_time(p->time); - - SegmentProfiler(segment_logger, "expiring-timers"); - TimerMgr* tmgr = sessions->LookupTimerMgr(GetCurrentTag()); - current_dispatched = - tmgr->Advance(network_time, max_timer_expires); - - current_pkt = p; - current_pktsrc = 0; - current_iosrc = this; - sessions->NextPacket(p->time, p); - mgr.Drain(); - - current_pkt = 0; - current_iosrc = 0; - - delete p; - delete bp; - packets.remove_nth(0); - } - - if ( packets.length() ) - SetIdle(false); - } - -void RemoteSerializer::Finish() - { - if ( ! using_communication ) - return; - - do - Poll(true); - while ( io->CanWrite() ); - - loop_over_list(peers, i) - { - CloseConnection(peers[i]); - } - } - -bool RemoteSerializer::Poll(bool may_block) - { - if ( ! child_pid ) - return true; - - // See if there's any peer waiting for initial state synchronization. - if ( sync_pending.length() && ! in_sync ) - { - Peer* p = sync_pending[0]; - sync_pending.remove_nth(0); - HandshakeDone(p); - } - - io->Flush(); - SetIdle(false); - - switch ( msgstate ) { - case TYPE: - { - current_peer = 0; - current_msgtype = MSG_NONE; - - // CMsg follows - ChunkedIO::Chunk* c; - READ_CHUNK_FROM_CHILD(c); - - CMsg* msg = (CMsg*) c->data; - current_peer = LookupPeer(msg->Peer(), false); - current_id = msg->Peer(); - current_msgtype = msg->Type(); - current_args = 0; - - delete c; - - switch ( current_msgtype ) { - case MSG_CLOSE: - case MSG_CLOSE_ALL: - case MSG_LISTEN_STOP: - case MSG_PHASE_DONE: - case MSG_TERMINATE: - case MSG_DEBUG_DUMP: - case MSG_REQUEST_LOGS: - { - // No further argument chunk. - msgstate = TYPE; - return DoMessage(); - } - case MSG_VERSION: - case MSG_SERIAL: - case MSG_ERROR: - case MSG_CONNECT_TO: - case MSG_CONNECTED: - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_LISTEN: - case MSG_STATS: - case MSG_CAPTURE_FILTER: - case MSG_PING: - case MSG_PONG: - case MSG_CAPS: - case MSG_COMPRESS: - case MSG_LOG: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // One further argument chunk. - msgstate = ARGS; - return Poll(may_block); - } - - case MSG_NONE: - InternalCommError(fmt("unexpected msg type %d", - current_msgtype)); - return true; - - default: - InternalCommError(fmt("unknown msg type %d in Poll()", - current_msgtype)); - return true; - } - } - - case ARGS: - { - // Argument chunk follows. - ChunkedIO::Chunk* c; - READ_CHUNK_FROM_CHILD(c); - - current_args = c; - msgstate = TYPE; - bool result = DoMessage(); - - delete current_args; - current_args = 0; - - return result; - } - - default: - reporter->InternalError("unknown msgstate"); - } - - reporter->InternalError("cannot be reached"); - return false; - } - -bool RemoteSerializer::DoMessage() - { - if ( current_peer && - (current_peer->state == Peer::CLOSING || - current_peer->state == Peer::CLOSED) && - is_peer_msg(current_msgtype) ) - { - // We shut the connection to this peer down, - // so we ignore all further messages. - DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%" PRI_SOURCE_ID, - msgToStr(current_msgtype), - current_peer ? current_peer->id : 0)); - return true; - } - - DEBUG_COMM(fmt("parent: %s from child; peer is #%" PRI_SOURCE_ID, - msgToStr(current_msgtype), - current_peer ? current_peer->id : 0)); - - if ( current_peer && - (current_msgtype < 0 || current_msgtype > MSG_ID_MAX) ) - { - Log(LogError, "garbage message from peer, shutting down", - current_peer); - CloseConnection(current_peer); - return true; - } - - // As long as we haven't finished the version - // handshake, no other messages than MSG_VERSION - // are allowed from peer. - if ( current_peer && current_peer->phase == Peer::SETUP && - is_peer_msg(current_msgtype) && current_msgtype != MSG_VERSION ) - { - Log(LogError, "peer did not send version", current_peer); - CloseConnection(current_peer); - return true; - } - - switch ( current_msgtype ) { - case MSG_CLOSE: - PeerDisconnected(current_peer); - return true; - - case MSG_CONNECTED: - return ProcessConnected(); - - case MSG_SERIAL: - return ProcessSerialization(); - - case MSG_REQUEST_EVENTS: - return ProcessRequestEventsMsg(); - - case MSG_REQUEST_SYNC: - return ProcessRequestSyncMsg(); - - case MSG_PHASE_DONE: - return ProcessPhaseDone(); - - case MSG_ERROR: - return ProcessLogMsg(true); - - case MSG_LOG: - return ProcessLogMsg(false); - - case MSG_STATS: - return ProcessStatsMsg(); - - case MSG_CAPTURE_FILTER: - return ProcessCaptureFilterMsg(); - - case MSG_VERSION: - return ProcessVersionMsg(); - - case MSG_PING: - return ProcessPingMsg(); - - case MSG_PONG: - return ProcessPongMsg(); - - case MSG_CAPS: - return ProcessCapsMsg(); - - case MSG_SYNC_POINT: - return ProcessSyncPointMsg(); - - case MSG_TERMINATE: - assert(terminating); - iosource_mgr->Terminate(); - return true; - - case MSG_REMOTE_PRINT: - return ProcessRemotePrint(); - - case MSG_LOG_CREATE_WRITER: - return ProcessLogCreateWriter(); - - case MSG_LOG_WRITE: - return ProcessLogWrite(); - - case MSG_REQUEST_LOGS: - return ProcessRequestLogs(); - - default: - DEBUG_COMM(fmt("unexpected msg type: %d", - int(current_msgtype))); - InternalCommError(fmt("unexpected msg type in DoMessage(): %d", - int(current_msgtype))); - return true; // keep going - } - - reporter->InternalError("cannot be reached"); - return false; - } - -void RemoteSerializer::PeerDisconnected(Peer* peer) - { - assert(peer); - - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - if ( peer->state == Peer::CLOSED || peer->state == Peer::INIT ) - return; - - if ( peer->state == Peer::PENDING ) - { - peer->state = Peer::CLOSED; - Log(LogError, "could not connect", peer); - return; - } - - Log(LogInfo, "peer disconnected", peer); - - if ( peer->phase != Peer::SETUP ) - RaiseEvent(remote_connection_closed, peer); - - if ( in_sync == peer ) - in_sync = 0; - - peer->state = Peer::CLOSED; - peer->phase = Peer::UNKNOWN; - peer->cache_in->Clear(); - peer->cache_out->Clear(); - UnregisterHandlers(peer); - } - -void RemoteSerializer::PeerConnected(Peer* peer) - { - if ( peer->state == Peer::CONNECTED ) - return; - - peer->state = Peer::CONNECTED; - peer->phase = Peer::SETUP; - peer->sent_version = Peer::NONE; - peer->sync_requested = Peer::NONE; - peer->handshake_done = Peer::NONE; - - peer->cache_in->Clear(); - peer->cache_out->Clear(); - peer->our_runtime = int(current_time(true) - bro_start_time); - peer->sync_point = 0; - peer->logs_requested = false; - - if ( ! SendCMsgToChild(MSG_VERSION, peer) ) - return; - - int len = 4 * sizeof(uint32) + peer->our_class.size() + 1; - char* data = new char[len]; - uint32* args = (uint32*) data; - - *args++ = htonl(PROTOCOL_VERSION); - *args++ = htonl(peer->cache_out->GetMaxCacheSize()); - *args++ = htonl(DATA_FORMAT_VERSION); - *args++ = htonl(peer->our_runtime); - strcpy((char*) args, peer->our_class.c_str()); - - ChunkedIO::Chunk* c = new ChunkedIO::Chunk(data, len); - - if ( peer->our_class.size() ) - Log(LogInfo, fmt("sending class \"%s\"", peer->our_class.c_str()), peer); - - if ( ! SendToChild(c) ) - { - Log(LogError, "can't send version message"); - CloseConnection(peer); - return; - } - - peer->sent_version |= Peer::WE; - Log(LogInfo, "peer connected", peer); - Log(LogInfo, "phase: version", peer); - } - -RecordVal* RemoteSerializer::MakePeerVal(Peer* peer) - { - RecordVal* v = new RecordVal(::peer); - v->Assign(0, val_mgr->GetCount(uint32(peer->id))); - // Sic! Network order for AddrVal, host order for PortVal. - v->Assign(1, new AddrVal(peer->ip)); - v->Assign(2, val_mgr->GetPort(peer->port, TRANSPORT_TCP)); - v->Assign(3, val_mgr->GetFalse()); - v->Assign(4, val_mgr->GetEmptyString()); // set when received - v->Assign(5, peer->peer_class.size() ? - new StringVal(peer->peer_class.c_str()) : 0); - return v; - } - -RemoteSerializer::Peer* RemoteSerializer::AddPeer(const IPAddr& ip, uint16 port, - PeerID id) - { - Peer* peer = new Peer; - peer->id = id != PEER_NONE ? id : id_counter++; - peer->ip = ip; - peer->port = port; - peer->state = Peer::INIT; - peer->phase = Peer::UNKNOWN; - peer->sent_version = Peer::NONE; - peer->sync_requested = Peer::NONE; - peer->handshake_done = Peer::NONE; - peer->orig = false; - peer->accept_state = false; - peer->send_state = false; - peer->logs_requested = false; - peer->caps = 0; - peer->comp_level = 0; - peer->suspended_processing = false; - peer->caps = 0; - peer->val = MakePeerVal(peer); - peer->cache_in = new SerializationCache(MAX_CACHE_SIZE); - peer->cache_out = new SerializationCache(MAX_CACHE_SIZE); - peer->sync_point = 0; - peer->print_buffer = 0; - peer->print_buffer_used = 0; - peer->log_buffer = new char[LOG_BUFFER_SIZE]; - peer->log_buffer_used = 0; - - peers.append(peer); - Log(LogInfo, "added peer", peer); - - return peer; - } - -void RemoteSerializer::UnregisterHandlers(Peer* peer) - { - // Unregister the peers for the EventHandlers. - loop_over_list(peer->handlers, i) - { - peer->handlers[i]->RemoveRemoteHandler(peer->id); - } - } - -void RemoteSerializer::RemovePeer(Peer* peer) - { - if ( peer->suspended_processing ) - { - net_continue_processing(); - peer->suspended_processing = false; - } - - peers.remove(peer); - UnregisterHandlers(peer); - - Log(LogInfo, "removed peer", peer); - - int id = peer->id; - Unref(peer->val); - delete [] peer->print_buffer; - delete [] peer->log_buffer; - delete peer->cache_in; - delete peer->cache_out; - delete peer; - - SetClosed(! IsActive()); - - if ( in_sync == peer ) - in_sync = 0; - } - -RemoteSerializer::Peer* RemoteSerializer::LookupPeer(PeerID id, - bool only_if_connected) - { - Peer* peer = 0; - loop_over_list(peers, i) - if ( peers[i]->id == id ) - { - peer = peers[i]; - break; - } - - if ( ! only_if_connected || (peer && peer->state == Peer::CONNECTED) ) - return peer; - else - return 0; - } - -bool RemoteSerializer::ProcessVersionMsg() - { - uint32* args = (uint32*) current_args->data; - uint32 version = ntohl(args[0]); - uint32 data_version = ntohl(args[2]); - - if ( PROTOCOL_VERSION != version ) - { - Log(LogError, fmt("remote protocol version mismatch: got %d, but expected %d", - version, PROTOCOL_VERSION), current_peer); - CloseConnection(current_peer); - return true; - } - - // For backwards compatibility, data_version may be null. - if ( data_version && DATA_FORMAT_VERSION != data_version ) - { - Log(LogError, fmt("remote data version mismatch: got %d, but expected %d", - data_version, DATA_FORMAT_VERSION), - current_peer); - CloseConnection(current_peer); - return true; - } - - uint32 cache_size = ntohl(args[1]); - current_peer->cache_in->SetMaxCacheSize(cache_size); - current_peer->runtime = ntohl(args[3]); - - current_peer->sent_version |= Peer::PEER; - - if ( current_args->len > 4 * sizeof(uint32) ) - { - // The peer sends us a class string. - const char* pclass = (const char*) &args[4]; - current_peer->peer_class = pclass; - if ( *pclass ) - Log(LogInfo, fmt("peer sent class \"%s\"", pclass), current_peer); - if ( current_peer->val ) - current_peer->val->Assign(5, new StringVal(pclass)); - } - - assert(current_peer->sent_version == Peer::BOTH); - current_peer->phase = Peer::HANDSHAKE; - Log(LogInfo, "phase: handshake", current_peer); - - if ( ! SendCapabilities(current_peer) ) - return false; - - RaiseEvent(remote_connection_established, current_peer); - - return true; - } - -bool RemoteSerializer::EnterPhaseRunning(Peer* peer) - { - if ( in_sync == peer ) - in_sync = 0; - - peer->phase = Peer::RUNNING; - Log(LogInfo, "phase: running", peer); - RaiseEvent(remote_connection_handshake_done, peer); - - if ( remote_trace_sync_interval ) - { - loop_over_list(peers, i) - { - if ( ! SendToChild(MSG_SYNC_POINT, peers[i], - 1, current_sync_point) ) - return false; - } - } - - return true; - } - -bool RemoteSerializer::ProcessConnected() - { - // IP and port follow. - vector args = tokenize(current_args->data, ','); - - if ( args.size() != 2 ) - { - InternalCommError("ProcessConnected() bad number of arguments"); - return false; - } - - IPAddr host = IPAddr(args[0]); - uint16 port; - - if ( ! atoi_n(args[1].size(), args[1].c_str(), 0, 10, port) ) - { - InternalCommError("ProcessConnected() bad peer port string"); - return false; - } - - if ( ! current_peer ) - { - // The other side connected to one of our listening ports. - current_peer = AddPeer(host, port, current_id); - current_peer->orig = false; - } - else if ( current_peer->orig ) - { - // It's a successful retry. - current_peer->port = port; - current_peer->accept_state = false; - Unref(current_peer->val); - current_peer->val = MakePeerVal(current_peer); - } - - PeerConnected(current_peer); - - ID* descr = global_scope()->Lookup("peer_description"); - if ( ! descr ) - reporter->InternalError("peer_description not defined"); - - SerialInfo info(this); - SendID(&info, current_peer, *descr); - - return true; - } - -bool RemoteSerializer::ProcessRequestEventsMsg() - { - if ( ! current_peer ) - return false; - - // Register new handlers. - char* p = current_args->data; - while ( p < current_args->data + current_args->len ) - { - EventHandler* handler = event_registry->Lookup(p); - if ( handler ) - { - handler->AddRemoteHandler(current_peer->id); - current_peer->handlers.append(handler); - RaiseEvent(remote_event_registered, current_peer, p); - Log(LogInfo, fmt("registered for event %s", p), - current_peer); - - // If the other side requested the print_hook event, - // we initialize the buffer. - if ( current_peer->print_buffer == 0 && - streq(p, "print_hook") ) - { - current_peer->print_buffer = - new char[PRINT_BUFFER_SIZE]; - current_peer->print_buffer_used = 0; - Log(LogInfo, "initialized print buffer", - current_peer); - } - } - else - Log(LogInfo, fmt("request for unknown event %s", p), - current_peer); - - p += strlen(p) + 1; - } - - return true; - } - -bool RemoteSerializer::ProcessRequestSyncMsg() - { - if ( ! current_peer ) - return false; - - int auth = 0; - uint32* args = (uint32*) current_args->data; - if ( ntohl(args[0]) != 0 ) - { - Log(LogInfo, "peer considers its state authoritative", current_peer); - auth = Peer::AUTH_PEER; - } - - current_peer->sync_requested |= Peer::PEER | auth; - return true; - } - -bool RemoteSerializer::ProcessRequestLogs() - { - if ( ! current_peer ) - return false; - - Log(LogInfo, "peer requested logs", current_peer); - - current_peer->logs_requested = true; - return true; - } - -bool RemoteSerializer::ProcessPhaseDone() - { - switch ( current_peer->phase ) { - case Peer::HANDSHAKE: - { - current_peer->handshake_done |= Peer::PEER; - - if ( current_peer->handshake_done == Peer::BOTH ) - HandshakeDone(current_peer); - break; - } - - case Peer::SYNC: - { - // Make sure that the other side is supposed to sent us this. - if ( current_peer->send_state ) - { - Log(LogError, "unexpected phase_done in sync phase from peer", current_peer); - CloseConnection(current_peer); - return false; - } - - if ( ! EnterPhaseRunning(current_peer) ) - { - if ( current_peer->suspended_processing ) - { - net_continue_processing(); - current_peer->suspended_processing = false; - } - - return false; - } - - if ( current_peer->suspended_processing ) - { - net_continue_processing(); - current_peer->suspended_processing = false; - } - - break; - } - - default: - Log(LogError, "unexpected phase_done", current_peer); - CloseConnection(current_peer); - } - - return true; - } - -bool RemoteSerializer::HandshakeDone(Peer* peer) - { - if ( peer->caps & Peer::COMPRESSION && peer->comp_level > 0 ) - if ( ! SendToChild(MSG_COMPRESS, peer, 1, peer->comp_level) ) - return false; - - if ( ! (peer->caps & Peer::PID_64BIT) ) - Log(LogInfo, "peer does not support 64bit PIDs; using compatibility mode", peer); - - if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) ) - Log(LogInfo, "peer supports keep-in-cache; using that", peer); - - if ( (peer->caps & Peer::BROCCOLI_PEER) ) - Log(LogInfo, "peer is a Broccoli", peer); - - if ( peer->logs_requested ) - log_mgr->SendAllWritersTo(peer->id); - - if ( peer->sync_requested != Peer::NONE ) - { - if ( in_sync ) - { - Log(LogInfo, "another sync in progress, waiting...", - peer); - sync_pending.append(peer); - return true; - } - - if ( (peer->sync_requested & Peer::AUTH_PEER) && - (peer->sync_requested & Peer::AUTH_WE) ) - { - Log(LogError, "misconfiguration: authoritative state on both sides", - current_peer); - CloseConnection(peer); - return false; - } - - in_sync = peer; - peer->phase = Peer::SYNC; - - // If only one side has requested state synchronization, - // it will get all the state from the peer. - // - // If both sides have shown interest, the one considering - // itself authoritative will send the state. If none is - // authoritative, the peer which is running longest sends - // its state. - // - if ( (peer->sync_requested & Peer::BOTH) != Peer::BOTH ) - { - // One side. - if ( peer->sync_requested & Peer::PEER ) - peer->send_state = true; - else if ( peer->sync_requested & Peer::WE ) - peer->send_state = false; - else - reporter->InternalError("illegal sync_requested value"); - } - else - { - // Both. - if ( peer->sync_requested & Peer::AUTH_WE ) - peer->send_state = true; - else if ( peer->sync_requested & Peer::AUTH_PEER ) - peer->send_state = false; - else - { - if ( peer->our_runtime == peer->runtime ) - peer->send_state = peer->orig; - else - peer->send_state = (peer->our_runtime > - peer->runtime); - } - } - - Log(LogInfo, fmt("phase: sync (%s)", (peer->send_state ? "sender" : "receiver")), peer); - - if ( peer->send_state ) - { - SerialInfo* info = new SerialInfo(this); - SendAllSynchronized(peer, info); - } - - else - { - // Suspend until we got everything. - net_suspend_processing(); - peer->suspended_processing = true; - } - } - else - return EnterPhaseRunning(peer); - - return true; - } - -bool RemoteSerializer::ProcessPingMsg() - { - if ( ! current_peer ) - return false; - - if ( ! SendToChild(MSG_PONG, current_peer, - current_args->data, current_args->len) ) - return false; - - return true; - } - -bool RemoteSerializer::ProcessPongMsg() - { - if ( ! current_peer ) - return false; - - ping_args* args = (ping_args*) current_args->data; - - mgr.QueueEvent(remote_pong, { - current_peer->val->Ref(), - val_mgr->GetCount((unsigned int) ntohl(args->seq)), - new Val(current_time(true) - ntohd(args->time1), - TYPE_INTERVAL), - new Val(ntohd(args->time2), TYPE_INTERVAL), - new Val(ntohd(args->time3), TYPE_INTERVAL) - }); - return true; - } - -bool RemoteSerializer::ProcessCapsMsg() - { - if ( ! current_peer ) - return false; - - uint32* args = (uint32*) current_args->data; - current_peer->caps = ntohl(args[0]); - return true; - } - -bool RemoteSerializer::ProcessLogMsg(bool is_error) - { - Log(is_error ? LogError : LogInfo, current_args->data, 0, LogChild); - return true; - } - -bool RemoteSerializer::ProcessStatsMsg() - { - // Take the opportunity to log our stats, too. - LogStats(); - - // Split the concatenated child stats into indiviual log messages. - int count = 0; - for ( char* p = current_args->data; - p < current_args->data + current_args->len; p += strlen(p) + 1 ) - Log(LogInfo, fmt("child statistics: [%d] %s", count++, p), - current_peer); - - return true; - } - -bool RemoteSerializer::ProcessCaptureFilterMsg() - { - if ( ! current_peer ) - return false; - - RaiseEvent(remote_capture_filter, current_peer, current_args->data); - return true; - } - -bool RemoteSerializer::CheckSyncPoints() - { - if ( ! current_sync_point ) - return false; - - int ready = 0; - - loop_over_list(peers, i) - if ( peers[i]->sync_point >= current_sync_point ) - ready++; - - if ( ready < remote_trace_sync_peers ) - return false; - - if ( current_sync_point == FINAL_SYNC_POINT ) - { - Log(LogInfo, fmt("all peers reached final sync-point, going to finish")); - Terminate(); - } - else - Log(LogInfo, fmt("all peers reached sync-point %u", - current_sync_point)); - - if ( syncing_times ) - { - loop_over_list(peers, i) - { - if ( peers[i]->suspended_processing ) - { - net_continue_processing(); - peers[i]->suspended_processing = false; - } - } - - syncing_times = false; - } - - return true; - } - -bool RemoteSerializer::ProcessSyncPointMsg() - { - if ( ! current_peer ) - return false; - - uint32* args = (uint32*) current_args->data; - uint32 count = ntohl(args[0]); - - current_peer->sync_point = max(current_peer->sync_point, count); - - if ( current_peer->sync_point == FINAL_SYNC_POINT ) - Log(LogInfo, fmt("reached final sync-point"), current_peer); - else - Log(LogInfo, fmt("reached sync-point %u", current_peer->sync_point), current_peer); - - if ( syncing_times ) - CheckSyncPoints(); - - return true; - } - -bool RemoteSerializer::ProcessSerialization() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - SetCache(current_peer->cache_in); - UnserialInfo info(this); - - bool accept_state = current_peer->accept_state; - -#if 0 - // If processing is suspended, we unserialize the data but throw - // it away. - if ( current_peer->phase == Peer::RUNNING && - net_is_processing_suspended() ) - accept_state = false; -#endif - - assert(current_args); - info.chunk = current_args; - - info.install_globals = accept_state; - info.install_conns = accept_state; - info.ignore_callbacks = ! accept_state; - - if ( current_peer->phase != Peer::RUNNING ) - info.id_policy = UnserialInfo::InstantiateNew; - else - info.id_policy = accept_state ? - UnserialInfo::CopyNewToCurrent : - UnserialInfo::Keep; - - if ( ! (current_peer->caps & Peer::PID_64BIT) || - current_peer->phase != Peer::RUNNING ) - info.pid_32bit = true; - - if ( (current_peer->caps & Peer::NEW_CACHE_STRATEGY) && - current_peer->phase == Peer::RUNNING ) - info.new_cache_strategy = true; - - if ( current_peer->caps & Peer::BROCCOLI_PEER ) - info.broccoli_peer = true; - - if ( ! forward_remote_state_changes ) - ignore_accesses = true; - - source_peer = current_peer; - int i = Unserialize(&info); - source_peer = 0; - - if ( ! forward_remote_state_changes ) - ignore_accesses = false; - - if ( i < 0 ) - { - Log(LogError, "unserialization error", current_peer); - CloseConnection(current_peer); - // Error - return false; - } - - return true; - } - -bool RemoteSerializer::FlushPrintBuffer(Peer* p) - { - if ( p->state == Peer::CLOSING ) - return false; - - if ( ! (p->print_buffer && p->print_buffer_used) ) - return true; - - SendToChild(MSG_REMOTE_PRINT, p, p->print_buffer, p->print_buffer_used); - - p->print_buffer = new char[PRINT_BUFFER_SIZE]; - p->print_buffer_used = 0; - return true; - } - -bool RemoteSerializer::SendPrintHookEvent(BroFile* f, const char* txt, size_t len) - { - loop_over_list(peers, i) - { - Peer* p = peers[i]; - - if ( ! p->print_buffer ) - continue; - - const char* fname = f->Name(); - if ( ! fname ) - continue; // not a managed file. - - // We cut off everything after the max buffer size. That - // makes the code a bit easier, and we shouldn't have such - // long lines anyway. - len = min(len, PRINT_BUFFER_SIZE - strlen(fname) - 2); - - // If there's not enough space in the buffer, flush it. - - int need = strlen(fname) + 1 + len + 1; - if ( p->print_buffer_used + need > PRINT_BUFFER_SIZE ) - { - if ( ! FlushPrintBuffer(p) ) - return false; - } - - assert(p->print_buffer_used + need <= PRINT_BUFFER_SIZE); - - char* dst = p->print_buffer + p->print_buffer_used; - strcpy(dst, fname); - dst += strlen(fname) + 1; - memcpy(dst, txt, len); - dst += len; - *dst++ = '\0'; - - p->print_buffer_used = dst - p->print_buffer; - } - - return true; - } - -bool RemoteSerializer::ProcessRemotePrint() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - const char* p = current_args->data; - while ( p < current_args->data + current_args->len ) - { - const char* fname = p; - p += strlen(p) + 1; - const char* txt = p; - p += strlen(p) + 1; - - val_list* vl = new val_list(2); - BroFile* f = BroFile::GetFile(fname); - Ref(f); - vl->append(new Val(f)); - vl->append(new StringVal(txt)); - GotEvent("print_hook", -1.0, print_hook, vl); - } - - return true; - } - -bool RemoteSerializer::SendLogCreateWriter(EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields) - { - loop_over_list(peers, i) - { - SendLogCreateWriter(peers[i]->id, id, writer, info, num_fields, fields); - } - - return true; - } - -bool RemoteSerializer::SendLogCreateWriter(PeerID peer_id, EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields) - { - SetErrorDescr("logging"); - - ChunkedIO::Chunk* c = 0; - - Peer* peer = LookupPeer(peer_id, true); - if ( ! peer ) - return false; - - if ( peer->phase != Peer::HANDSHAKE && peer->phase != Peer::RUNNING ) - return false; - - if ( ! peer->logs_requested ) - return false; - - BinarySerializationFormat fmt; - - fmt.StartWrite(); - - bool success = fmt.Write(id->AsEnum(), "id") && - fmt.Write(writer->AsEnum(), "writer") && - fmt.Write(num_fields, "num_fields") && - info.Write(&fmt); - - if ( ! success ) - goto error; - - for ( int i = 0; i < num_fields; i++ ) - { - if ( ! fields[i]->Write(&fmt) ) - goto error; - } - - if ( ! SendToChild(MSG_LOG_CREATE_WRITER, peer, 0) ) - goto error; - - c = new ChunkedIO::Chunk; - c->len = fmt.EndWrite(&c->data); - c->free_func = ChunkedIO::Chunk::free_func_free; - - if ( ! SendToChild(c) ) - goto error; - - return true; - -error: - delete c; - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendLogWrite(EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals) - { - loop_over_list(peers, i) - { - SendLogWrite(peers[i], id, writer, path, num_fields, vals); - } - - return true; - } - -bool RemoteSerializer::SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals) - { - if ( peer->phase != Peer::HANDSHAKE && peer->phase != Peer::RUNNING ) - return false; - - if ( ! peer->logs_requested ) - return false; - - if ( ! peer->log_buffer ) - // Peer shutting down. - return false; - - // Serialize the log record entry. - - BinarySerializationFormat fmt; - - fmt.StartWrite(); - - bool success = fmt.Write(id->AsEnum(), "id") && - fmt.Write(writer->AsEnum(), "writer") && - fmt.Write(path, "path") && - fmt.Write(num_fields, "num_fields"); - - if ( ! success ) - goto error; - - for ( int i = 0; i < num_fields; i++ ) - { - if ( ! vals[i]->Write(&fmt) ) - goto error; - } - - // Ok, we have the binary data now. - char* data; - int len; - - len = fmt.EndWrite(&data); - - assert(len > 10); - - // Do we have not enough space in the buffer, or was the last flush a - // while ago? If so, flush first. - if ( len > (LOG_BUFFER_SIZE - peer->log_buffer_used) || (network_time - last_flush > 1.0) ) - { - if ( ! FlushLogBuffer(peer) ) - { - free(data); - return false; - } - } - - // If the data is actually larger than our complete buffer, just send it out. - if ( len > LOG_BUFFER_SIZE ) - return SendToChild(MSG_LOG_WRITE, peer, data, len, true); - - // Now we have space in the buffer, copy it into there. - memcpy(peer->log_buffer + peer->log_buffer_used, data, len); - peer->log_buffer_used += len; - assert(peer->log_buffer_used <= LOG_BUFFER_SIZE); - - free(data); - - return true; - -error: - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::FlushLogBuffer(Peer* p) - { - if ( ! p->logs_requested ) - return false; - - last_flush = network_time; - - if ( p->state == Peer::CLOSING ) - return false; - - if ( ! (p->log_buffer && p->log_buffer_used) ) - return true; - - char* data = new char[p->log_buffer_used]; - memcpy(data, p->log_buffer, p->log_buffer_used); - SendToChild(MSG_LOG_WRITE, p, data, p->log_buffer_used); - - p->log_buffer_used = 0; - return true; - } - -bool RemoteSerializer::ProcessLogCreateWriter() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - -#ifdef USE_PERFTOOLS_DEBUG - // Don't track allocations here, they'll be released only after the - // main loop exists. And it's just a tiny amount anyway. - HeapLeakChecker::Disabler disabler; -#endif - - assert(current_args); - - EnumVal* id_val = 0; - EnumVal* writer_val = 0; - threading::Field** fields = 0; - int delete_fields_up_to = -1; - - BinarySerializationFormat fmt; - fmt.StartRead(current_args->data, current_args->len); - - int id, writer; - int num_fields; - logging::WriterBackend::WriterInfo* info = new logging::WriterBackend::WriterInfo(); - - bool success = fmt.Read(&id, "id") && - fmt.Read(&writer, "writer") && - fmt.Read(&num_fields, "num_fields") && - info->Read(&fmt); - - if ( ! success ) - goto error; - - fields = new threading::Field* [num_fields]; - - for ( int i = 0; i < num_fields; i++ ) - { - fields[i] = new threading::Field; - if ( ! fields[i]->Read(&fmt) ) - { - delete_fields_up_to = i + 1; - goto error; - } - } - - fmt.EndRead(); - - id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); - writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); - - if ( ! log_mgr->CreateWriterForRemoteLog(id_val, writer_val, info, num_fields, fields) ) - { - info = 0; - fields = 0; - goto error; - } - - Unref(id_val); - Unref(writer_val); - - return true; - -error: - Unref(id_val); - Unref(writer_val); - delete info; - - for ( int i = 0; i < delete_fields_up_to; ++i ) - delete fields[i]; - - delete [] fields; - Error("write error for creating writer"); - return false; - } - -bool RemoteSerializer::ProcessLogWrite() - { - if ( current_peer->state == Peer::CLOSING ) - return false; - - assert(current_args); - - BinarySerializationFormat fmt; - fmt.StartRead(current_args->data, current_args->len); - - while ( fmt.BytesRead() != (int)current_args->len ) - { - // Unserialize one entry. - EnumVal* id_val = 0; - EnumVal* writer_val = 0; - threading::Value** vals = 0; - - int id, writer; - string path; - int num_fields; - - bool success = fmt.Read(&id, "id") && - fmt.Read(&writer, "writer") && - fmt.Read(&path, "path") && - fmt.Read(&num_fields, "num_fields"); - - if ( ! success ) - goto error; - - vals = new threading::Value* [num_fields]; - - for ( int i = 0; i < num_fields; i++ ) - { - vals[i] = new threading::Value; - - if ( ! vals[i]->Read(&fmt) ) - { - for ( int j = 0; j <= i; ++j ) - delete vals[j]; - - delete [] vals; - goto error; - } - } - - id_val = internal_type("Log::ID")->AsEnumType()->GetVal(id); - writer_val = internal_type("Log::Writer")->AsEnumType()->GetVal(writer); - - success = log_mgr->WriteFromRemote(id_val, writer_val, path, num_fields, vals); - - Unref(id_val); - Unref(writer_val); - - if ( ! success ) - goto error; - - } - - fmt.EndRead(); - - ++received_logs; - - return true; - -error: - Error("write error for log entry"); - return false; - } - -void RemoteSerializer::GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) - { - if ( time >= 0 ) - { - // Marker for being called from ProcessRemotePrint(). - DEBUG_COMM("parent: got event"); - ++stats.events.in; - } - - if ( ! current_peer ) - { - Error("unserialized event from unknown peer"); - delete_vals(args); - return; - } - - BufferedEvent* e = new BufferedEvent; - - // Our time, not the time when the event was generated. - e->time = iosource_mgr->GetPktSrcs().size() ? - time_t(network_time) : time_t(timer_mgr->Time()); - - e->src = current_peer->id; - e->handler = event; - e->args = args; - - // If needed, coerce received record arguments to the expected record type. - if ( e->handler->FType() ) - { - const type_list* arg_types = e->handler->FType()->ArgTypes()->Types(); - loop_over_list(*args, i) - { - Val* v = (*args)[i]; - BroType* v_t = v->Type(); - BroType* arg_t = (*arg_types)[i]; - if ( v_t->Tag() == TYPE_RECORD && arg_t->Tag() == TYPE_RECORD ) - { - if ( ! same_type(v_t, arg_t) ) - { - Val* nv = v->AsRecordVal()->CoerceTo(arg_t->AsRecordType()); - if ( nv ) - { - args->replace(i, nv); - Unref(v); - } - } - } - } - } - - events.append(e); - } - -void RemoteSerializer::GotFunctionCall(const char* name, double time, - Func* function, val_list* args) - { - DEBUG_COMM("parent: got function call"); - ++stats.events.in; - - if ( ! current_peer ) - { - Error("unserialized function from unknown peer"); - delete_vals(args); - return; - } - - try - { - function->Call(args); - } - - catch ( InterpreterException& e ) - { /* Already reported. */ } - } - -void RemoteSerializer::GotID(ID* id, Val* val) - { - ++stats.ids.in; - - if ( ! current_peer ) - { - Error("unserialized id from unknown peer"); - Unref(id); - return; - } - - if ( current_peer->phase == Peer::HANDSHAKE && - streq(id->Name(), "peer_description") ) - { - if ( val->Type()->Tag() != TYPE_STRING ) - { - Error("peer_description not a string"); - Unref(id); - return; - } - - const char* desc = val->AsString()->CheckString(); - current_peer->val->Assign(4, new StringVal(desc)); - - Log(LogInfo, fmt("peer_description is %s", *desc ? desc : "not set"), - current_peer); - - Unref(id); - return; - } - - if ( id->Name()[0] == '#' ) - { - // This is a globally unique, non-user-visible ID. - - // Only MutableVals can be bound to names starting with '#'. - assert(val->IsMutableVal()); - - // It must be already installed in the global namespace: - // either we saw it before, or MutableVal::Unserialize() - // installed it. - assert(global_scope()->Lookup(id->Name())); - - // Only synchronized values can arrive here. - // FIXME: Johanna, rip me out. - // assert(((MutableVal*) val)->GetProperties() & MutableVal::SYNCHRONIZED); - - DBG_LOG(DBG_COMM, "got ID %s from peer\n", id->Name()); - } - - Unref(id); - } - -void RemoteSerializer::GotConnection(Connection* c) - { - ++stats.conns.in; - - // Nothing else to-do. Connection will be installed automatically - // (if allowed). - - Unref(c); - } - -void RemoteSerializer::GotStateAccess(StateAccess* s) - { - ++stats.accesses.in; - - ODesc d; - DBG_LOG(DBG_COMM, "got StateAccess: %s", (s->Describe(&d), d.Description())); - - if ( ! current_peer ) - { - Error("unserialized function from unknown peer"); - return; - } - - if ( current_peer->sync_requested & Peer::WE ) - s->Replay(); - - delete s; - } - -void RemoteSerializer::GotTimer(Timer* s) - { - reporter->Error("RemoteSerializer::GotTimer not implemented"); - } - -void RemoteSerializer::GotPacket(Packet* p) - { - ++stats.packets.in; - - BufferedPacket* bp = new BufferedPacket; - bp->time = time_t(timer_mgr->Time()); - bp->p = p; - packets.append(bp); - } - -void RemoteSerializer::Log(LogLevel level, const char* msg) - { - Log(level, msg, 0, LogParent); - } - -void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer, - LogSrc src) - { - if ( peer ) - { - mgr.QueueEvent(remote_log_peer, { - peer->val->Ref(), - val_mgr->GetCount(level), - val_mgr->GetCount(src), - new StringVal(msg) - }); - } - else - { - mgr.QueueEvent(remote_log, { - val_mgr->GetCount(level), - val_mgr->GetCount(src), - new StringVal(msg) - }); - } - -#ifdef DEBUG - const int BUFSIZE = 1024; - char buffer[BUFSIZE]; - int len = 0; - - if ( peer ) - len += snprintf(buffer + len, sizeof(buffer) - len, "[#%d/%s:%d] ", - int(peer->id), peer->ip.AsURIString().c_str(), - peer->port); - - len += safe_snprintf(buffer + len, sizeof(buffer) - len, "%s", msg); - - DEBUG_COMM(fmt("parent: %.6f %s", current_time(), buffer)); -#endif - } - -void RemoteSerializer::RaiseEvent(EventHandlerPtr event, Peer* peer, - const char* arg) - { - val_list vl(1 + (bool)arg); - - if ( peer ) - { - Ref(peer->val); - vl.append(peer->val); - } - else - { - Val* v = mgr.GetLocalPeerVal(); - v->Ref(); - vl.append(v); - } - - if ( arg ) - vl.append(new StringVal(arg)); - - // If we only have remote sources, the network time - // will not increase as long as no peers are connected. - // Therefore, we send these events immediately. - mgr.Dispatch(new Event(event, std::move(vl), PEER_LOCAL)); - } - -void RemoteSerializer::LogStats() - { - if ( ! io ) - return; - - char buffer[512]; - io->Stats(buffer, 512); - Log(LogInfo, fmt("parent statistics: %s events=%lu/%lu operations=%lu/%lu", - buffer, stats.events.in, stats.events.out, - stats.accesses.in, stats.accesses.out)); - } - -RecordVal* RemoteSerializer::GetPeerVal(PeerID id) - { - Peer* peer = LookupPeer(id, true); - if ( ! peer ) - return 0; - - Ref(peer->val); - return peer->val; - } - -void RemoteSerializer::ChildDied() - { - Log(LogError, "child died"); - SetClosed(true); - child_pid = 0; - - // Shut down the main process as well. - terminate_processing(); - } - -bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer) - { - if ( ! sendCMsg(io, msg_type, peer ? peer->id : PEER_NONE) ) - { - reporter->Warning("can't send message of type %d: %s", - msg_type, io->Error()); - return false; - } - return true; - } - -bool RemoteSerializer::SendToChild(char type, Peer* peer, char* str, int len, - bool delete_with_free) - { - DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str)); - - if ( child_pid && sendToIO(io, type, peer ? peer->id : PEER_NONE, str, len, - delete_with_free) ) - return true; - - if ( delete_with_free ) - free(str); - else - delete [] str; - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendToChild(char type, Peer* peer, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap, nargs); - DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ",%s)", - msgToStr(type), peer ? peer->id : PEER_NONE, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - if ( child_pid ) - { - va_start(ap, nargs); - bool ret = sendToIO(io, type, peer ? peer->id : PEER_NONE, nargs, ap); - va_end(ap); - - if ( ret ) - return true; - } - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -bool RemoteSerializer::SendToChild(ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("parent: (->child) chunk of size %d", c->len)); - - if ( child_pid && sendToIO(io, c) ) - return true; - - c->free_func(c->data); - c->data = 0; - - if ( ! child_pid ) - return false; - - if ( io->Eof() ) - ChildDied(); - - FatalError(io->Error()); - return false; - } - -void RemoteSerializer::FatalError(const char* msg) - { - msg = fmt("fatal error, shutting down communication: %s", msg); - Log(LogError, msg); - reporter->Error("%s", msg); - - SetClosed(true); - - if ( kill(child_pid, SIGQUIT) < 0 ) - reporter->Warning("warning: cannot kill child pid %d, %s", child_pid, strerror(errno)); - - child_pid = 0; - using_communication = false; - io->Clear(); - - loop_over_list(peers, i) - { - // Make perftools happy. - Peer* p = peers[i]; - delete [] p->log_buffer; - delete [] p->print_buffer; - p->log_buffer = p->print_buffer = 0; - } - } - -bool RemoteSerializer::IsActive() - { - if ( listening ) - return true; - - loop_over_list(peers, i) - if ( peers[i]->state == Peer::PENDING || - peers[i]->state == Peer::CONNECTED ) - return true; - - return false; - } - -void RemoteSerializer::ReportError(const char* msg) - { - if ( current_peer && current_peer->phase != Peer::SETUP ) - RaiseEvent(remote_connection_error, current_peer, msg); - Log(LogError, msg, current_peer); - } - -void RemoteSerializer::InternalCommError(const char* msg) - { -#ifdef DEBUG_COMMUNICATION - DumpDebugData(); -#else - reporter->InternalError("%s", msg); -#endif - } - -#ifdef DEBUG_COMMUNICATION - -void RemoteSerializer::DumpDebugData() - { - Log(LogError, "dumping debug data and terminating ..."); - io->DumpDebugData("comm-dump.parent", true); - io->DumpDebugData("comm-dump.parent", false); - SendToChild(MSG_DEBUG_DUMP, 0, 0); - Terminate(); - } - -static ChunkedIO* openDump(const char* file) - { - int fd = open(file, O_RDONLY, 0600); - - if ( fd < 0 ) - { - reporter->Error("cannot open %s: %s\n", file, strerror(errno)); - return 0; - } - - return new ChunkedIOFd(fd, "dump-file"); - } - -void RemoteSerializer::ReadDumpAsMessageType(const char* file) - { - ChunkedIO* io = openDump(file); - if ( ! io ) - return; - - ChunkedIO::Chunk* chunk; - - if ( ! io->Read(&chunk, true ) ) - { - reporter->Error("cannot read %s: %s\n", file, strerror(errno)); - return; - } - - CMsg* msg = (CMsg*) chunk->data; - - delete [] chunk->data; - delete io; - } - -void RemoteSerializer::ReadDumpAsSerialization(const char* file) - { - FileSerializer s; - UnserialInfo info(&s); - info.print = stdout; - info.install_uniques = info.ignore_callbacks = true; - s.Read(&info, file, false); - } - -#endif - -//////////////////////////// - -// If true (set by signal handler), we will log some stats to parent. -static bool log_stats = false; -static bool log_prof = false; - -// How often stats are sent (in seconds). -// Perhaps we should make this configurable... -const int STATS_INTERVAL = 60; - -static RETSIGTYPE sig_handler_log(int signo) - { - // SIGALRM is the only one we get. - log_stats = true; - } - -static RETSIGTYPE sig_handler_prof(int signo) - { - log_prof = true; - } - -SocketComm::SocketComm() - { - io = 0; - - // We start the ID counter high so that IDs assigned by us - // (hopefully) don't conflict with those of our parent. - id_counter = 10000; - parent_peer = 0; - parent_msgstate = TYPE; - parent_id = RemoteSerializer::PEER_NONE; - parent_msgtype = 0; - parent_args = 0; - shutting_conns_down = false; - terminating = false; - killing = false; - - listen_port = 0; - listen_ssl = false; - enable_ipv6 = false; - bind_retry_interval = 0; - listen_next_try = 0; - - // We don't want to use the signal handlers of our parent. - (void) setsignal(SIGTERM, SIG_DFL); - (void) setsignal(SIGINT, SIG_DFL); - (void) setsignal(SIGUSR1, SIG_DFL); - (void) setsignal(SIGUSR2, SIG_DFL); - (void) setsignal(SIGCONT, SIG_DFL); - (void) setsignal(SIGCHLD, SIG_DFL); - - // Raping SIGPROF for profiling - (void) setsignal(SIGPROF, sig_handler_prof); - (void) setsignal(SIGALRM, sig_handler_log); - alarm(STATS_INTERVAL); - } - -SocketComm::~SocketComm() - { - loop_over_list(peers, i) - delete peers[i]->io; - - delete io; - CloseListenFDs(); - } - -static unsigned int first_rtime = 0; - -static void fd_vector_set(const std::vector& fds, fd_set* set, int* max) - { - for ( size_t i = 0; i < fds.size(); ++i ) - { - FD_SET(fds[i], set); - *max = ::max(fds[i], *max); - } - } - -void SocketComm::Run() - { - first_rtime = (unsigned int) current_time(true); - - while ( true ) - { - // Logging signaled? - if ( log_stats ) - LogStats(); - - // Termination signaled - if ( terminating ) - CheckFinished(); - - // Build FDSets for select. - fd_set fd_read, fd_write, fd_except; - - FD_ZERO(&fd_read); - FD_ZERO(&fd_write); - FD_ZERO(&fd_except); - - int max_fd = io->Fd(); - FD_SET(io->Fd(), &fd_read); - max_fd = std::max(max_fd, io->ExtraReadFDs().Set(&fd_read)); - - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - { - FD_SET(peers[i]->io->Fd(), &fd_read); - if ( peers[i]->io->Fd() > max_fd ) - max_fd = peers[i]->io->Fd(); - max_fd = std::max(max_fd, - peers[i]->io->ExtraReadFDs().Set(&fd_read)); - } - else - { - if ( peers[i]->next_try > 0 && - time(0) > peers[i]->next_try ) - // Try reconnect. - Connect(peers[i]); - } - } - - if ( listen_next_try && time(0) > listen_next_try ) - Listen(); - - for ( size_t i = 0; i < listen_fds.size(); ++i ) - { - FD_SET(listen_fds[i], &fd_read); - if ( listen_fds[i] > max_fd ) - max_fd = listen_fds[i]; - } - - if ( io->IsFillingUp() && ! shutting_conns_down ) - { - Error("queue to parent filling up; shutting down heaviest connection"); - - const ChunkedIO::Statistics* stats = 0; - unsigned long max = 0; - Peer* max_peer = 0; - - loop_over_list(peers, i) - { - if ( ! peers[i]->connected ) - continue; - - stats = peers[i]->io->Stats(); - if ( stats->bytes_read > max ) - { - max = stats->bytes_read; - max_peer = peers[i]; - } - } - - if ( max_peer ) - CloseConnection(max_peer, true); - - shutting_conns_down = true; - } - - if ( ! io->IsFillingUp() && shutting_conns_down ) - shutting_conns_down = false; - - static long selects = 0; - static long canwrites = 0; - - ++selects; - if ( io->CanWrite() ) - ++canwrites; - - struct timeval timeout; - timeout.tv_sec = 1; - timeout.tv_usec = 0; - - int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, &timeout); - - if ( selects % 100000 == 0 ) - Log(fmt("selects=%ld canwrites=%ld pending=%lu", - selects, canwrites, io->Stats()->pending)); - - if ( a < 0 ) - // Ignore errors for now. - continue; - - if ( io->CanRead() ) - ProcessParentMessage(); - - io->Flush(); - - loop_over_list(peers, j) - { - // We have to be careful here as the peer may - // be removed when an error occurs. - Peer* current = peers[j]; - int round = 0; - while ( ++round <= 10 && j < peers.length() && - peers[j] == current && current->connected && - current->io->CanRead() ) - { - ProcessRemoteMessage(current); - } - } - - for ( size_t i = 0; i < listen_fds.size(); ++i ) - if ( FD_ISSET(listen_fds[i], &fd_read) ) - AcceptConnection(listen_fds[i]); - - // Hack to display CPU usage of the child, triggered via - // SIGPROF. - static unsigned int first_rtime = 0; - if ( first_rtime == 0 ) - first_rtime = (unsigned int) current_time(true); - - if ( log_prof ) - { - LogProf(); - log_prof = false; - } - } - } - -bool SocketComm::ProcessParentMessage() - { - switch ( parent_msgstate ) { - case TYPE: - { - parent_peer = 0; - parent_msgtype = MSG_NONE; - - // CMsg follows - ChunkedIO::Chunk* c; - if ( ! io->Read(&c) ) - { - if ( io->Eof() ) - Error("parent died", true); - - Error(fmt("can't read parent's cmsg: %s", - io->Error()), true); - return false; - } - - if ( ! c ) - return true; - - CMsg* msg = (CMsg*) c->data; - parent_peer = LookupPeer(msg->Peer(), false); - parent_id = msg->Peer(); - parent_msgtype = msg->Type(); - parent_args = 0; - - delete c; - - switch ( parent_msgtype ) { - case MSG_LISTEN_STOP: - case MSG_CLOSE: - case MSG_CLOSE_ALL: - case MSG_TERMINATE: - case MSG_PHASE_DONE: - case MSG_DEBUG_DUMP: - case MSG_REQUEST_LOGS: - { - // No further argument chunk. - parent_msgstate = TYPE; - return DoParentMessage(); - } - - case MSG_LISTEN: - case MSG_CONNECT_TO: - case MSG_COMPRESS: - case MSG_PING: - case MSG_PONG: - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // One further argument chunk. - parent_msgstate = ARGS; - return ProcessParentMessage(); - } - - default: - InternalError(fmt("unknown msg type %d", parent_msgtype)); - return true; - } - } - - case ARGS: - { - // Argument chunk follows. - ChunkedIO::Chunk* c = 0; - READ_CHUNK(io, c, Error("parent died", true), true); - parent_args = c; - parent_msgstate = TYPE; - bool result = DoParentMessage(); - - if ( parent_args ) - { - delete parent_args; - parent_args = 0; - } - - return result; - } - - default: - InternalError("unknown msgstate"); - } - - // Cannot be reached. - return false; - } - -bool SocketComm::DoParentMessage() - { - switch ( parent_msgtype ) { - - case MSG_LISTEN_STOP: - { - CloseListenFDs(); - - Log("stopped listening"); - - return true; - } - - case MSG_CLOSE: - { - if ( parent_peer && parent_peer->connected ) - CloseConnection(parent_peer, false); - return true; - } - - case MSG_CLOSE_ALL: - { - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - CloseConnection(peers[i], false); - } - return true; - } - - case MSG_TERMINATE: - { - terminating = true; - CheckFinished(); - return true; - } - - case MSG_DEBUG_DUMP: - { -#ifdef DEBUG_COMMUNICATION - io->DumpDebugData("comm-dump.child.pipe", true); - io->DumpDebugData("comm-dump.child.pipe", false); - - loop_over_list(peers, j) - { - RemoteSerializer::PeerID id = peers[j]->id; - peers[j]->io->DumpDebugData(fmt("comm-dump.child.peer.%d", id), true); - peers[j]->io->DumpDebugData(fmt("comm-dump.child.peer.%d", id), false); - } -#else - InternalError("DEBUG_DUMP support not compiled in"); -#endif - return true; - } - - case MSG_LISTEN: - return ProcessListen(); - - case MSG_CONNECT_TO: - return ProcessConnectTo(); - - case MSG_COMPRESS: - return ProcessParentCompress(); - - case MSG_PING: - { - // Set time2. - assert(parent_args); - ping_args* args = (ping_args*) parent_args->data; - args->time2 = htond(current_time(true)); - return ForwardChunkToPeer(); - } - - case MSG_PONG: - { - assert(parent_args); - // Calculate time delta. - ping_args* args = (ping_args*) parent_args->data; - args->time3 = htond(current_time(true) - ntohd(args->time3)); - return ForwardChunkToPeer(); - } - - case MSG_PHASE_DONE: - case MSG_REQUEST_LOGS: - { - // No argument block follows. - if ( parent_peer && parent_peer->connected ) - { - DEBUG_COMM(fmt("child: forwarding %s to peer", msgToStr(parent_msgtype))); - if ( ! SendToPeer(parent_peer, parent_msgtype, 0) ) - return false; - } - - return true; - } - - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - assert(parent_args); - return ForwardChunkToPeer(); - - default: - InternalError("ProcessParentMessage: unexpected state"); - } - - InternalError("cannot be reached"); - return false; - } - -bool SocketComm::ForwardChunkToPeer() - { - char state = parent_msgtype; - - if ( parent_peer && parent_peer->connected ) - { - DEBUG_COMM("child: forwarding with 1 arg to peer"); - - if ( ! SendToPeer(parent_peer, state, 0) ) - return false; - - if ( ! SendToPeer(parent_peer, parent_args) ) - return false; - - parent_args = 0; - } - else - { -#ifdef DEBUG - if ( parent_peer ) - DEBUG_COMM(fmt("child: not connected to #%" PRI_SOURCE_ID, parent_id)); -#endif - } - - return true; - } - -bool SocketComm::ProcessConnectTo() - { - assert(parent_args); - vector args = tokenize(parent_args->data, ','); - - if ( args.size() != 6 ) - { - Error(fmt("ProcessConnectTo() bad number of arguments")); - return false; - } - - Peer* peer = new Peer; - - if ( ! atoi_n(args[0].size(), args[0].c_str(), 0, 10, peer->id) ) - { - Error(fmt("ProccessConnectTo() bad peer id string")); - delete peer; - return false; - } - - peer->ip = IPAddr(args[1]); - peer->zone_id = args[2]; - - if ( ! atoi_n(args[3].size(), args[3].c_str(), 0, 10, peer->port) ) - { - Error(fmt("ProcessConnectTo() bad peer port string")); - delete peer; - return false; - } - - if ( ! atoi_n(args[4].size(), args[4].c_str(), 0, 10, peer->retry) ) - { - Error(fmt("ProcessConnectTo() bad peer retry string")); - delete peer; - return false; - } - - peer->ssl = false; - if ( args[5] != "0" ) - peer->ssl = true; - - return Connect(peer); - } - -bool SocketComm::ProcessListen() - { - assert(parent_args); - vector args = tokenize(parent_args->data, ','); - - if ( args.size() != 6 ) - { - Error(fmt("ProcessListen() bad number of arguments")); - return false; - } - - listen_if = args[0]; - - if ( ! atoi_n(args[1].size(), args[1].c_str(), 0, 10, listen_port) ) - { - Error(fmt("ProcessListen() bad peer port string")); - return false; - } - - listen_ssl = false; - if ( args[2] != "0" ) - listen_ssl = true; - - enable_ipv6 = false; - if ( args[3] != "0" ) - enable_ipv6 = true; - - listen_zone_id = args[4]; - - if ( ! atoi_n(args[5].size(), args[5].c_str(), 0, 10, bind_retry_interval) ) - { - Error(fmt("ProcessListen() bad peer port string")); - return false; - } - - return Listen(); - } - -bool SocketComm::ProcessParentCompress() - { - assert(parent_args); - uint32* args = (uint32*) parent_args->data; - - uint32 level = ntohl(args[0]); - - if ( ! parent_peer->compressor ) - { - parent_peer->io = new CompressedChunkedIO(parent_peer->io); - parent_peer->io->Init(); - parent_peer->compressor = true; - } - - // Signal compression to peer. - if ( ! SendToPeer(parent_peer, MSG_COMPRESS, 0) ) - return false; - - // This cast is safe. - CompressedChunkedIO* comp_io = (CompressedChunkedIO*) parent_peer->io; - comp_io->EnableCompression(level); - - Log(fmt("enabling compression (level %d)", level), parent_peer); - - return true; - } - -bool SocketComm::ProcessRemoteMessage(SocketComm::Peer* peer) - { - assert(peer); - - peer->io->Flush(); - - switch ( peer->state ) { - case MSG_NONE: - { // CMsg follows - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - CMsg* msg = (CMsg*) c->data; - - DEBUG_COMM(fmt("child: %s from peer #%" PRI_SOURCE_ID, - msgToStr(msg->Type()), peer->id)); - - switch ( msg->Type() ) { - case MSG_PHASE_DONE: - case MSG_REQUEST_LOGS: - // No further argument block. - DEBUG_COMM("child: forwarding with 0 args to parent"); - if ( ! SendToParent(msg->Type(), peer, 0) ) - return false; - break; - - default: - peer->state = msg->Type(); - } - - delete c; - - break; - } - - case MSG_COMPRESS: - ProcessPeerCompress(peer); - break; - - case MSG_PING: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - // Set time3. - ping_args* args = (ping_args*) c->data; - args->time3 = htond(current_time(true)); - return ForwardChunkToParent(peer, c); - } - - case MSG_PONG: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - // Calculate time delta. - ping_args* args = (ping_args*) c->data; - args->time2 = htond(current_time(true) - ntohd(args->time2)); - return ForwardChunkToParent(peer, c); - } - - case MSG_REQUEST_EVENTS: - case MSG_REQUEST_SYNC: - case MSG_SERIAL: - case MSG_CAPTURE_FILTER: - case MSG_VERSION: - case MSG_CAPS: - case MSG_SYNC_POINT: - case MSG_REMOTE_PRINT: - case MSG_LOG_CREATE_WRITER: - case MSG_LOG_WRITE: - { - // Messages with one further argument block which we simply - // forward to our parent. - ChunkedIO::Chunk* c; - READ_CHUNK(peer->io, c, - (CloseConnection(peer, true), peer), false) - - return ForwardChunkToParent(peer, c); - } - - default: - InternalError("ProcessRemoteMessage: unexpected state"); - } - - return true; - } - -bool SocketComm::ForwardChunkToParent(Peer* peer, ChunkedIO::Chunk* c) - { - char state = peer->state; - peer->state = MSG_NONE; - - DEBUG_COMM("child: forwarding message with 1 arg to parent"); - - if ( ! SendToParent(state, peer, 0) ) - return false; - - if ( ! SendToParent(c) ) - return false; - - io->Flush(); // FIXME: Needed? - return true; - } - -bool SocketComm::ProcessPeerCompress(Peer* peer) - { - peer->state = MSG_NONE; - - if ( ! parent_peer->compressor ) - { - parent_peer->io = new CompressedChunkedIO(parent_peer->io); - parent_peer->io->Init(); - parent_peer->compressor = true; - } - - // This cast is safe here. - ((CompressedChunkedIO*) peer->io)->EnableDecompression(); - Log("enabling decompression", peer); - return true; - } - -bool SocketComm::Connect(Peer* peer) - { - int status; - addrinfo hints, *res, *res0; - memset(&hints, 0, sizeof(hints)); - - hints.ai_family = PF_UNSPEC; - hints.ai_protocol = IPPROTO_TCP; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_NUMERICHOST; - - char port_str[16]; - modp_uitoa10(peer->port, port_str); - - string gaihostname(peer->ip.AsString()); - if ( peer->zone_id != "" ) - gaihostname.append("%").append(peer->zone_id); - - status = getaddrinfo(gaihostname.c_str(), port_str, &hints, &res0); - if ( status != 0 ) - { - Error(fmt("getaddrinfo error: %s", gai_strerror(status))); - return false; - } - - int sockfd = -1; - for ( res = res0; res; res = res->ai_next ) - { - sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if ( sockfd < 0 ) - { - Error(fmt("can't create connect socket, %s", strerror(errno))); - continue; - } - - if ( connect(sockfd, res->ai_addr, res->ai_addrlen) < 0 ) - { - Error(fmt("connect failed: %s", strerror(errno)), peer); - safe_close(sockfd); - sockfd = -1; - continue; - } - - break; - } - - freeaddrinfo(res0); - - bool connected = sockfd != -1; - - if ( ! (connected || peer->retry) ) - { - CloseConnection(peer, false); - return false; - } - - Peer* existing_peer = LookupPeer(peer->id, false); - if ( existing_peer ) - { - *existing_peer = *peer; - peer = existing_peer; - } - else - peers.append(peer); - - peer->connected = connected; - peer->next_try = connected ? 0 : time(0) + peer->retry; - peer->state = MSG_NONE; - peer->io = 0; - peer->compressor = false; - - if ( connected ) - { - if ( peer->ssl ) - peer->io = new ChunkedIOSSL(sockfd, false); - else - peer->io = new ChunkedIOFd(sockfd, "child->peer"); - - if ( ! peer->io->Init() ) - { - Error(fmt("can't init peer io: %s", - peer->io->Error()), false); - return 0; - } - } - - if ( connected ) - { - Log("connected", peer); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), - peer->port); - - if ( ! SendToParent(MSG_CONNECTED, peer, data) ) - return false; - } - - return connected; - } - -bool SocketComm::CloseConnection(Peer* peer, bool reconnect) - { - if ( ! SendToParent(MSG_CLOSE, peer, 0) ) - return false; - - Log("connection closed", peer); - - if ( ! peer->retry || ! reconnect ) - { - peers.remove(peer); - delete peer->io; // This will close the fd. - delete peer; - } - else - { - delete peer->io; // This will close the fd. - peer->io = 0; - peer->connected = false; - peer->next_try = time(0) + peer->retry; - } - - if ( parent_peer == peer ) - { - parent_peer = 0; - parent_id = RemoteSerializer::PEER_NONE; - } - - return true; - } - -bool SocketComm::Listen() - { - int status, on = 1; - addrinfo hints, *res, *res0; - memset(&hints, 0, sizeof(hints)); - - IPAddr listen_ip(listen_if); - - if ( enable_ipv6 ) - { - if ( listen_ip == IPAddr("0.0.0.0") || listen_ip == IPAddr("::") ) - hints.ai_family = PF_UNSPEC; - else - hints.ai_family = (listen_ip.GetFamily() == IPv4 ? PF_INET : PF_INET6); - } - else - hints.ai_family = PF_INET; - - hints.ai_protocol = IPPROTO_TCP; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; - - char port_str[16]; - modp_uitoa10(listen_port, port_str); - - string scoped_addr(listen_if); - if ( listen_zone_id != "" ) - scoped_addr.append("%").append(listen_zone_id); - - const char* addr_str = 0; - if ( listen_ip != IPAddr("0.0.0.0") && listen_ip != IPAddr("::") ) - addr_str = scoped_addr.c_str(); - - CloseListenFDs(); - - if ( (status = getaddrinfo(addr_str, port_str, &hints, &res0)) != 0 ) - { - Error(fmt("getaddrinfo error: %s", gai_strerror(status))); - return false; - } - - for ( res = res0; res; res = res->ai_next ) - { - if ( res->ai_family != AF_INET && res->ai_family != AF_INET6 ) - { - Error(fmt("can't create listen socket: unknown address family, %d", - res->ai_family)); - continue; - } - - IPAddr a = (res->ai_family == AF_INET) ? - IPAddr(((sockaddr_in*)res->ai_addr)->sin_addr) : - IPAddr(((sockaddr_in6*)res->ai_addr)->sin6_addr); - - string l_addr_str(a.AsURIString()); - if ( listen_zone_id != "") - l_addr_str.append("%").append(listen_zone_id); - - int fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if ( fd < 0 ) - { - Error(fmt("can't create listen socket, %s", strerror(errno))); - continue; - } - - if ( setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0 ) - Error(fmt("can't set SO_REUSEADDR, %s", strerror(errno))); - - // For IPv6 listening sockets, we don't want do dual binding to also - // get IPv4-mapped addresses because that's not as portable. e.g. - // many BSDs don't allow that. - if ( res->ai_family == AF_INET6 && - setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0 ) - Error(fmt("can't set IPV6_V6ONLY, %s", strerror(errno))); - - if ( ::bind(fd, res->ai_addr, res->ai_addrlen) < 0 ) - { - Error(fmt("can't bind to %s:%s, %s", l_addr_str.c_str(), - port_str, strerror(errno))); - - if ( errno == EADDRINUSE ) - { - // Abandon completely this attempt to set up listening sockets, - // try again later. - safe_close(fd); - CloseListenFDs(); - listen_next_try = time(0) + bind_retry_interval; - freeaddrinfo(res0); - return false; - } - - safe_close(fd); - continue; - } - - if ( listen(fd, 50) < 0 ) - { - Error(fmt("can't listen on %s:%s, %s", l_addr_str.c_str(), - port_str, strerror(errno))); - safe_close(fd); - continue; - } - - listen_fds.push_back(fd); - Log(fmt("listening on %s:%s (%s)", l_addr_str.c_str(), port_str, - listen_ssl ? "ssl" : "clear")); - } - - freeaddrinfo(res0); - - listen_next_try = 0; - return listen_fds.size() > 0; - } - -bool SocketComm::AcceptConnection(int fd) - { - union { - sockaddr_storage ss; - sockaddr_in s4; - sockaddr_in6 s6; - } client; - - socklen_t len = sizeof(client.ss); - - int clientfd = accept(fd, (sockaddr*) &client.ss, &len); - if ( clientfd < 0 ) - { - Error(fmt("accept failed, %s %d", strerror(errno), errno)); - return false; - } - - if ( client.ss.ss_family != AF_INET && client.ss.ss_family != AF_INET6 ) - { - Error(fmt("accept fail, unknown address family %d", - client.ss.ss_family)); - safe_close(clientfd); - return false; - } - - Peer* peer = new Peer; - peer->id = id_counter++; - peer->ip = client.ss.ss_family == AF_INET ? - IPAddr(client.s4.sin_addr) : - IPAddr(client.s6.sin6_addr); - - peer->port = client.ss.ss_family == AF_INET ? - ntohs(client.s4.sin_port) : - ntohs(client.s6.sin6_port); - - peer->connected = true; - peer->ssl = listen_ssl; - peer->compressor = false; - - if ( peer->ssl ) - peer->io = new ChunkedIOSSL(clientfd, true); - else - peer->io = new ChunkedIOFd(clientfd, "child->peer"); - - if ( ! peer->io->Init() ) - { - Error(fmt("can't init peer io: %s", peer->io->Error()), false); - delete peer->io; - delete peer; - return false; - } - - peers.append(peer); - - Log(fmt("accepted %s connection", peer->ssl ? "SSL" : "clear"), peer); - - const size_t BUFSIZE = 1024; - char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), - peer->port); - - if ( ! SendToParent(MSG_CONNECTED, peer, data) ) - return false; - - return true; - } - -const char* SocketComm::MakeLogString(const char* msg, Peer* peer) - { - const int BUFSIZE = 1024; - static char* buffer = 0; - - if ( ! buffer ) - buffer = new char[BUFSIZE]; - - int len = 0; - - if ( peer ) - { - string scoped_addr(peer->ip.AsURIString()); - if ( peer->zone_id != "" ) - scoped_addr.append("%").append(peer->zone_id); - - len = snprintf(buffer, BUFSIZE, "[#%d/%s:%d] ", int(peer->id), - scoped_addr.c_str(), peer->port); - } - - len += safe_snprintf(buffer + len, BUFSIZE - len, "%s", msg); - return buffer; - } - -void SocketComm::CloseListenFDs() - { - for ( size_t i = 0; i < listen_fds.size(); ++i ) - safe_close(listen_fds[i]); - - listen_fds.clear(); - } - -void SocketComm::Error(const char* msg, bool kill_me) - { - if ( kill_me ) - { - fprintf(stderr, "fatal error in child: %s\n", msg); - Kill(); - } - else - { - if ( io->Eof() ) - // Can't send to parent, so fall back to stderr. - fprintf(stderr, "error in child: %s", msg); - else - SendToParent(MSG_ERROR, 0, copy_string(msg)); - } - - DEBUG_COMM(fmt("child: %s", msg)); - } - -bool SocketComm::Error(const char* msg, Peer* peer) - { - const char* buffer = MakeLogString(msg, peer); - Error(buffer); - - // If a remote peer causes an error, we shutdown the connection - // as resynchronizing is in general not possible. But we may - // try again later. - if ( peer->connected ) - CloseConnection(peer, true); - - return true; - } - -void SocketComm::Log(const char* msg, Peer* peer) - { - const char* buffer = MakeLogString(msg, peer); - SendToParent(MSG_LOG, 0, copy_string(buffer)); - DEBUG_COMM(fmt("child: %s", buffer)); - } - -void SocketComm::InternalError(const char* msg) - { - fprintf(stderr, "internal error in child: %s\n", msg); - Kill(); - } - -void SocketComm::Kill() - { - if ( killing ) - // Ignore recursive calls. - return; - - killing = true; - - LogProf(); - Log("terminating"); - - CloseListenFDs(); - - if ( kill(getpid(), SIGTERM) < 0 ) - Log(fmt("warning: cannot kill SocketComm pid %d, %s", getpid(), strerror(errno))); - - while ( 1 ) - ; // loop until killed - } - -SocketComm::Peer* SocketComm::LookupPeer(RemoteSerializer::PeerID id, - bool only_if_connected) - { - loop_over_list(peers, i) - if ( peers[i]->id == id ) - return ! only_if_connected || - peers[i]->connected ? peers[i] : 0; - return 0; - } - -bool SocketComm::LogStats() - { - if ( ! peers.length() ) - return true; - - // Concat stats of all peers into single buffer. - char* buffer = new char[peers.length() * 512]; - int pos = 0; - - loop_over_list(peers, i) - { - if ( peers[i]->connected ) - peers[i]->io->Stats(buffer+pos, 512); - else - strcpy(buffer+pos, "not connected"); - pos += strlen(buffer+pos) + 1; - } - - // Send it. - if ( ! SendToParent(MSG_STATS, 0, buffer, pos) ) - return false; - - log_stats = false; - alarm(STATS_INTERVAL); - return true; - } - -bool SocketComm::LogProf() - { - static struct rusage cld_res; - getrusage(RUSAGE_SELF, &cld_res); - - double Utime = cld_res.ru_utime.tv_sec + cld_res.ru_utime.tv_usec / 1e6; - double Stime = cld_res.ru_stime.tv_sec + cld_res.ru_stime.tv_usec / 1e6; - double Rtime = current_time(true); - - SocketComm::Log(fmt("CPU usage: user %.03f sys %.03f real %0.03f", - Utime, Stime, Rtime - first_rtime)); - - return true; - } - -void SocketComm::CheckFinished() - { - assert(terminating); - - loop_over_list(peers, i) - { - if ( ! peers[i]->connected ) - continue; - if ( ! peers[i]->io->IsIdle() ) - return; - } - - LogProf(); - Log("terminating"); - - // All done. - SendToParent(MSG_TERMINATE, 0, 0); - } - -bool SocketComm::SendToParent(char type, Peer* peer, const char* str, int len) - { -#ifdef DEBUG - // str may already by constructed with fmt() - const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp)); - delete [] tmp; -#endif - if ( sendToIO(io, type, peer ? peer->id : RemoteSerializer::PEER_NONE, - str, len) ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SendToParent(char type, Peer* peer, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ",%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - va_start(ap, nargs); - bool ret = sendToIO(io, type, - peer ? peer->id : RemoteSerializer::PEER_NONE, - nargs, ap); - va_end(ap); - - if ( ret ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SocketComm::SendToParent(ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("child: (->parent) chunk of size %d", c->len)); - if ( sendToIO(io, c) ) - return true; - - if ( io->Eof() ) - Error("parent died", true); - - return false; - } - -bool SocketComm::SendToPeer(Peer* peer, char type, const char* str, int len) - { -#ifdef DEBUG - // str may already by constructed with fmt() - const char* tmp = copy_string(str); - DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", msgToStr(type), peer->id, tmp)); - delete [] tmp; -#endif - - if ( ! sendToIO(peer->io, type, RemoteSerializer::PEER_NONE, str, len) ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } - -bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...) - { - va_list ap; - -#ifdef DEBUG - va_start(ap,nargs); - DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", - msgToStr(type), peer->id, fmt_uint32s(nargs, ap))); - va_end(ap); -#endif - - va_start(ap, nargs); - bool ret = sendToIO(peer->io, type, RemoteSerializer::PEER_NONE, - nargs, ap); - va_end(ap); - - if ( ! ret ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } - -bool SocketComm::SendToPeer(Peer* peer, ChunkedIO::Chunk* c) - { - DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%" PRI_SOURCE_ID, c->len, peer->id)); - if ( ! sendToIO(peer->io, c) ) - { - Error(fmt("child: write error %s", io->Error()), peer); - return false; - } - - return true; - } diff --git a/src/RemoteSerializer.h b/src/RemoteSerializer.h deleted file mode 100644 index 0882f9f8ec..0000000000 --- a/src/RemoteSerializer.h +++ /dev/null @@ -1,524 +0,0 @@ -// Communication between two Bro's. - -#ifndef REMOTE_SERIALIZER -#define REMOTE_SERIALIZER - -#include "Dict.h" -#include "List.h" -#include "Serializer.h" -#include "iosource/IOSource.h" -#include "Stats.h" -#include "File.h" -#include "logging/WriterBackend.h" - -#include -#include - -class IncrementalSendTimer; - -namespace threading { - struct Field; - struct Value; -} - -// This class handles the communication done in Bro's main loop. -class RemoteSerializer : public Serializer, public iosource::IOSource { -public: - RemoteSerializer(); - ~RemoteSerializer() override; - - // Initialize the remote serializer (calling this will fork). - void Enable(); - - // FIXME: Use SourceID directly (or rename everything to Peer*). - typedef SourceID PeerID; - static const PeerID PEER_LOCAL = SOURCE_LOCAL; - static const PeerID PEER_NONE = SOURCE_LOCAL; - - // Connect to host (returns PEER_NONE on error). - PeerID Connect(const IPAddr& ip, const string& zone_id, uint16 port, - const char* our_class, double retry, bool use_ssl); - - // Close connection to host. - bool CloseConnection(PeerID peer); - - // Request all events matching pattern from remote side. - bool RequestEvents(PeerID peer, RE_Matcher* pattern); - - // Request synchronization of IDs with remote side. If auth is true, - // we consider our current state to authoritative and send it to - // the peer right after the handshake. - bool RequestSync(PeerID peer, bool auth); - - // Requests logs from the remote side. - bool RequestLogs(PeerID id); - - // Sets flag whether we're accepting state from this peer - // (default: yes). - bool SetAcceptState(PeerID peer, bool accept); - - // Sets compression level (0-9, 0 is defaults and means no compression) - bool SetCompressionLevel(PeerID peer, int level); - - // Signal the other side that we have finished our part of - // the initial handshake. - bool CompleteHandshake(PeerID peer); - - // Start to listen. - bool Listen(const IPAddr& ip, uint16 port, bool expect_ssl, bool ipv6, - const string& zone_id, double retry); - - // Stop it. - bool StopListening(); - - // Broadcast the event/function call. - bool SendCall(SerialInfo* info, const char* name, val_list* vl); - - // Send the event/function call (only if handshake completed). - bool SendCall(SerialInfo* info, PeerID peer, const char* name, val_list* vl); - - // Broadcasts the access (only if handshake completed). - bool SendAccess(SerialInfo* info, const StateAccess& access); - - // Send the access. - bool SendAccess(SerialInfo* info, PeerID pid, const StateAccess& access); - - // Sends ID. - bool SendID(SerialInfo* info, PeerID peer, const ID& id); - - // Sends the internal connection state. - bool SendConnection(SerialInfo* info, PeerID peer, const Connection& c); - - // Send capture filter. - bool SendCaptureFilter(PeerID peer, const char* filter); - - // Send packet. - bool SendPacket(SerialInfo* info, PeerID peer, const Packet& p); - - // Broadcast packet. - bool SendPacket(SerialInfo* info, const Packet& p); - - // Broadcast ping. - bool SendPing(PeerID peer, uint32 seq); - - // Broadcast remote print. - bool SendPrintHookEvent(BroFile* f, const char* txt, size_t len); - - // Send a request to create a writer on a remote side. - bool SendLogCreateWriter(PeerID peer, EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields); - - // Broadcasts a request to create a writer. - bool SendLogCreateWriter(EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields); - - // Broadcast a log entry to everybody interested. - bool SendLogWrite(EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals); - - // Synchronzizes time with all connected peers. Returns number of - // current sync-point, or -1 on error. - uint32 SendSyncPoint(); - void SendFinalSyncPoint(); - - // Registers the ID to be &synchronized. - void Register(ID* id); - void Unregister(ID* id); - - // Stop/restart propagating state updates. - void SuspendStateUpdates() { --propagate_accesses; } - void ResumeStateUpdates() { ++propagate_accesses; } - - // Check for incoming events and queue them. - bool Poll(bool may_block); - - // Returns the corresponding record (already ref'ed). - RecordVal* GetPeerVal(PeerID id); - - // Log some statistics. - void LogStats(); - - // Tries to sent out all remaining data. - // FIXME: Do we still need this? - void Finish(); - - // Overidden from IOSource: - void GetFds(iosource::FD_Set* read, iosource::FD_Set* write, - iosource::FD_Set* except) override; - double NextTimestamp(double* local_network_time) override; - void Process() override; - TimerMgr::Tag* GetCurrentTag() override; - const char* Tag() override { return "RemoteSerializer"; } - - // Gracefully finishes communication by first making sure that all - // remaining data (parent & child) has been sent out. - virtual bool Terminate(); - -#ifdef DEBUG_COMMUNICATION - // Dump data recently read/written into files. - void DumpDebugData(); - - // Read dump file and interpret as message block. - void ReadDumpAsMessageType(const char* file); - - // Read dump file and interpret as serialization. - void ReadDumpAsSerialization(const char* file); -#endif - - enum LogLevel { LogInfo = 1, LogError = 2, }; - static void Log(LogLevel level, const char* msg); - -protected: - friend class IncrementalSendTimer; - - // Maximum size of serialization caches. - static const unsigned int MAX_CACHE_SIZE = 3000; - - // When syncing traces in pseudo-realtime mode, we wait this many - // seconds after the final sync-point to make sure that all - // remaining I/O gets propagated. - static const unsigned int FINAL_SYNC_POINT_DELAY = 5; - - declare(PList, EventHandler); - typedef PList(EventHandler) handler_list; - - struct Peer { - PeerID id; // Unique ID (non-zero) per peer. - - IPAddr ip; - - uint16 port; - handler_list handlers; - RecordVal* val; // Record of type event_source. - SerializationCache* cache_in; // One cache for each direction. - SerializationCache* cache_out; - - // TCP-level state of the connection to the peer. - // State of the connection to the peer. - enum { INIT, PENDING, CONNECTED, CLOSING, CLOSED } state; - - // Current protocol phase of the connection (see RemoteSerializer.cc) - enum { UNKNOWN, SETUP, HANDSHAKE, SYNC, RUNNING } phase; - - // Capabilities. - static const int COMPRESSION = 1; - static const int NO_CACHING = 2; - static const int PID_64BIT = 4; - static const int NEW_CACHE_STRATEGY = 8; - static const int BROCCOLI_PEER = 16; - - // Constants to remember to who did something. - static const int NONE = 0; - static const int WE = 1; - static const int PEER = 2; - static const int BOTH = WE | PEER; - - static const int AUTH_WE = 4; - static const int AUTH_PEER = 8; - - int sent_version; // Who has sent the VERSION. - int handshake_done; // Who finished its handshake phase. - int sync_requested; // Who requested sync'ed state. - - bool orig; // True if we connected to the peer. - bool accept_state; // True if we accept state from peer. - bool send_state; // True if we're supposed to initially sent our state. - int comp_level; // Compression level. - bool logs_requested; // True if the peer has requested logs. - - // True if this peer triggered a net_suspend_processing(). - bool suspended_processing; - - uint32 caps; // Capabilities announced by peer. - int runtime; // Runtime we got from the peer. - int our_runtime; // Our runtime as we told it to this peer. - string peer_class; // Class from peer ("" = no class). - string our_class; // Class we send the peer. - uint32 sync_point; // Highest sync-point received so far - char* print_buffer; // Buffer for remote print or null. - int print_buffer_used; // Number of bytes used in buffer. - char* log_buffer; // Buffer for remote log or null. - int log_buffer_used; // Number of bytes used in buffer. - }; - - // Shuts down remote serializer. - void FatalError(const char* msg); - - enum LogSrc { LogChild = 1, LogParent = 2, LogScript = 3, }; - - static void Log(LogLevel level, const char* msg, Peer* peer, LogSrc src = LogParent); - - void ReportError(const char* msg) override; - - void GotEvent(const char* name, double time, - EventHandlerPtr event, val_list* args) override; - void GotFunctionCall(const char* name, double time, - Func* func, val_list* args) override; - void GotID(ID* id, Val* val) override; - void GotStateAccess(StateAccess* s) override; - void GotTimer(Timer* t) override; - void GotConnection(Connection* c) override; - void GotPacket(Packet* packet) override; - - void Fork(); - - bool DoMessage(); - bool ProcessConnected(); - bool ProcessSerialization(); - bool ProcessRequestEventsMsg(); - bool ProcessRequestSyncMsg(); - bool ProcessVersionMsg(); - bool ProcessLogMsg(bool is_error); - bool ProcessStatsMsg(); - bool ProcessCaptureFilterMsg(); - bool ProcessPhaseDone(); - bool ProcessPingMsg(); - bool ProcessPongMsg(); - bool ProcessCapsMsg(); - bool ProcessSyncPointMsg(); - bool ProcessRemotePrint(); - bool ProcessLogCreateWriter(); - bool ProcessLogWrite(); - bool ProcessRequestLogs(); - - Peer* AddPeer(const IPAddr& ip, uint16 port, PeerID id = PEER_NONE); - Peer* LookupPeer(PeerID id, bool only_if_connected); - void RemovePeer(Peer* peer); - bool IsConnectedPeer(PeerID id); - void PeerDisconnected(Peer* peer); - void PeerConnected(Peer* peer); - RecordVal* MakePeerVal(Peer* peer); - bool HandshakeDone(Peer* peer); - bool IsActive(); - void SetupSerialInfo(SerialInfo* info, Peer* peer); - bool CheckSyncPoints(); - void SendSyncPoint(uint32 syncpoint); - bool PropagateAccesses() - { - return ignore_accesses ? - propagate_accesses > 1 : propagate_accesses > 0; - } - - bool CloseConnection(Peer* peer); - - bool SendAllSynchronized(Peer* peer, SerialInfo* info); - bool SendCall(SerialInfo* info, Peer* peer, const char* name, val_list* vl); - bool SendAccess(SerialInfo* info, Peer* peer, const StateAccess& access); - bool SendID(SerialInfo* info, Peer* peer, const ID& id); - bool SendCapabilities(Peer* peer); - bool SendPacket(SerialInfo* info, Peer* peer, const Packet& p); - bool SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals); - - void UnregisterHandlers(Peer* peer); - void RaiseEvent(EventHandlerPtr event, Peer* peer, const char* arg = 0); - bool EnterPhaseRunning(Peer* peer); - bool FlushPrintBuffer(Peer* p); - bool FlushLogBuffer(Peer* p); - - void ChildDied(); - void InternalCommError(const char* msg); - - // Communication helpers - bool SendCMsgToChild(char msg_type, Peer* peer); - bool SendToChild(char type, Peer* peer, char* str, int len = -1, - bool delete_with_free = false); - bool SendToChild(char type, Peer* peer, int nargs, ...); // can send uints32 only - bool SendToChild(ChunkedIO::Chunk* c); - - void SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose); - -private: - enum { TYPE, ARGS } msgstate; // current state of reading comm. - Peer* current_peer; - PeerID current_id; - char current_msgtype; - ChunkedIO::Chunk* current_args; - double last_flush; - - id_list sync_ids; - - // FIXME: Check which of these are necessary... - bool initialized; - bool listening; - int propagate_accesses; - bool ignore_accesses; - bool terminating; - int received_logs; - Peer* source_peer; - PeerID id_counter; // Keeps track of assigned IDs. - uint32 current_sync_point; - bool syncing_times; - - declare(PList, Peer); - typedef PList(Peer) peer_list; - peer_list peers; - - Peer* in_sync; // Peer we're currently syncing state with. - peer_list sync_pending; // List of peers waiting to sync state. - - // Event buffer - struct BufferedEvent { - time_t time; - PeerID src; - EventHandlerPtr handler; - val_list* args; - }; - - declare(PList, BufferedEvent); - typedef PList(BufferedEvent) EventQueue; - EventQueue events; - - // Packet buffer - struct BufferedPacket { - time_t time; - Packet* p; - }; - - declare(PList, BufferedPacket); - typedef PList(BufferedPacket) PacketQueue; - PacketQueue packets; - - // Some stats - struct Statistics { - struct Pair { - Pair() : in(0), out(0) {} - unsigned long in; - unsigned long out; - }; - - Pair events; // actually events and function calls - Pair accesses; - Pair conns; - Pair packets; - Pair ids; - } stats; - -}; - -// This class handles the communication done in the forked child. -class SocketComm { -public: - SocketComm(); - ~SocketComm(); - - void SetParentIO(ChunkedIO* arg_io) { io = arg_io; } - - void Run(); // does not return - - // Log some statistics (via pipe to parent). - bool LogStats(); - - // Log CPU usage (again via pipe to parent). - bool LogProf(); - -protected: - struct Peer { - Peer() - { - id = 0; - io = 0; - port = 0; - state = 0; - connected = false; - ssl = false; - retry = 0; - next_try = 0; - compressor = false; - } - - RemoteSerializer::PeerID id; - ChunkedIO* io; - IPAddr ip; - string zone_id; - uint16 port; - char state; - bool connected; - bool ssl; - // If we get disconnected, reconnect after this many seconds. - int retry; - // Time of next connection attempt (0 if none). - time_t next_try; - // True if io is a CompressedChunkedIO. - bool compressor; - }; - - bool Listen(); - bool AcceptConnection(int listen_fd); - bool Connect(Peer* peer); - bool CloseConnection(Peer* peer, bool reconnect); - - Peer* LookupPeer(RemoteSerializer::PeerID id, bool only_if_connected); - - bool ProcessRemoteMessage(Peer* peer); - bool ProcessParentMessage(); - bool DoParentMessage(); - - bool ProcessListen(); - bool ProcessConnectTo(); - bool ProcessCompress(); - - void Log(const char* msg, Peer* peer = 0); - - // The connection to the peer will be closed. - bool Error(const char* msg, Peer* peer); - - // If kill is true, this is a fatal error and we kill ourselves. - void Error(const char* msg, bool kill = false); - - // Kill the current process. - void Kill(); - - // Check whether everything has been sent out. - void CheckFinished(); - - // Reports the error and terminates the process. - void InternalError(const char* msg); - - // Communication helpers. - bool SendToParent(char type, Peer* peer, const char* str, int len = -1); - bool SendToParent(char type, Peer* peer, int nargs, ...); // can send uints32 only - bool SendToParent(ChunkedIO::Chunk* c); - bool SendToPeer(Peer* peer, char type, const char* str, int len = -1); - bool SendToPeer(Peer* peer, char type, int nargs, ...); // can send uints32 only - bool SendToPeer(Peer* peer, ChunkedIO::Chunk* c); - bool ProcessParentCompress(); - bool ProcessPeerCompress(Peer* peer); - bool ForwardChunkToParent(Peer* p, ChunkedIO::Chunk* c); - bool ForwardChunkToPeer(); - const char* MakeLogString(const char* msg, Peer *peer); - - // Closes all file descriptors associated with listening sockets. - void CloseListenFDs(); - - // Peers we are communicating with: - declare(PList, Peer); - typedef PList(Peer) peer_list; - - RemoteSerializer::PeerID id_counter; - peer_list peers; - - ChunkedIO* io; // I/O to parent - - // Current state of reading from parent. - enum { TYPE, ARGS } parent_msgstate; - Peer* parent_peer; - RemoteSerializer::PeerID parent_id; - char parent_msgtype; - ChunkedIO::Chunk* parent_args; - - vector listen_fds; - - // If the port we're trying to bind to is already in use, we will retry - // it regularly. - string listen_if; - string listen_zone_id; // RFC 4007 IPv6 zone_id - uint16 listen_port; - bool listen_ssl; // use SSL for IO - bool enable_ipv6; // allow IPv6 listen sockets - uint32 bind_retry_interval; // retry interval for already-in-use sockets - time_t listen_next_try; // time at which to try another bind - bool shutting_conns_down; - bool terminating; - bool killing; -}; - -extern RemoteSerializer* remote_serializer; - -#endif diff --git a/src/SerialInfo.h b/src/SerialInfo.h index de2d9eeb61..616fa011b6 100644 --- a/src/SerialInfo.h +++ b/src/SerialInfo.h @@ -3,6 +3,8 @@ #ifndef serialinfo_h #define serialinfo_h +#include "ChunkedIO.h" + class SerialInfo { public: SerialInfo(Serializer* arg_s) diff --git a/src/Serializer.cc b/src/Serializer.cc index 5a75184fac..28dc6bbd01 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -18,7 +18,6 @@ #include "NetVar.h" #include "Conn.h" #include "Timer.h" -#include "RemoteSerializer.h" #include "iosource/Manager.h" Serializer::Serializer(SerializationFormat* arg_format) diff --git a/src/Sessions.h b/src/Sessions.h index b237428d25..880182c7cd 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -180,7 +180,6 @@ public: analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states protected: - friend class RemoteSerializer; friend class ConnCompressor; friend class TimerMgrExpireTimer; friend class IPTunnelTimer; diff --git a/src/StateAccess.cc b/src/StateAccess.cc index 958e67f5a7..134cca5db5 100644 --- a/src/StateAccess.cc +++ b/src/StateAccess.cc @@ -4,7 +4,6 @@ #include "Event.h" #include "NetVar.h" #include "DebugLogger.h" -#include "RemoteSerializer.h" int StateAccess::replaying = 0; @@ -134,100 +133,6 @@ void StateAccess::RefThem() Ref(op3); } -bool StateAccess::CheckOld(const char* op, ID* id, Val* index, - Val* should, Val* is) - { - if ( ! remote_check_sync_consistency ) - return true; - - if ( ! should && ! is ) - return true; - - // 'should == index' means that 'is' should be non-nil. - if ( should == index && is ) - return true; - - if ( should && is ) - { - // There's no general comparison for non-atomic vals currently. - if ( ! (is_atomic_val(is) && is_atomic_val(should)) ) - return true; - - if ( same_atomic_val(should, is) ) - return true; - } - - Val* arg1; - Val* arg2; - Val* arg3; - - if ( index ) - { - ODesc d; - d.SetShort(); - index->Describe(&d); - arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description())); - } - else - arg1 = new StringVal(id->Name()); - - if ( should ) - { - ODesc d; - d.SetShort(); - should->Describe(&d); - arg2 = new StringVal(d.Description()); - } - else - arg2 = new StringVal(""); - - if ( is ) - { - ODesc d; - d.SetShort(); - is->Describe(&d); - arg3 = new StringVal(d.Description()); - } - else - arg3 = new StringVal(""); - - mgr.QueueEvent(remote_state_inconsistency, { - new StringVal(op), - arg1, - arg2, - arg3, - }); - - return false; - } - -bool StateAccess::CheckOldSet(const char* op, ID* id, Val* index, - bool should, bool is) - { - if ( ! remote_check_sync_consistency ) - return true; - - if ( should == is ) - return true; - - ODesc d; - d.SetShort(); - index->Describe(&d); - - Val* arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description())); - Val* arg2 = new StringVal(should ? "set" : "not set"); - Val* arg3 = new StringVal(is ? "set" : "not set"); - - mgr.QueueEvent(remote_state_inconsistency, { - new StringVal(op), - arg1, - arg2, - arg3, - }); - - return false; - } - bool StateAccess::MergeTables(TableVal* dst, Val* src) { if ( src->Type()->Tag() != TYPE_TABLE ) @@ -286,7 +191,6 @@ void StateAccess::Replay() assert(op1.val); // There mustn't be a direct assignment to a unique ID. assert(target.id->Name()[0] != '#'); - CheckOld("assign", target.id, 0, op2, v); if ( t == TYPE_TABLE && v && v->AsTableVal()->FindAttr(ATTR_MERGEABLE) ) @@ -328,9 +232,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsTableVal()->Lookup(op1.val)); - v->AsTableVal()->Assign(op1.val, op2 ? op2->Ref() : 0); } @@ -352,8 +253,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsRecordVal()->Lookup(idx)); v->AsRecordVal()->Assign(idx, op2 ? op2->Ref() : 0); } else @@ -376,8 +275,6 @@ void StateAccess::Replay() break; } - CheckOld("index assign", target.id, op1.val, op3, - v->AsVectorVal()->Lookup(index)); v->AsVectorVal()->Assign(index, op2 ? op2->Ref() : 0); } @@ -441,8 +338,6 @@ void StateAccess::Replay() assert(op1.val); if ( t == TYPE_TABLE ) { - CheckOldSet("add", target.id, op1.val, op2 != 0, - v->AsTableVal()->Lookup(op1.val) != 0); v->AsTableVal()->Assign(op1.val, 0); } break; @@ -451,13 +346,6 @@ void StateAccess::Replay() assert(op1.val); if ( t == TYPE_TABLE ) { - if ( v->Type()->AsTableType()->IsSet() ) - CheckOldSet("delete", target.id, op1.val, op2 != 0, - v->AsTableVal()->Lookup(op1.val) != 0); - else - CheckOld("delete", target.id, op1.val, op2, - v->AsTableVal()->Lookup(op1.val)); - Unref(v->AsTableVal()->Delete(op1.val)); } break; @@ -476,14 +364,8 @@ void StateAccess::Replay() // are performed in the expire_func. StateAccess::ResumeReplay(); - if ( remote_serializer ) - remote_serializer->ResumeStateUpdates(); - tv->CallExpireFunc(op1.val->Ref()); - if ( remote_serializer ) - remote_serializer->SuspendStateUpdates(); - StateAccess::SuspendReplay(); Unref(tv->AsTableVal()->Delete(op1.val)); @@ -506,20 +388,7 @@ void StateAccess::Replay() // Update the timestamp if we have a read_expire. if ( tv->FindAttr(ATTR_EXPIRE_READ) ) { - if ( ! tv->UpdateTimestamp(op1.val) && - remote_check_sync_consistency ) - { - ODesc d; - d.SetShort(); - op1.val->Describe(&d); - - mgr.QueueEvent(remote_state_inconsistency, { - new StringVal("read"), - new StringVal(fmt("%s[%s]", target.id->Name(), d.Description())), - new StringVal("existent"), - new StringVal("not existent"), - }); - } + tv->UpdateTimestamp(op1.val); } } else @@ -532,14 +401,6 @@ void StateAccess::Replay() } --replaying; - - if ( remote_state_access_performed ) - { - mgr.QueueEventFast(remote_state_access_performed, { - new StringVal(target.id->Name()), - target.id->ID_Val()->Ref(), - }); - } } ID* StateAccess::Target() const @@ -596,50 +457,41 @@ bool StateAccess::DoSerialize(SerialInfo* info) const const Val* null = 0; - if ( remote_check_sync_consistency ) - { + switch ( opcode ) { + case OP_PRINT: + case OP_EXPIRE: + case OP_READ_IDX: + // No old. + SERIALIZE_OPTIONAL(null); + SERIALIZE_OPTIONAL(null); + break; + + case OP_INCR: + case OP_INCR_IDX: + // Always need old. SERIALIZE_OPTIONAL(op2); SERIALIZE_OPTIONAL(op3); - } + break; - else - { - switch ( opcode ) { - case OP_PRINT: - case OP_EXPIRE: - case OP_READ_IDX: - // No old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; + case OP_ASSIGN: + case OP_ADD: + case OP_DEL: + // Op2 is old. + SERIALIZE_OPTIONAL(null); + SERIALIZE_OPTIONAL(null); + break; - case OP_INCR: - case OP_INCR_IDX: - // Always need old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(op3); - break; + case OP_ASSIGN_IDX: + // Op3 is old. + SERIALIZE_OPTIONAL(op2); + SERIALIZE_OPTIONAL(null); + break; - case OP_ASSIGN: - case OP_ADD: - case OP_DEL: - // Op2 is old. - SERIALIZE_OPTIONAL(null); - SERIALIZE_OPTIONAL(null); - break; + default: + reporter->InternalError("StateAccess::DoSerialize: unknown opcode"); + } - case OP_ASSIGN_IDX: - // Op3 is old. - SERIALIZE_OPTIONAL(op2); - SERIALIZE_OPTIONAL(null); - break; - - default: - reporter->InternalError("StateAccess::DoSerialize: unknown opcode"); - } - } - - return true; + return true; } bool StateAccess::DoUnserialize(UnserialInfo* info) diff --git a/src/StateAccess.h b/src/StateAccess.h index 1e84430956..8530ec1d91 100644 --- a/src/StateAccess.h +++ b/src/StateAccess.h @@ -74,8 +74,6 @@ private: StateAccess() { target.id = 0; op1.val = op2 = op3 = 0; } void RefThem(); - bool CheckOld(const char* op, ID* id, Val* index, Val* should, Val* is); - bool CheckOldSet(const char* op, ID* id, Val* index, bool should, bool is); bool MergeTables(TableVal* dst, Val* src); DECLARE_SERIAL(StateAccess); diff --git a/src/Stmt.cc b/src/Stmt.cc index 6dba9eb251..5bf7c47d75 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -14,7 +14,6 @@ #include "Debug.h" #include "Traverse.h" #include "Trigger.h" -#include "RemoteSerializer.h" const char* stmt_name(BroStmtTag t) { @@ -301,9 +300,6 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const {new Val(f), new StringVal(d.Len(), d.Description())}), true); } - - if ( remote_serializer ) - remote_serializer->SendPrintHookEvent(f, d.Description(), d.Len()); } return 0; diff --git a/src/Timer.cc b/src/Timer.cc index 154fde4188..519ceaae1e 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -20,7 +20,6 @@ const char* TimerNames[] = { "FileAnalysisInactivityTimer", "FlowWeirdTimer", "FragTimer", - "IncrementalSendTimer", "InterconnTimer", "IPTunnelInactivityTimer", "NetbiosExpireTimer", diff --git a/src/Timer.h b/src/Timer.h index 2f32d23e3e..2ce9f56e0b 100644 --- a/src/Timer.h +++ b/src/Timer.h @@ -25,7 +25,6 @@ enum TimerType { TIMER_FILE_ANALYSIS_INACTIVITY, TIMER_FLOW_WEIRD_EXPIRE, TIMER_FRAG, - TIMER_INCREMENTAL_SEND, TIMER_INTERCONN, TIMER_IP_TUNNEL_INACTIVITY, TIMER_NB_EXPIRE, diff --git a/src/Val.cc b/src/Val.cc index 9bc53665fc..07ae251fc2 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -21,7 +21,6 @@ #include "NetVar.h" #include "Expr.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "PrefixTable.h" #include "Conn.h" #include "Reporter.h" @@ -1562,18 +1561,9 @@ int TableVal::Assign(Val* index, HashKey* k, Val* new_val, Opcode op) else { // A set. - if ( old_entry_val && remote_check_sync_consistency ) - { - Val* has_old_val = val_mgr->GetInt(1); - StateAccess::Log( - new StateAccess(OP_ADD, this, index, - has_old_val)); - Unref(has_old_val); - } - else - StateAccess::Log( - new StateAccess(OP_ADD, this, - index, 0, 0)); + StateAccess::Log( + new StateAccess(OP_ADD, this, + index, 0, 0)); } if ( rec_index ) @@ -2057,20 +2047,12 @@ Val* TableVal::Delete(const Val* index) { if ( v ) { - if ( v->Value() && remote_check_sync_consistency ) - // A table. - StateAccess::Log( - new StateAccess(OP_DEL, this, - index, v->Value())); - else - { - // A set. - Val* has_old_val = val_mgr->GetInt(1); - StateAccess::Log( - new StateAccess(OP_DEL, this, index, - has_old_val)); - Unref(has_old_val); - } + // A set. + Val* has_old_val = val_mgr->GetInt(1); + StateAccess::Log( + new StateAccess(OP_DEL, this, index, + has_old_val)); + Unref(has_old_val); } else StateAccess::Log( diff --git a/src/Var.cc b/src/Var.cc index 98651bf900..3dd3d2702b 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -7,7 +7,6 @@ #include "Stmt.h" #include "Scope.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "EventRegistry.h" #include "Traverse.h" diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 3a4654295d..fcd8237c55 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -1,5 +1,6 @@ #include +#include "File.h" #include "analyzer/Analyzer.h" #include "TCP_Reassembler.h" #include "analyzer/protocol/tcp/TCP.h" diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 4aa218991e..c74c7ef9b5 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -1,5 +1,6 @@ %%{ +#include "File.h" #include "analyzer/protocol/tcp/TCP.h" %%} diff --git a/src/bro.bif b/src/bro.bif index d6a4fe3bc9..a4afb44577 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -4527,7 +4527,7 @@ function get_file_name%(f: file%): string ## after the rotation, and the time when *f* was opened/closed. ## ## .. zeek:see:: rotate_file_by_name calc_next_rotate -function rotate_file%(f: file%): rotate_info +function rotate_file%(f: file%): rotate_info &deprecated %{ RecordVal* info = f->Rotate(); if ( info ) @@ -4551,7 +4551,7 @@ function rotate_file%(f: file%): rotate_info ## after the rotation, and the time when *f* was opened/closed. ## ## .. zeek:see:: rotate_file calc_next_rotate -function rotate_file_by_name%(f: string%): rotate_info +function rotate_file_by_name%(f: string%): rotate_info &deprecated %{ RecordVal* info = new RecordVal(rotate_info); @@ -4605,7 +4605,7 @@ function rotate_file_by_name%(f: string%): rotate_info ## Returns: The duration until the next file rotation time. ## ## .. zeek:see:: rotate_file rotate_file_by_name -function calc_next_rotate%(i: interval%) : interval +function calc_next_rotate%(i: interval%) : interval &deprecated %{ const char* base_time = log_rotate_base_time ? log_rotate_base_time->AsString()->CheckString() : 0; diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 754a51390b..849bad5d9b 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -1,4 +1,5 @@ #include "Data.h" +#include "File.h" #include "broker/data.bif.h" #include #include diff --git a/src/broker/Manager.h b/src/broker/Manager.h index a0520698da..6c1040f989 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -13,6 +13,7 @@ #include "Reporter.h" #include "iosource/IOSource.h" #include "Val.h" +#include "logging/WriterBackend.h" namespace bro_broker { diff --git a/src/event.bif b/src/event.bif index 3505c686a5..fd432feb84 100644 --- a/src/event.bif +++ b/src/event.bif @@ -600,201 +600,6 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%); ## generate_OS_version_event event OS_version_found%(c: connection, host: addr, OS: OS_version%); -## Generated when a connection to a remote Bro has been established. This event -## is intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_connection_established%(p: event_peer%); - -## Generated when a connection to a remote Bro has been closed. This event is -## intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_connection_closed%(p: event_peer%); - -## Generated when a remote connection's initial handshake has been completed. -## This event is intended primarily for use by Bro's communication framework, -## but it can also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_connection_handshake_done%(p: event_peer%); - -## Generated for each event registered by a remote peer. This event is intended -## primarily for use by Bro's communication framework, but it can also trigger -## additional code if helpful. -## -## p: A record describing the peer. -## -## name: TODO. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event remote_event_registered%(p: event_peer, name: string%); - -## Generated when a connection to a remote Bro encountered an error. This event -## is intended primarily for use by Bro's communication framework, but it can -## also trigger additional code if helpful. -## -## p: A record describing the peer. -## -## reason: A textual description of the error. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_connection_error%(p: event_peer, reason: string%); - -## Generated when a remote peer sent us a capture filter. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## p: A record describing the peer. -## -## filter: The filter string sent by the peer. -## -## .. zeek:see:: remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_capture_filter%(p: event_peer, filter: string%); - -## Generated after a call to :zeek:id:`send_state` when all data has been -## successfully sent to the remote side. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## p: A record describing the remote peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed remote_state_inconsistency print_hook -event finished_send_state%(p: event_peer%); - -## Generated if state synchronization detects an inconsistency. While this -## event is intended primarily for use by Bro's communication framework, it can -## also trigger additional code if helpful. This event is only raised if -## :zeek:id:`remote_check_sync_consistency` is false. -## -## operation: The textual description of the state operation performed. -## -## id: The name of the Bro script identifier that was operated on. -## -## expected_old: A textual representation of the value of *id* that was -## expected to be found before the operation was carried out. -## -## real_old: A textual representation of the value of *id* that was actually -## found before the operation was carried out. The difference between -## *real_old* and *expected_old* is the inconsistency being reported. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed -## remote_connection_error remote_connection_established -## remote_connection_handshake_done remote_event_registered remote_log remote_pong -## remote_state_access_performed print_hook remote_check_sync_consistency -event remote_state_inconsistency%(operation: string, id: string, - expected_old: string, real_old: string%); - -## Generated for communication log messages. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. -## -## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or -## :zeek:id:`REMOTE_LOG_ERROR`. -## -## src: The component of the communication system that logged the message. -## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). -## -## msg: The message logged. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook remote_log_peer -event remote_log%(level: count, src: count, msg: string%); - -## Generated for communication log messages. While this event is -## intended primarily for use by Bro's communication framework, it can also -## trigger additional code if helpful. This event is equivalent to -## :zeek:see:`remote_log` except the message is with respect to a certain peer. -## -## p: A record describing the remote peer. -## -## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or -## :zeek:id:`REMOTE_LOG_ERROR`. -## -## src: The component of the communication system that logged the message. -## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). -## -## msg: The message logged. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_pong remote_state_access_performed -## remote_state_inconsistency print_hook remote_log -event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%); - -## Generated when a remote peer has answered to our ping. This event is part of -## Bro's infrastructure for measuring communication latency. One can send a ping -## by calling :zeek:id:`send_ping` and when a corresponding reply is received, -## this event will be raised. -## -## p: The peer sending us the pong. -## -## seq: The sequence number passed to the original :zeek:id:`send_ping` call. -## The number is sent back by the peer in its response. -## -## d1: The time interval between sending the ping and receiving the pong. This -## is the latency of the complete path. -## -## d2: The time interval between sending out the ping to the network and its -## reception at the peer. This is the network latency. -## -## d3: The time interval between when the peer's child process received the -## ping and when its parent process sent the pong. This is the -## processing latency at the peer. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_state_access_performed -## remote_state_inconsistency print_hook -event remote_pong%(p: event_peer, seq: count, - d1: interval, d2: interval, d3: interval%); - -## Generated each time a remote state access has been replayed locally. This -## event is primarily intended for debugging. -## -## id: The name of the Bro script variable that's being operated on. -## -## v: The new value of the variable. -## -## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error -## remote_connection_established remote_connection_handshake_done -## remote_event_registered remote_log remote_pong remote_state_inconsistency -## print_hook -event remote_state_access_performed%(id: string, v: any%); - ## Generated each time Bro's internal profiling log is updated. The file is ## defined by :zeek:id:`profiling_file`, and its update frequency by ## :zeek:id:`profiling_interval` and :zeek:id:`expensive_profiling_multiple`. diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index e7aca5bcf3..8761c8493c 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -1,6 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. #include +#include #include "Extract.h" #include "util.h" diff --git a/src/input/Manager.h b/src/input/Manager.h index abbf8793b5..6b48f69ee4 100644 --- a/src/input/Manager.h +++ b/src/input/Manager.h @@ -7,7 +7,6 @@ #include "BroString.h" #include "EventHandler.h" -#include "RemoteSerializer.h" #include "Val.h" #include "Component.h" diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index 3bb6e34e50..54d1cc6f27 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -2,6 +2,8 @@ #include "Packet.h" #include "Sessions.h" #include "iosource/Manager.h" +#include "SerialInfo.h" +#include "Serializer.h" extern "C" { #ifdef HAVE_NET_ETHERNET_H diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index 343801ab7d..5f7d180cde 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -160,21 +160,6 @@ double PktSrc::CheckPseudoTime() if ( ! ExtractNextPacketInternal() ) return 0; - if ( remote_trace_sync_interval ) - { - if ( next_sync_point == 0 || current_packet.time >= next_sync_point ) - { - int n = remote_serializer->SendSyncPoint(); - next_sync_point = first_timestamp + - n * remote_trace_sync_interval; - remote_serializer->Log(RemoteSerializer::LogInfo, - fmt("stopping at packet %.6f, next sync-point at %.6f", - current_packet.time, next_sync_point)); - - return 0; - } - } - double pseudo_time = current_packet.time - first_timestamp; double ct = (current_time(true) - first_wallclock) * pseudo_realtime; @@ -308,15 +293,6 @@ bool PktSrc::ExtractNextPacketInternal() if ( pseudo_realtime && ! IsOpen() ) { - if ( using_communication ) - { - // Source has gone dry, we're done. - if ( remote_trace_sync_interval ) - remote_serializer->SendFinalSyncPoint(); - else - remote_serializer->Terminate(); - } - if ( broker_mgr->Active() ) iosource_mgr->Terminate(); } diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 39496671a2..0fe75b91db 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -2,11 +2,12 @@ #include -#include "../Event.h" -#include "../EventHandler.h" -#include "../NetVar.h" -#include "../Net.h" -#include "../Type.h" +#include "Event.h" +#include "EventHandler.h" +#include "NetVar.h" +#include "Net.h" +#include "Type.h" +#include "File.h" #include "broker/Manager.h" #include "threading/Manager.h" @@ -16,8 +17,8 @@ #include "WriterFrontend.h" #include "WriterBackend.h" #include "logging.bif.h" -#include "../plugin/Plugin.h" -#include "../plugin/Manager.h" +#include "plugin/Plugin.h" +#include "plugin/Manager.h" using namespace logging; @@ -1300,32 +1301,6 @@ bool Manager::WriteFromRemote(EnumVal* id, EnumVal* writer, string path, int num return true; } -void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer) - { - auto et = internal_type("Log::Writer")->AsEnumType(); - - for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) - { - Stream* stream = (*s); - - if ( ! (stream && stream->enable_remote) ) - continue; - - for ( Stream::WriterMap::iterator i = stream->writers.begin(); - i != stream->writers.end(); i++ ) - { - WriterFrontend* writer = i->second->writer; - auto writer_val = et->GetVal(i->first.first); - remote_serializer->SendLogCreateWriter(peer, (*s)->id, - writer_val, - *i->second->info, - writer->NumFields(), - writer->Fields()); - Unref(writer_val); - } - } - } - void Manager::SendAllWritersTo(const broker::endpoint_info& ei) { auto et = internal_type("Log::Writer")->AsEnumType(); diff --git a/src/logging/Manager.h b/src/logging/Manager.h index d04def7938..96ff2ea0c9 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -10,14 +10,12 @@ #include "../Val.h" #include "../Tag.h" #include "../EventHandler.h" -#include "../RemoteSerializer.h" #include "../plugin/ComponentManager.h" #include "Component.h" #include "WriterBackend.h" class SerializationFormat; -class RemoteSerializer; class RotationTimer; namespace logging { @@ -234,7 +232,6 @@ protected: friend class WriterFrontend; friend class RotationFinishedMessage; friend class RotationFailedMessage; - friend class ::RemoteSerializer; friend class ::RotationTimer; // Instantiates a new WriterBackend of the given type (note that @@ -248,9 +245,6 @@ protected: int num_fields, const threading::Field* const* fields, bool local, bool remote, bool from_remote, const string& instantiating_filter=""); - // Announces all instantiated writers to peer. - void SendAllWritersTo(RemoteSerializer::PeerID peer); - // Signals that a file has been rotated. bool FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name, double open, double close, bool success, bool terminating); diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 4416e41d17..7bede8f6e6 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -4,6 +4,7 @@ #include "util.h" #include "threading/SerialTypes.h" +#include "SerializationFormat.h" #include "Manager.h" #include "WriterBackend.h" diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 74541d8586..187a1957d7 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -9,8 +9,6 @@ #include "Component.h" -class RemoteSerializer; - namespace broker { class data; } namespace logging { diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 56bbf68161..fdc4a7a97b 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -169,12 +169,6 @@ void WriterFrontend::Init(int arg_num_fields, const Field* const * arg_fields) if ( remote ) { - remote_serializer->SendLogCreateWriter(stream, - writer, - *info, - arg_num_fields, - arg_fields); - broker_mgr->PublishLogCreate(stream, writer, *info, @@ -201,12 +195,6 @@ void WriterFrontend::Write(int arg_num_fields, Value** vals) if ( remote ) { - remote_serializer->SendLogWrite(stream, - writer, - info->path, - num_fields, - vals); - broker_mgr->PublishLogWrite(stream, writer, info->path, diff --git a/src/main.cc b/src/main.cc index ce9e49ea7a..450e242b3c 100644 --- a/src/main.cc +++ b/src/main.cc @@ -39,7 +39,6 @@ extern "C" { #include "RuleMatcher.h" #include "Anon.h" #include "Serializer.h" -#include "RemoteSerializer.h" #include "EventRegistry.h" #include "Stats.h" #include "Brofiler.h" @@ -102,7 +101,6 @@ EventHandlerPtr net_done = 0; RuleMatcher* rule_matcher = 0; FileSerializer* event_serializer = 0; FileSerializer* state_serializer = 0; -RemoteSerializer* remote_serializer = 0; EventPlayer* event_player = 0; EventRegistry* event_registry = 0; ProfileLogger* profiling_logger = 0; @@ -272,10 +270,6 @@ void done_with_network() { set_processing_status("TERMINATING", "done_with_network"); - // Release the port, which is important for checkpointing Bro. - if ( remote_serializer ) - remote_serializer->StopListening(); - // Cancel any pending alarms (watchdog, in particular). (void) alarm(0); @@ -299,9 +293,6 @@ void done_with_network() mgr.Drain(); mgr.Drain(); - if ( remote_serializer ) - remote_serializer->Finish(); - net_finish(1); #ifdef USE_PERFTOOLS_DEBUG @@ -349,9 +340,6 @@ void terminate_bro() delete profiling_logger; } - if ( remote_serializer ) - remote_serializer->LogStats(); - mgr.Drain(); log_mgr->Terminate(); @@ -782,7 +770,6 @@ int main(int argc, char** argv) dns_mgr->SetDir(".state"); iosource_mgr = new iosource::Manager(); - remote_serializer = new RemoteSerializer(); event_registry = new EventRegistry(); analyzer_mgr = new analyzer::Manager(); log_mgr = new logging::Manager(); diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc index 8468d19ea8..dcc35f793c 100644 --- a/src/threading/SerialTypes.cc +++ b/src/threading/SerialTypes.cc @@ -2,8 +2,8 @@ #include "SerialTypes.h" -#include "../RemoteSerializer.h" - +#include "SerializationFormat.h" +#include "Reporter.h" using namespace threading; diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 5a8361feba..65bb79b659 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -13,7 +13,6 @@ using namespace std; class SerializationFormat; -class RemoteSerializer; namespace threading { @@ -78,8 +77,6 @@ struct Field { string TypeName() const; private: - friend class ::RemoteSerializer; - // Force usage of constructor above. Field() {} }; diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 72de702972..359ae2c616 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,2 +1,6 @@ +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) +warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name) warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" From ed644e39a0bc4fc042eb81e3ad8bacb0cb2bb5e5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 3 May 2019 15:26:03 -0700 Subject: [PATCH 25/51] Remove support for using &&/|| with patterns. This was never documented and previously deprecated. --- src/Expr.cc | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index eccdf1a6b8..e6cb9937c4 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -1883,13 +1883,6 @@ BoolExpr::BoolExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) else SetType(base_type(TYPE_BOOL)); } - - else if ( bt1 == TYPE_PATTERN && bt2 == bt1 ) - { - reporter->Warning("&& and || operators deprecated for pattern operands"); - SetType(base_type(TYPE_PATTERN)); - } - else ExprError("requires boolean operands"); } From 72ec093d564dae90f8ae7d75376179b3f2f046a5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 6 May 2019 10:57:24 -0700 Subject: [PATCH 26/51] Deprecations: Update NEWS, and tie up a few loose ends. Broccoli was still present in the source in a few places, debug outputs that do no longer exist were too. Part of GH-243 --- NEWS | 57 ++++++++++++++++++++++++++++++++++++++++------ doc | 2 +- man/bro.8 | 3 --- src/Attr.cc | 3 +-- src/DebugLogger.cc | 4 ++-- src/DebugLogger.h | 2 -- src/SerialInfo.h | 14 ------------ 7 files changed, 54 insertions(+), 31 deletions(-) diff --git a/NEWS b/NEWS index d0d92f77b0..ac8a02c8d4 100644 --- a/NEWS +++ b/NEWS @@ -244,17 +244,55 @@ Removed Functionality - ``dhcp_offer`` - ``dhcp_release`` - ``dhcp_request`` - - ``remote_state_access_performed`` - - ``remote_state_inconsistency`` - - ``remote_log_peer`` - - ``remote_log`` - - ``finished_send_state`` - - ``remote_pong`` + - ``remote_state_access_performed`` + - ``remote_state_inconsistency`` + - ``remote_connection_established`` + - ``remote_connection_closed`` + - ``remote_connection_handshake_done`` + - ``remote_event_registered`` + - ``remote_connection_error`` + - ``remote_capture_filter`` + - ``remote_log_peer`` + - ``remote_log`` - ``finished_send_state`` + - ``remote_pong`` + +- The following types/records were deprecated in version 2.6 or below and are + removed from this release: + + - ``peer_id`` + - ``event_peer`` + +- The following configuration options were deprecated in version 2.6 or below and are + removed from this release: + + - ``max_remote_events_processed`` + - ``forward_remote_events`` + - ``forward_remote_state_changes`` + - ``enable_syslog`` + - ``remote_trace_sync_interval`` + - ``remote_trace_sync_peers`` + - ``remote_check_sync_consistency`` + +- The following constants were used as part of deprecated functionality in version 2.6 + or below and are removed from this release: + + - ``PEER_ID_NONE`` + - ``REMOTE_LOG_INFO`` + - ``REMOTE_SRC_CHILD`` + - ``REMOTE_SRC_PARENT`` + - ``REMOTE_SRC_SCRIPT`` - The deprecated script ``policy/protocols/smb/__load__.bro`` was removed. Instead of ``@load policy/protocols/smb`` use ``@load base/protocols/smb``. +- Broccoli, which had been deprecated in version 2.6 and was no longer built by default + was removed from the source tree. + +- Support for the &persistent and the &synchronized attributes, which were deprecated + in Bro 2.6, was removed. The ``-g`` command-line option (dump-config) which relied on + this functionality was also removed. + Deprecated Functionality ------------------------ @@ -269,6 +307,11 @@ Deprecated Functionality such that existing code will not break, but will emit a deprecation warning. +- The ``rotate_file``, ``rotate_file_by_name`` and ``calc_next_rotate`` functions + were marked as deprecated. These functions were used with the old pre-2.0 logging + framework and are no longer used. They also were marked as deprecated in their + documentation, however the functions themselves did not carry the deprecation marker. + Bro 2.6 ======= @@ -640,7 +683,7 @@ New Functionality Each has the same form, e.g.:: event tcp_multiple_retransmissions(c: connection, is_orig: bool, - threshold: count); + threshold: count); - Added support for set union, intersection, difference, and comparison operations. The corresponding operators for the first three are diff --git a/doc b/doc index 8aa690e20d..6c099d4bff 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 8aa690e20d19f79805d7f680e454e4ea10231add +Subproject commit 6c099d4bff68f9f9d97952dfaca048425f12027a diff --git a/man/bro.8 b/man/bro.8 index 37c20bf0c5..9dffbe2a27 100644 --- a/man/bro.8 +++ b/man/bro.8 @@ -36,9 +36,6 @@ augment loaded policies by given code \fB\-f\fR,\ \-\-filter tcpdump filter .TP -\fB\-g\fR,\ \-\-dump\-config -dump current config into .state dir -.TP \fB\-h\fR,\ \-\-help|\-? command line help .TP diff --git a/src/Attr.cc b/src/Attr.cc index 1f555dab23..a3d8d15e20 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -556,8 +556,7 @@ bool Attributes::DoSerialize(SerialInfo* info) const { Attr* a = (*attrs)[i]; - // Broccoli doesn't support expressions. - Expr* e = (! info->broccoli_peer) ? a->AttrExpr() : 0; + Expr* e = a->AttrExpr(); SERIALIZE_OPTIONAL(e); if ( ! SERIALIZE(char(a->Tag())) ) diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 8df6a5ef55..7adc7aa65a 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -11,9 +11,9 @@ DebugLogger debug_logger; // Same order here as in DebugStream. DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { - { "serial", 0, false }, { "rules", 0, false }, { "comm", 0, false }, + { "serial", 0, false }, { "rules", 0, false }, { "state", 0, false }, { "chunkedio", 0, false }, - { "compressor", 0, false }, {"string", 0, false }, + {"string", 0, false }, { "notifiers", 0, false }, { "main-loop", 0, false }, { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, diff --git a/src/DebugLogger.h b/src/DebugLogger.h index dab9fd9758..db646bd0cf 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -16,10 +16,8 @@ enum DebugStream { DBG_SERIAL, // Serialization DBG_RULES, // Signature matching - DBG_COMM, // Remote communication DBG_STATE, // StateAccess logging DBG_CHUNKEDIO, // ChunkedIO logging - DBG_COMPRESSOR, // Connection compressor DBG_STRING, // String code DBG_NOTIFIERS, // Notifiers (see StateAccess.h) DBG_MAINLOOP, // Main IOSource loop diff --git a/src/SerialInfo.h b/src/SerialInfo.h index 616fa011b6..294c5747ba 100644 --- a/src/SerialInfo.h +++ b/src/SerialInfo.h @@ -17,7 +17,6 @@ public: pid_32bit = false; include_locations = true; new_cache_strategy = false; - broccoli_peer = false; } SerialInfo(const SerialInfo& info) @@ -32,7 +31,6 @@ public: pid_32bit = info.pid_32bit; include_locations = info.include_locations; new_cache_strategy = info.new_cache_strategy; - broccoli_peer = info.broccoli_peer; } // Parameters that control serialization. @@ -51,11 +49,6 @@ public: // If true, we support keeping objs in cache permanently. bool new_cache_strategy; - // If true, we're connecting to a Broccoli. If so, serialization - // specifics may be adapted for functionality Broccoli does not - // support. - bool broccoli_peer; - ChunkedIO::Chunk* chunk; // chunk written right before the serialization // Attributes set during serialization. @@ -80,7 +73,6 @@ public: print = 0; pid_32bit = false; new_cache_strategy = false; - broccoli_peer = false; } UnserialInfo(const UnserialInfo& info) @@ -97,7 +89,6 @@ public: print = info.print; pid_32bit = info.pid_32bit; new_cache_strategy = info.new_cache_strategy; - broccoli_peer = info.broccoli_peer; } // Parameters that control unserialization. @@ -118,11 +109,6 @@ public: // If true, we support keeping objs in cache permanently. bool new_cache_strategy; - // If true, we're connecting to a Broccoli. If so, serialization - // specifics may be adapted for functionality Broccoli does not - // support. - bool broccoli_peer; - // If a global ID already exits, of these policies is used. enum { Keep, // keep the old ID and ignore the new From 9b49c7cbc63e5205885654fa9c784fe298d735b6 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 6 May 2019 18:56:47 +0000 Subject: [PATCH 27/51] Fix missing include file on Linux --- src/analyzer/protocol/krb/KRB.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h index 7eee46d838..6a6af93c45 100644 --- a/src/analyzer/protocol/krb/KRB.h +++ b/src/analyzer/protocol/krb/KRB.h @@ -9,6 +9,8 @@ #include #endif +#include + namespace analyzer { namespace krb { class KRB_Analyzer : public analyzer::Analyzer { From 5484c40b1f210b312bad7f1ec43416484b3a8d3d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 6 May 2019 14:15:37 -0700 Subject: [PATCH 28/51] GH-353: Add `//i` case-insensitive signature syntax --- NEWS | 3 ++ src/rule-scan.l | 21 ++++++-- .../signatures.udp-packetwise-insensitive/out | 6 +++ .../udp-packetwise-insensitive.zeek | 53 +++++++++++++++++++ 4 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 testing/btest/Baseline/signatures.udp-packetwise-insensitive/out create mode 100644 testing/btest/signatures/udp-packetwise-insensitive.zeek diff --git a/NEWS b/NEWS index 082ad782b1..d4127d8cfd 100644 --- a/NEWS +++ b/NEWS @@ -76,6 +76,9 @@ New Functionality the DNS resolver to use by setting it to an IPv4 or IPv6 address. If not set, then the first IPv4 address from /etc/resolv.conf gets used. +- The ``//i`` convenience syntax for case-insensitive patterns is now + also allowed when specifying patterns used in signature files. + Changed Functionality --------------------- diff --git a/src/rule-scan.l b/src/rule-scan.l index f280d6132b..c7cdb75bd4 100644 --- a/src/rule-scan.l +++ b/src/rule-scan.l @@ -24,7 +24,7 @@ STRING \"([^\n\"]|\\\")*\" IDCOMPONENT [0-9a-zA-Z_][0-9a-zA-Z_-]* ID {IDCOMPONENT}(::{IDCOMPONENT})* IP6 ("["({HEX}:){7}{HEX}"]")|("["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]") -RE \/(\\\/)?([^/]|[^\\]\\\/)*\/ +RE \/(\\\/)?([^/]|[^\\]\\\/)*\/i? META \.[^ \t]+{WS}[^\n]+ PIDCOMPONENT [A-Za-z_][A-Za-z_0-9]* PID {PIDCOMPONENT}(::{PIDCOMPONENT})* @@ -189,8 +189,23 @@ finger { rules_lval.val = Rule::FINGER; return TOK_PATTERN_TYPE; } } {RE} { - *(yytext + strlen(yytext) - 1) = '\0'; - rules_lval.str = yytext + 1; + auto len = strlen(yytext); + + if ( yytext[len - 1] == 'i' ) + { + *(yytext + len - 2) = '\0'; + const char fmt[] = "(?i:%s)"; + int n = len + strlen(fmt); + char* s = new char[n + 5 /* slop */]; + safe_snprintf(s, n + 5, fmt, yytext + 1); + rules_lval.str = s; + } + else + { + *(yytext + len - 1) = '\0'; + rules_lval.str = yytext + 1; + } + return TOK_PATTERN; } diff --git a/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out b/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out new file mode 100644 index 0000000000..5b5066d638 --- /dev/null +++ b/testing/btest/Baseline/signatures.udp-packetwise-insensitive/out @@ -0,0 +1,6 @@ +signature match, Found .*XXXX, XXXX +signature match, Found .*YYYY, YYYY +signature match, Found XXXX, XXXX +signature match, Found YYYY, YYYY +signature match, Found ^XXXX, XXXX +signature match, Found ^YYYY, YYYY diff --git a/testing/btest/signatures/udp-packetwise-insensitive.zeek b/testing/btest/signatures/udp-packetwise-insensitive.zeek new file mode 100644 index 0000000000..b1be478834 --- /dev/null +++ b/testing/btest/signatures/udp-packetwise-insensitive.zeek @@ -0,0 +1,53 @@ +# @TEST-EXEC: bro -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: btest-diff out + +@load-sigs test.sig + +@TEST-START-FILE test.sig +signature xxxx { + ip-proto = udp + payload /xXxX/i + event "Found XXXX" +} + +signature axxxx { + ip-proto = udp + payload /^xxxx/i + event "Found ^XXXX" +} + +signature sxxxx { + ip-proto = udp + payload /.*xxXx/i + event "Found .*XXXX" +} + +signature yyyy { + ip-proto = udp + payload /YYYY/i + event "Found YYYY" +} + +signature ayyyy { + ip-proto = udp + payload /^YYYY/i + event "Found ^YYYY" +} + +signature syyyy { + ip-proto = udp + payload /.*YYYY/i + event "Found .*YYYY" +} + +signature nope { + ip-proto = udp + payload /.*nope/i + event "Found .*nope" +} +@TEST-END-FILE + +event signature_match(state: signature_state, msg: string, data: string) + { + print "signature match", msg, data; + } From 89b8d6e7ba15cf0d9f9ce52f8fadaa9cd6acc04c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 5 May 2019 03:49:25 +0000 Subject: [PATCH 29/51] Update for renaming BroControl to ZeekControl. --- CMakeLists.txt | 6 +++--- aux/broctl | 2 +- aux/zeek-aux | 2 +- configure | 18 +++++++++--------- doc | 2 +- .../frameworks/cluster/setup-connections.zeek | 2 +- scripts/base/frameworks/control/main.zeek | 2 +- testing/scripts/travis-job | 6 +++--- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ac8f1b3a3b..29b9115026 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -331,14 +331,14 @@ add_subdirectory(man) include(CheckOptionalBuildSources) -CheckOptionalBuildSources(aux/broctl Broctl INSTALL_BROCTL) +CheckOptionalBuildSources(aux/broctl ZeekControl INSTALL_ZEEKCTL) CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS) CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI) ######################################################################## ## Packaging Setup -if (INSTALL_BROCTL) +if (INSTALL_ZEEKCTL) # CPack RPM Generator may not automatically detect this set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.6.0") endif () @@ -374,7 +374,7 @@ message( "\nCPP: ${CMAKE_CXX_COMPILER}" "\n" "\nBroccoli: ${INSTALL_BROCCOLI}" - "\nBroctl: ${INSTALL_BROCTL}" + "\nZeekControl: ${INSTALL_ZEEKCTL}" "\nAux. Tools: ${INSTALL_AUX_TOOLS}" "\n" "\nlibmaxminddb: ${USE_GEOIP}" diff --git a/aux/broctl b/aux/broctl index 4dac52cb18..06ef996216 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 4dac52cb18657f579ffb917146fe3881cdfcc96d +Subproject commit 06ef99621675dc33ed29687a975d684e0ceab0cd diff --git a/aux/zeek-aux b/aux/zeek-aux index ba482418c4..6cca8a0b85 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit ba482418c4e16551fd7b9128a4082348ef2842f0 +Subproject commit 6cca8a0b853c57bd30ca4c5b9998166fdd561067 diff --git a/configure b/configure index 98bfc5308d..fbdf3f0709 100755 --- a/configure +++ b/configure @@ -34,12 +34,12 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --prefix=PREFIX installation directory [/usr/local/bro] --scriptdir=PATH root installation directory for Bro scripts [PREFIX/share/bro] - --localstatedir=PATH when using BroControl, path to store log files + --localstatedir=PATH when using ZeekControl, path to store log files and run-time data (within log/ and spool/ subdirs) [PREFIX] - --spooldir=PATH when using BroControl, path to store run-time data + --spooldir=PATH when using ZeekControl, path to store run-time data [PREFIX/spool] - --logdir=PATH when using BroControl, path to store log file + --logdir=PATH when using ZeekControl, path to store log file [PREFIX/logs] --conf-files-dir=PATH config files installation directory [PREFIX/etc] @@ -54,7 +54,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --enable-broccoli build or install the Broccoli library (deprecated) --enable-static-broker build broker statically (ignored if --with-broker is specified) --enable-static-binpac build binpac statically (ignored if --with-binpac is specified) - --disable-broctl don't install Broctl + --disable-zeekctl don't install ZeekControl --disable-auxtools don't build or install auxiliary tools --disable-perftools don't try to build with Google Perftools --disable-python don't try to build python bindings for broker @@ -132,7 +132,7 @@ prefix=/usr/local/bro CMakeCacheEntries="" append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix append_cache_entry BRO_ROOT_DIR PATH $prefix -append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/broctl +append_cache_entry PY_MOD_INSTALL_DIR PATH $prefix/lib/zeekctl append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro append_cache_entry BRO_ETC_INSTALL_DIR PATH $prefix/etc append_cache_entry ENABLE_DEBUG BOOL false @@ -142,7 +142,7 @@ append_cache_entry ENABLE_JEMALLOC BOOL false append_cache_entry BUILD_SHARED_LIBS BOOL true append_cache_entry INSTALL_BROCCOLI BOOL false append_cache_entry INSTALL_AUX_TOOLS BOOL true -append_cache_entry INSTALL_BROCTL BOOL true +append_cache_entry INSTALL_ZEEKCTL BOOL true append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING append_cache_entry ENABLE_MOBILE_IPV6 BOOL false append_cache_entry DISABLE_PERFTOOLS BOOL false @@ -182,7 +182,7 @@ while [ $# -ne 0 ]; do prefix=$optarg append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg append_cache_entry BRO_ROOT_DIR PATH $optarg - append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/broctl + append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/zeekctl ;; --scriptdir=*) append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg @@ -231,8 +231,8 @@ while [ $# -ne 0 ]; do --enable-static-binpac) append_cache_entry BUILD_STATIC_BINPAC BOOL true ;; - --disable-broctl) - append_cache_entry INSTALL_BROCTL BOOL false + --disable-zeekctl) + append_cache_entry INSTALL_ZEEKCTL BOOL false ;; --disable-auxtools) append_cache_entry INSTALL_AUX_TOOLS BOOL false diff --git a/doc b/doc index d9cf0d7a24..09a23d3eb5 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit d9cf0d7a242b6924797aea0a70bd87879b8f1e17 +Subproject commit 09a23d3eb58c133e66ab51d8daecf047db708736 diff --git a/scripts/base/frameworks/cluster/setup-connections.zeek b/scripts/base/frameworks/cluster/setup-connections.zeek index 4903f62c0a..9e9374c8b9 100644 --- a/scripts/base/frameworks/cluster/setup-connections.zeek +++ b/scripts/base/frameworks/cluster/setup-connections.zeek @@ -44,7 +44,7 @@ function connect_peers_with_type(node_type: NodeType) event zeek_init() &priority=-10 { - if ( getenv("BROCTL_CHECK_CONFIG") != "" ) + if ( getenv("ZEEKCTL_CHECK_CONFIG") != "" ) return; local self = nodes[node]; diff --git a/scripts/base/frameworks/control/main.zeek b/scripts/base/frameworks/control/main.zeek index ad1bf3bcce..7ab92a728b 100644 --- a/scripts/base/frameworks/control/main.zeek +++ b/scripts/base/frameworks/control/main.zeek @@ -6,7 +6,7 @@ module Control; export { ## The topic prefix used for exchanging control messages via Broker. - const topic_prefix = "bro/control"; + const topic_prefix = "zeek/control"; ## Whether the controllee should call :zeek:see:`Broker::listen`. ## In a cluster, this isn't needed since the setup process calls it. diff --git a/testing/scripts/travis-job b/testing/scripts/travis-job index 767984b44e..ac00f1bc6e 100644 --- a/testing/scripts/travis-job +++ b/testing/scripts/travis-job @@ -53,7 +53,7 @@ build_coverity() { # outside of Travis). make distclean > /dev/null - ./configure --prefix=`pwd`/build/root --enable-debug --disable-perftools --disable-broker-tests --disable-python --disable-broctl + ./configure --prefix=`pwd`/build/root --enable-debug --disable-perftools --disable-broker-tests --disable-python --disable-zeekctl export PATH=`pwd`/coverity-tools/bin:$PATH cd build @@ -124,9 +124,9 @@ build() { # outside of Travis). make distclean > /dev/null - # Skip building broker tests, python bindings, and broctl, as these are + # Skip building broker tests, python bindings, and zeekctl, as these are # not needed by the bro tests. - ./configure --build-type=Release --disable-broker-tests --disable-python --disable-broctl && make -j 2 + ./configure --build-type=Release --disable-broker-tests --disable-python --disable-zeekctl && make -j 2 } From cb6b9a1f1a914fb462a0bf6acea26b08fef1429d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 8 May 2019 12:42:18 -0700 Subject: [PATCH 30/51] Allow tuning Broker log batching via scripts Via redefining "Broker::log_batch_size" or "Broker::log_batch_interval" --- CHANGES | 6 ++++++ VERSION | 2 +- doc | 2 +- scripts/base/frameworks/broker/main.zeek | 8 ++++++++ src/broker/Manager.cc | 24 ++++++++++-------------- src/broker/Manager.h | 4 +++- 6 files changed, 29 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index adb24b8ed4..c4d2d26a68 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.6-277 | 2019-05-08 12:42:18 -0700 + + * Allow tuning Broker log batching via scripts (Jon Siwek, Corelight) + + Via redefining "Broker::log_batch_size" or "Broker::log_batch_interval" + 2.6-276 | 2019-05-08 09:03:27 -0700 * Force the Broker IOSource to idle periodically, preventing packet diff --git a/VERSION b/VERSION index 5a9089c29d..64298b5057 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-276 +2.6-277 diff --git a/doc b/doc index 736323fe8a..6eb2d810ad 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 736323fe8a78fd8478325c134afe38c075e297a7 +Subproject commit 6eb2d810ad7b2f66f6739bc23dc82ba5d6b27ec1 diff --git a/scripts/base/frameworks/broker/main.zeek b/scripts/base/frameworks/broker/main.zeek index f64ff0ce14..a61f81f239 100644 --- a/scripts/base/frameworks/broker/main.zeek +++ b/scripts/base/frameworks/broker/main.zeek @@ -61,6 +61,14 @@ export { ## control mechanisms). const congestion_queue_size = 200 &redef; + ## The max number of log entries per log stream to batch together when + ## sending log messages to a remote logger. + const log_batch_size = 400 &redef; + + ## Max time to buffer log messages before sending the current set out as a + ## batch. + const log_batch_interval = 1sec &redef; + ## Max number of threads to use for Broker/CAF functionality. The ## BRO_BROKER_MAX_THREADS environment variable overrides this setting. const max_threads = 1 &redef; diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index ebde5229d3..fbc15b3c18 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -23,14 +23,6 @@ using namespace std; namespace bro_broker { -// Max number of log messages buffered per stream before we send them out as -// a batch. -static const int LOG_BATCH_SIZE = 400; - -// Max secs to buffer log messages before sending the current set out as a -// batch. -static const double LOG_BUFFER_INTERVAL = 1.0; - static inline Val* get_option(const char* option) { auto id = global_scope()->Lookup(option); @@ -141,6 +133,8 @@ Manager::Manager(bool arg_reading_pcaps) after_zeek_init = false; peer_count = 0; times_processed_without_idle = 0; + log_batch_size = 0; + log_batch_interval = 0; log_topic_func = nullptr; vector_of_data_type = nullptr; log_id_type = nullptr; @@ -157,6 +151,8 @@ void Manager::InitPostScript() { DBG_LOG(DBG_BROKER, "Initializing"); + log_batch_size = get_option("Broker::log_batch_size")->AsCount(); + log_batch_interval = get_option("Broker::log_batch_interval")->AsInterval(); default_log_topic_prefix = get_option("Broker::default_log_topic_prefix")->AsString()->CheckString(); log_topic_func = get_option("Broker::log_topic")->AsFunc(); @@ -574,14 +570,14 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int auto& pending_batch = lb.msgs[topic]; pending_batch.emplace_back(std::move(msg)); - if ( lb.message_count >= LOG_BATCH_SIZE || - (network_time - lb.last_flush >= LOG_BUFFER_INTERVAL) ) - statistics.num_logs_outgoing += lb.Flush(bstate->endpoint); + if ( lb.message_count >= log_batch_size || + (network_time - lb.last_flush >= log_batch_interval ) ) + statistics.num_logs_outgoing += lb.Flush(bstate->endpoint, log_batch_size); return true; } -size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint) +size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint, size_t log_batch_size) { if ( endpoint.is_shutdown() ) return 0; @@ -595,7 +591,7 @@ size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint) auto& topic = kv.first; auto& pending_batch = kv.second; broker::vector batch; - batch.reserve(LOG_BATCH_SIZE + 1); + batch.reserve(log_batch_size + 1); pending_batch.swap(batch); broker::bro::Batch msg(std::move(batch)); endpoint.publish(topic, move(msg)); @@ -613,7 +609,7 @@ size_t Manager::FlushLogBuffers() auto rval = 0u; for ( auto& lb : log_buffers ) - rval += lb.Flush(bstate->endpoint); + rval += lb.Flush(bstate->endpoint, log_batch_interval); return rval; } diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 901cd4d06c..004ad01dc9 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -353,7 +353,7 @@ private: double last_flush; size_t message_count; - size_t Flush(broker::endpoint& endpoint); + size_t Flush(broker::endpoint& endpoint, size_t batch_size); }; // Data stores @@ -385,6 +385,8 @@ private: int peer_count; int times_processed_without_idle; + size_t log_batch_size; + double log_batch_interval; Func* log_topic_func; VectorType* vector_of_data_type; EnumType* log_id_type; From aced89ac9e93bee036794e0124310b108667c79d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 10 May 2019 19:18:50 -0700 Subject: [PATCH 31/51] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 39ae4a469d..7731032fe1 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 39ae4a469d6ae86c12b49020b361da4fcab24b5b +Subproject commit 7731032fe15aa6ff86f3364a6d31c61d15311286 From a87d1fd8758f3e3d9e6c78b2f165311dfac82ae0 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Sat, 11 May 2019 19:05:25 -0500 Subject: [PATCH 32/51] Fix zeek-wrapper The script was not passing command-line arguments to the new program. Also improved some error messages. --- zeek-wrapper.in | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/zeek-wrapper.in b/zeek-wrapper.in index 91c08b5a5a..1372c573e7 100755 --- a/zeek-wrapper.in +++ b/zeek-wrapper.in @@ -17,11 +17,16 @@ base=$(dirname $0) old=$(basename $0) new=$(echo "${old}" | sed 's/^bro/zeek/') -if [ ! -x "${base}/${new}" ]; then +if [ "${new}" = "${old}" ]; then + echo "zeek-wrapper: this script is just a wrapper for old commands" + exit 1 +fi + +if [ ! -f "${base}/${new}" ]; then echo "zeek-wrapper: ${new} not found" exit 1 fi test -t 0 && test -t 1 && test -t 2 && test -z "${ZEEK_IS_BRO}" && deprecated "${old}" "${new}" -test "${new}" != "${old}" && "${base}/${new}" +"${base}/${new}" "$@" From b953a5516fd55e9d24ce25ab6f71ea48dde52eeb Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 12 May 2019 16:02:37 +0000 Subject: [PATCH 33/51] Updating submodule. --- aux/zeek-aux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/zeek-aux b/aux/zeek-aux index 6cca8a0b85..fc62112b8b 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit 6cca8a0b853c57bd30ca4c5b9998166fdd561067 +Subproject commit fc62112b8b7e0d5905dc46d2cd6a23e9c09de036 From bbaee152800b1c343f30e94b9c2ddc52ef182b82 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Sun, 12 May 2019 19:17:25 -0500 Subject: [PATCH 34/51] Undo a change to btest.cfg from a recent commit Remove a line from btest.cfg that was added (probably unintentionally) in commit 789cb376. --- testing/btest/btest.cfg | 1 - 1 file changed, 1 deletion(-) diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 8c457afee0..de6ff9c65a 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -29,4 +29,3 @@ BRO_DEFAULT_LISTEN_RETRY=1 BRO_DEFAULT_CONNECT_RETRY=1 BRO_DISABLE_BROXYGEN=1 ZEEK_ALLOW_INIT_ERRORS=1 -DYLD_LIBRARY_PATH=/opt/local/lib From 58d55d0f951894984c22dfdbc0a2fb7dd676fb94 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 13 May 2019 20:02:59 -0700 Subject: [PATCH 35/51] GH-365: improve un-indexable type error message --- CHANGES | 4 ++++ VERSION | 2 +- src/Expr.cc | 7 ++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index c4d2d26a68..44d8cf4c93 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-279 | 2019-05-13 20:02:59 -0700 + + * GH-365: improve un-indexable type error message (Jon Siwek, Corelight) + 2.6-277 | 2019-05-08 12:42:18 -0700 * Allow tuning Broker log batching via scripts (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 64298b5057..1268552eaf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-277 +2.6-279 diff --git a/src/Expr.cc b/src/Expr.cc index e6cb9937c4..efbd96f04f 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2917,7 +2917,12 @@ IndexExpr::IndexExpr(Expr* arg_op1, ListExpr* arg_op2, bool is_slice) int match_type = op1->Type()->MatchesIndex(arg_op2); if ( match_type == DOES_NOT_MATCH_INDEX ) - SetError("not an index type"); + { + std::string error_msg = + fmt("expression with type '%s' is not a type that can be indexed", + type_name(op1->Type()->Tag())); + SetError(error_msg.data()); + } else if ( ! op1->Type()->YieldType() ) { From f37a16b7151cde38b1c3b3321e6a3dd9b9338e62 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 17:40:40 -0700 Subject: [PATCH 36/51] Rename broctl submodule to zeekctl --- .gitmodules | 6 +++--- CHANGES | 4 ++++ VERSION | 2 +- aux/broctl | 2 +- aux/zeekctl | 1 + 5 files changed, 10 insertions(+), 5 deletions(-) mode change 160000 => 120000 aux/broctl create mode 160000 aux/zeekctl diff --git a/.gitmodules b/.gitmodules index c7a9313543..d151b3d288 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,9 +4,9 @@ [submodule "aux/binpac"] path = aux/binpac url = https://github.com/zeek/binpac -[submodule "aux/broctl"] - path = aux/broctl - url = https://github.com/zeek/broctl +[submodule "aux/zeekctl"] + path = aux/zeekctl + url = https://github.com/zeek/zeekctl [submodule "aux/btest"] path = aux/btest url = https://github.com/zeek/btest diff --git a/CHANGES b/CHANGES index 1d28dd2ed3..5140b3b96b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-287 | 2019-05-14 17:40:40 -0700 + + * Rename broctl submodule to zeekctl (Jon Siwek, Corelight) + 2.6-286 | 2019-05-14 13:19:12 -0700 * Undo an unintentional change to btest.cfg from a recent commit (Daniel Thayer) diff --git a/VERSION b/VERSION index 25be38244b..6d6eb4e3ce 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-286 +2.6-287 diff --git a/aux/broctl b/aux/broctl deleted file mode 160000 index 2ab58cc88f..0000000000 --- a/aux/broctl +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 2ab58cc88fd80f1d7a7fc5dd14bfd63b07f285f6 diff --git a/aux/broctl b/aux/broctl new file mode 120000 index 0000000000..d17a55b030 --- /dev/null +++ b/aux/broctl @@ -0,0 +1 @@ +zeekctl \ No newline at end of file diff --git a/aux/zeekctl b/aux/zeekctl new file mode 160000 index 0000000000..b89ebe1582 --- /dev/null +++ b/aux/zeekctl @@ -0,0 +1 @@ +Subproject commit b89ebe15821d0d1ef895149f4dd97336789c7910 From 385a3a5ae81bcc23c51d3061a12c6988598cb254 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 17:46:25 -0700 Subject: [PATCH 37/51] Update CMake to use aux/zeekctl and aux/zeek-aux submodules Instead of the old "bro" versions of those which are no symlinks. --- CHANGES | 4 ++++ CMakeLists.txt | 4 ++-- VERSION | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 5140b3b96b..1b0d83adca 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-288 | 2019-05-14 17:47:55 -0700 + + * Update CMake to use aux/zeekctl and aux/zeek-aux submodules (Jon Siwek, Corelight) + 2.6-287 | 2019-05-14 17:40:40 -0700 * Rename broctl submodule to zeekctl (Jon Siwek, Corelight) diff --git a/CMakeLists.txt b/CMakeLists.txt index f49fdfcdb6..7fe5c3e2ee 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -331,8 +331,8 @@ add_subdirectory(man) include(CheckOptionalBuildSources) -CheckOptionalBuildSources(aux/broctl ZeekControl INSTALL_ZEEKCTL) -CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS) +CheckOptionalBuildSources(aux/zeekctl ZeekControl INSTALL_ZEEKCTL) +CheckOptionalBuildSources(aux/zeek-aux Zeek-Aux INSTALL_AUX_TOOLS) ######################################################################## ## Packaging Setup diff --git a/VERSION b/VERSION index 6d6eb4e3ce..b2c215b835 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-287 +2.6-288 From bee69222b1dcd77bf6fc41030c332426470f2ba6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 18:21:58 -0700 Subject: [PATCH 38/51] Update NEWS --- NEWS | 2 ++ aux/zeekctl | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 4762ffcc00..7af0a6384d 100644 --- a/NEWS +++ b/NEWS @@ -315,6 +315,8 @@ Removed Functionality in Bro 2.6, was removed. The ``-g`` command-line option (dump-config) which relied on this functionality was also removed. +- Removed the BroControl ``update`` command, which was deprecated in Bro 2.6. + Deprecated Functionality ------------------------ diff --git a/aux/zeekctl b/aux/zeekctl index b89ebe1582..4bc51657f9 160000 --- a/aux/zeekctl +++ b/aux/zeekctl @@ -1 +1 @@ -Subproject commit b89ebe15821d0d1ef895149f4dd97336789c7910 +Subproject commit 4bc51657f9b2fae3d3c71c0a927b7a7341a4f0cd From 13867f53c3a36ebdac3d5b9d052bfd721ffc78c5 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 18:35:25 -0700 Subject: [PATCH 39/51] Update btest.cfg path to use zeek-aux --- CHANGES | 4 ++++ VERSION | 2 +- testing/btest/btest.cfg | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 1b0d83adca..0b02c6fe11 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-290 | 2019-05-14 18:35:25 -0700 + + * Update btest.cfg path to use zeek-aux (Jon Siwek, Corelight) + 2.6-288 | 2019-05-14 17:47:55 -0700 * Update CMake to use aux/zeekctl and aux/zeek-aux submodules (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index b2c215b835..46fa81ef09 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-288 +2.6-290 diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index de6ff9c65a..fc2f79ef14 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -12,7 +12,7 @@ BRO_PLUGIN_PATH= TZ=UTC LC_ALL=C BTEST_PATH=%(testbase)s/../../aux/btest -PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/bro-aux/zeek-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin +PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../build/aux/zeek-aux/zeek-cut:%(testbase)s/../../aux/btest/sphinx:%(default_path)s:/sbin TRACES=%(testbase)s/Traces FILES=%(testbase)s/Files SCRIPTS=%(testbase)s/../scripts From 8abf0fad57a514c05880bbc97205a133c050cf01 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 19:00:54 -0700 Subject: [PATCH 40/51] Updating submodule(s). [nomail] --- doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc b/doc index bafc32a197..019f8dd011 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit bafc32a197e77edf1f4ccab654f03476226a8839 +Subproject commit 019f8dd0110f957d116ce810c5018e7b78dc85d2 From b3c4b986efbb871bc6015d91fbe5cf4436af1819 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 19:01:05 -0700 Subject: [PATCH 41/51] Fix maybe-uninitialized compiler warning --- CHANGES | 4 ++++ VERSION | 2 +- src/CompHash.cc | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0b02c6fe11..3b3d487ff5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-292 | 2019-05-14 19:01:05 -0700 + + * Fix maybe-uninitialized compiler warning (Jon Siwek, Corelight) + 2.6-290 | 2019-05-14 18:35:25 -0700 * Update btest.cfg path to use zeek-aux (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 46fa81ef09..5978f27f47 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-290 +2.6-292 diff --git a/src/CompHash.cc b/src/CompHash.cc index ac2df02722..4e5366edde 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -677,7 +677,7 @@ ListVal* CompositeHash::RecoverVals(const HashKey* k) const loop_over_list(*tl, i) { - Val* v; + Val* v = nullptr; kp = RecoverOneVal(k, kp, k_end, (*tl)[i], v, false); ASSERT(v); l->Append(v); From fcc840044d752eefad9367957a70232922c9bbbd Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 14 May 2019 19:31:51 -0700 Subject: [PATCH 42/51] Updating submodule(s). [nomail] --- aux/zeekctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/zeekctl b/aux/zeekctl index 4bc51657f9..9ca96b333c 160000 --- a/aux/zeekctl +++ b/aux/zeekctl @@ -1 +1 @@ -Subproject commit 4bc51657f9b2fae3d3c71c0a927b7a7341a4f0cd +Subproject commit 9ca96b333c1a2df8992a5a6e208707acc28eb9c2 From 3bbd11b1cdfa73b2e93d371a9e7f1dcbf7625fd9 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Wed, 15 May 2019 00:17:32 -0500 Subject: [PATCH 43/51] Changes needed due to bro-to-zeek renaming in broker --- src/broker/Manager.cc | 36 ++++++++++++++++++------------------ src/broker/Manager.h | 10 +++++----- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index fbc15b3c18..070de84074 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -1,6 +1,6 @@ #include -#include +#include #include #include #include @@ -357,7 +357,7 @@ bool Manager::PublishEvent(string topic, std::string name, broker::vector args) DBG_LOG(DBG_BROKER, "Publishing event: %s", RenderEvent(topic, name, args).c_str()); - broker::bro::Event ev(std::move(name), std::move(args)); + broker::zeek::Event ev(std::move(name), std::move(args)); bstate->endpoint.publish(move(topic), std::move(ev)); ++statistics.num_events_outgoing; return true; @@ -418,7 +418,7 @@ bool Manager::PublishIdentifier(std::string topic, std::string id) return false; } - broker::bro::IdentifierUpdate msg(move(id), move(*data)); + broker::zeek::IdentifierUpdate msg(move(id), move(*data)); DBG_LOG(DBG_BROKER, "Publishing id-update: %s", RenderMessage(topic, msg).c_str()); bstate->endpoint.publish(move(topic), move(msg)); @@ -469,7 +469,7 @@ bool Manager::PublishLogCreate(EnumVal* stream, EnumVal* writer, std::string topic = default_log_topic_prefix + stream_id; auto bstream_id = broker::enum_value(move(stream_id)); auto bwriter_id = broker::enum_value(move(writer_id)); - broker::bro::LogCreate msg(move(bstream_id), move(bwriter_id), move(writer_info), move(fields_data)); + broker::zeek::LogCreate msg(move(bstream_id), move(bwriter_id), move(writer_info), move(fields_data)); DBG_LOG(DBG_BROKER, "Publishing log creation: %s", RenderMessage(topic, msg).c_str()); @@ -557,7 +557,7 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int auto bstream_id = broker::enum_value(move(stream_id)); auto bwriter_id = broker::enum_value(move(writer_id)); - broker::bro::LogWrite msg(move(bstream_id), move(bwriter_id), move(path), + broker::zeek::LogWrite msg(move(bstream_id), move(bwriter_id), move(path), move(serial_data)); DBG_LOG(DBG_BROKER, "Buffering log record: %s", RenderMessage(topic, msg).c_str()); @@ -593,7 +593,7 @@ size_t Manager::LogBuffer::Flush(broker::endpoint& endpoint, size_t log_batch_si broker::vector batch; batch.reserve(log_batch_size + 1); pending_batch.swap(batch); - broker::bro::Batch msg(std::move(batch)); + broker::zeek::Batch msg(std::move(batch)); endpoint.publish(topic, move(msg)); } @@ -838,31 +838,31 @@ double Manager::NextTimestamp(double* local_network_time) void Manager::DispatchMessage(const broker::topic& topic, broker::data msg) { - switch ( broker::bro::Message::type(msg) ) { - case broker::bro::Message::Type::Invalid: + switch ( broker::zeek::Message::type(msg) ) { + case broker::zeek::Message::Type::Invalid: reporter->Warning("received invalid broker message: %s", broker::to_string(msg).data()); break; - case broker::bro::Message::Type::Event: + case broker::zeek::Message::Type::Event: ProcessEvent(topic, std::move(msg)); break; - case broker::bro::Message::Type::LogCreate: + case broker::zeek::Message::Type::LogCreate: ProcessLogCreate(std::move(msg)); break; - case broker::bro::Message::Type::LogWrite: + case broker::zeek::Message::Type::LogWrite: ProcessLogWrite(std::move(msg)); break; - case broker::bro::Message::Type::IdentifierUpdate: + case broker::zeek::Message::Type::IdentifierUpdate: ProcessIdentifierUpdate(std::move(msg)); break; - case broker::bro::Message::Type::Batch: + case broker::zeek::Message::Type::Batch: { - broker::bro::Batch batch(std::move(msg)); + broker::zeek::Batch batch(std::move(msg)); if ( ! batch.valid() ) { @@ -970,7 +970,7 @@ void Manager::Process() } -void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) +void Manager::ProcessEvent(const broker::topic& topic, broker::zeek::Event ev) { if ( ! ev.valid() ) { @@ -1046,7 +1046,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev) } } -bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) +bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) { DBG_LOG(DBG_BROKER, "Received log-create: %s", RenderMessage(lc).c_str()); if ( ! lc.valid() ) @@ -1116,7 +1116,7 @@ bool bro_broker::Manager::ProcessLogCreate(broker::bro::LogCreate lc) return true; } -bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) +bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) { DBG_LOG(DBG_BROKER, "Received log-write: %s", RenderMessage(lw).c_str()); @@ -1203,7 +1203,7 @@ bool bro_broker::Manager::ProcessLogWrite(broker::bro::LogWrite lw) return true; } -bool Manager::ProcessIdentifierUpdate(broker::bro::IdentifierUpdate iu) +bool Manager::ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu) { DBG_LOG(DBG_BROKER, "Received id-update: %s", RenderMessage(iu).c_str()); diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 004ad01dc9..bced3a4846 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -2,7 +2,7 @@ #define BRO_COMM_MANAGER_H #include -#include +#include #include #include #include @@ -324,10 +324,10 @@ public: private: void DispatchMessage(const broker::topic& topic, broker::data msg); - void ProcessEvent(const broker::topic& topic, broker::bro::Event ev); - bool ProcessLogCreate(broker::bro::LogCreate lc); - bool ProcessLogWrite(broker::bro::LogWrite lw); - bool ProcessIdentifierUpdate(broker::bro::IdentifierUpdate iu); + void ProcessEvent(const broker::topic& topic, broker::zeek::Event ev); + bool ProcessLogCreate(broker::zeek::LogCreate lc); + bool ProcessLogWrite(broker::zeek::LogWrite lw); + bool ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu); void ProcessStatus(broker::status stat); void ProcessError(broker::error err); void ProcessStoreResponse(StoreHandleVal*, broker::store::response response); From a8c0cd7deed6a2b97b2742455fba685c1cc24640 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 15 May 2019 10:05:53 -0700 Subject: [PATCH 44/51] Fix potential race in openflow broker plugin Broker::subscribe() after Broker::peer() may result in losing messages, always best to do the reverse order. Also possibly improved chance of unstable unit test output order. --- CHANGES | 4 ++++ VERSION | 2 +- scripts/base/frameworks/openflow/plugins/broker.zeek | 2 +- .../scripts/base/frameworks/openflow/broker-basic.zeek | 7 ++++--- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 2474f3c5ac..c0e54f56f9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.6-301 | 2019-05-15 10:05:53 -0700 + + * Fix potential race in openflow broker plugin (Jon Siwek, Corelight) + 2.6-300 | 2019-05-15 09:00:57 -0700 * Fixes to DNS lookup, including ref-counting bugs, preventing starvation diff --git a/VERSION b/VERSION index 91de3cddd1..9aeafbe2f3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-300 +2.6-301 diff --git a/scripts/base/frameworks/openflow/plugins/broker.zeek b/scripts/base/frameworks/openflow/plugins/broker.zeek index f37f0b8afc..e6a594822e 100644 --- a/scripts/base/frameworks/openflow/plugins/broker.zeek +++ b/scripts/base/frameworks/openflow/plugins/broker.zeek @@ -61,8 +61,8 @@ function broker_flow_clear_fun(state: OpenFlow::ControllerState): bool function broker_init(state: OpenFlow::ControllerState) { - Broker::peer(cat(state$broker_host), state$broker_port); Broker::subscribe(state$broker_topic); # openflow success and failure events are directly sent back via the other plugin via broker. + Broker::peer(cat(state$broker_host), state$broker_port); } event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) diff --git a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek index a7a3113171..b84a337b9f 100644 --- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" # @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/smtp.trace --pseudo-realtime ../send.zeek >send.out" -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff recv/recv.out # @TEST-EXEC: btest-diff send/send.out @@ -33,7 +33,6 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) event OpenFlow::controller_activated(name: string, controller: OpenFlow::Controller) { - continue_processing(); OpenFlow::flow_clear(of_controller); OpenFlow::flow_mod(of_controller, [], [$cookie=OpenFlow::generate_cookie(1), $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]); } @@ -61,7 +60,9 @@ function got_message() { ++msg_count; - if ( msg_count == 6 ) + if ( msg_count == 2 ) + continue_processing(); + else if ( msg_count == 6 ) terminate(); } From 72b46268f7b1a32c85e892abe73c4a8eb4920bd4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 15 May 2019 15:53:26 -0700 Subject: [PATCH 45/51] Updating submodule(s). [nomail] --- aux/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broker b/aux/broker index 5e3684f1b6..53f7e0da11 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 5e3684f1b69a282b831c9d1b72ed924b510f22f0 +Subproject commit 53f7e0da11c4d6ce014f27ae4dcf807a651fb634 From 3f9e7138bd65400c7cd45096892eb0a46f7eb2e9 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 16 May 2019 00:01:21 -0500 Subject: [PATCH 46/51] More bro-to-zeek renaming in the unit tests --- src/bro.bif | 4 +- testing/README | 6 +-- .../core.option-runtime-errors/.stderr | 2 +- .../{broproc.intel.log => zeekproc.intel.log} | 0 .../{broproc.intel.log => zeekproc.intel.log} | 0 .../out1 | 2 +- .../{broproc.intel.log => zeekproc.intel.log} | 0 testing/btest/README | 10 ++--- testing/btest/bifs/dump_current_packet.zeek | 2 +- .../btest/broker/store/type-conversion.zeek | 4 +- testing/btest/core/disable-mobile-ipv6.test | 3 +- testing/btest/core/expr-exception.zeek | 2 +- testing/btest/core/ip-broken-header.zeek | 2 +- testing/btest/core/leaks/broker/data.zeek | 12 +++--- testing/btest/core/leaks/ip-in-ip.test | 6 +-- testing/btest/core/load-duplicates.zeek | 14 +++---- testing/btest/core/mobile-ipv6-home-addr.test | 3 +- testing/btest/core/mobile-ipv6-routing.test | 3 +- testing/btest/core/mobility-checksums.test | 3 +- testing/btest/core/mobility_msg.test | 3 +- testing/btest/core/nop.zeek | 2 +- testing/btest/core/option-runtime-errors.zeek | 5 ++- testing/btest/core/recursive-event.zeek | 2 +- .../core/reporter-shutdown-order-errors.zeek | 2 +- testing/btest/core/tcp/truncated-header.zeek | 4 +- testing/btest/core/truncation.test | 2 +- .../btest/core/tunnels/ip-in-ip-version.zeek | 2 - testing/btest/core/vector-assignment.zeek | 2 +- testing/btest/doc/record-add.zeek | 2 +- testing/btest/language/for.zeek | 2 +- testing/btest/language/no-module.zeek | 2 +- testing/btest/language/record-bad-ctor.zeek | 2 +- .../btest/plugins/bifs-and-scripts-install.sh | 2 +- testing/btest/plugins/bifs-and-scripts.sh | 2 +- testing/btest/plugins/file.zeek | 2 +- testing/btest/plugins/hooks.zeek | 2 +- testing/btest/plugins/init-plugin.zeek | 2 +- testing/btest/plugins/logging-hooks.zeek | 2 +- testing/btest/plugins/pktdumper.zeek | 2 +- testing/btest/plugins/pktsrc.zeek | 2 +- .../btest/plugins/plugin-nopatchversion.zeek | 2 +- .../plugins/plugin-withpatchversion.zeek | 2 +- testing/btest/plugins/protocol.zeek | 2 +- testing/btest/plugins/reader.zeek | 2 +- testing/btest/plugins/reporter-hook.zeek | 2 +- testing/btest/plugins/writer.zeek | 2 +- .../base/frameworks/intel/expire-item.zeek | 6 +-- .../base/frameworks/intel/filter-item.zeek | 4 +- .../frameworks/intel/input-and-match.zeek | 4 +- .../base/frameworks/intel/match-subnet.zeek | 6 +-- .../frameworks/intel/remove-non-existing.zeek | 6 +-- .../base/frameworks/logging/rotate.zeek | 4 +- testing/btest/scripts/base/misc/version.zeek | 2 +- .../scripts/base/protocols/krb/smb2_krb.test | 2 +- .../base/protocols/krb/smb2_krb_nokeytab.test | 2 +- .../protocols/modbus/exception_handling.test | 2 +- .../base/protocols/mysql/encrypted.test | 7 ++-- .../base/protocols/ssl/cve-2015-3194.test | 2 +- .../policy/frameworks/intel/removal.zeek | 4 +- testing/btest/scripts/site/local-compat.test | 6 +-- testing/coverage/README | 4 +- testing/coverage/code_coverage.sh | 12 +++--- testing/coverage/lcov_html.sh | 4 +- testing/external/README | 6 +-- testing/external/scripts/diff-all | 2 +- .../external/scripts/perftools-adapt-paths | 2 +- testing/external/scripts/skel/test.skeleton | 2 +- testing/external/scripts/testing-setup.zeek | 2 +- testing/scripts/coverage-calc | 8 ++-- testing/scripts/has-writer | 2 +- testing/scripts/travis-job | 38 +++++++++---------- 71 files changed, 141 insertions(+), 136 deletions(-) rename testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/{broproc.intel.log => zeekproc.intel.log} (100%) rename testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/{broproc.intel.log => zeekproc.intel.log} (100%) rename testing/btest/Baseline/scripts.policy.frameworks.intel.removal/{broproc.intel.log => zeekproc.intel.log} (100%) diff --git a/src/bro.bif b/src/bro.bif index c3a9f13d56..b356c91fe8 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3990,7 +3990,7 @@ function lookup_location%(a: addr%) : geo_location if ( ! missing_geoip_reported ) { - builtin_error("Bro was not configured for GeoIP support"); + builtin_error("Zeek was not configured for GeoIP support"); missing_geoip_reported = 1; } #endif @@ -4047,7 +4047,7 @@ function lookup_asn%(a: addr%) : count if ( ! missing_geoip_reported ) { - builtin_error("Bro was not configured for GeoIP ASN support"); + builtin_error("Zeek was not configured for GeoIP ASN support"); missing_geoip_reported = 1; } #endif diff --git a/testing/README b/testing/README index ba407fcc67..37f8aa9014 100644 --- a/testing/README +++ b/testing/README @@ -1,13 +1,13 @@ -This directory contains suites for testing for Bro's correct +This directory contains suites for testing for Zeek's correct operation: btest/ - An ever-growing set of small unit tests testing Bro's + An ever-growing set of small unit tests testing Zeek's functionality. external/ A framework for downloading additional test sets that run more - complex Bro configuration on larger traces files. Due to their + complex Zeek configuration on larger traces files. Due to their size, these are not included directly. See the README for more information. diff --git a/testing/btest/Baseline/core.option-runtime-errors/.stderr b/testing/btest/Baseline/core.option-runtime-errors/.stderr index 0d4da12312..a8362f52c0 100644 --- a/testing/btest/Baseline/core.option-runtime-errors/.stderr +++ b/testing/btest/Baseline/core.option-runtime-errors/.stderr @@ -1 +1 @@ -error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.zeek, line 8: Could not find ID named 'B' (Option::set(B, 6, )) +error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.zeek, line 9: Could not find ID named 'B' (Option::set(B, 6, )) diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/broproc.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/broproc.intel.log rename to testing/btest/Baseline/scripts.base.frameworks.intel.filter-item/zeekproc.intel.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log b/testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log rename to testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/zeekproc.intel.log diff --git a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 index 2f84ca097a..3c3f495e11 100644 --- a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 +++ b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 @@ -1 +1 @@ -1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. +1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Zeek reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. diff --git a/testing/btest/Baseline/scripts.policy.frameworks.intel.removal/broproc.intel.log b/testing/btest/Baseline/scripts.policy.frameworks.intel.removal/zeekproc.intel.log similarity index 100% rename from testing/btest/Baseline/scripts.policy.frameworks.intel.removal/broproc.intel.log rename to testing/btest/Baseline/scripts.policy.frameworks.intel.removal/zeekproc.intel.log diff --git a/testing/btest/README b/testing/btest/README index 200d1a3e0e..f20205c36b 100644 --- a/testing/btest/README +++ b/testing/btest/README @@ -1,4 +1,4 @@ -This a test suite of small "unit tests" that verify individual pieces of Bro +This a test suite of small "unit tests" that verify individual pieces of Zeek functionality. They all utilize BTest, a simple framework/driver for writing unit tests. More information about BTest can be found at https://github.com/zeek/btest @@ -20,14 +20,14 @@ Significant Subdirectories Packet captures utilized by the various BTest tests. * scripts/ - This hierarchy of tests emulates the hierarchy of the Bro scripts/ + This hierarchy of tests emulates the hierarchy of the Zeek scripts/ directory. * coverage/ This collection of tests relates to checking whether we're covering everything we want to in terms of tests, documentation, and which - scripts get loaded in different Bro configurations. These tests are - more prone to fail as new Bro scripts are developed and added to the + scripts get loaded in different Zeek configurations. These tests are + more prone to fail as new Zeek scripts are developed and added to the distribution -- checking the individual test's comments is the best place to check for more details on what exactly the test is checking and hints on how to fix it when it fails. @@ -48,7 +48,7 @@ run ``btest`` directly with desired options/arguments. Examples: You can specify a directory on the command line to run just the tests contained in that directory. This is useful if you wish to run all of a given type of test, without running all the tests - there are. For example, "btest scripts" will run all of the Bro + there are. For example, "btest scripts" will run all of the Zeek script unit tests. diff --git a/testing/btest/bifs/dump_current_packet.zeek b/testing/btest/bifs/dump_current_packet.zeek index d78252edf4..ce177a1daf 100644 --- a/testing/btest/bifs/dump_current_packet.zeek +++ b/testing/btest/bifs/dump_current_packet.zeek @@ -6,7 +6,7 @@ # @TEST-EXEC: btest-diff 2.hex # Note that the hex output will contain global pcap header information, -# including Bro's snaplen setting (so maybe check that out in the case +# including Zeek's snaplen setting (so maybe check that out in the case # you are reading this message due to this test failing in the future). global i: count = 0; diff --git a/testing/btest/broker/store/type-conversion.zeek b/testing/btest/broker/store/type-conversion.zeek index 919bfd91ca..733a10af73 100644 --- a/testing/btest/broker/store/type-conversion.zeek +++ b/testing/btest/broker/store/type-conversion.zeek @@ -13,7 +13,7 @@ type R2: record { event zeek_init() { - ### Print every broker data type + ### Print every Broker data type print Broker::data_type(Broker::data(T)); print Broker::data_type(Broker::data(+1)); print Broker::data_type(Broker::data(1)); @@ -33,7 +33,7 @@ event zeek_init() print "***************************"; - ### Convert a Bro value to a broker value, then print the result + ### Convert a Zeek value to a Broker value, then print the result print (Broker::data(T) as bool); print (Broker::data(F) as bool); diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test index b9914f260f..eace575cca 100644 --- a/testing/btest/core/disable-mobile-ipv6.test +++ b/testing/btest/core/disable-mobile-ipv6.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/expr-exception.zeek b/testing/btest/core/expr-exception.zeek index 58eee4a07d..79f460b1e4 100644 --- a/testing/btest/core/expr-exception.zeek +++ b/testing/btest/core/expr-exception.zeek @@ -1,5 +1,5 @@ # Expressions in an event handler that raise interpreter exceptions -# shouldn't abort Bro entirely, but just return from the function body. +# shouldn't abort Zeek entirely, but just return from the function body. # # @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/core/ip-broken-header.zeek b/testing/btest/core/ip-broken-header.zeek index 1e2d8c95c6..08c72b06f1 100644 --- a/testing/btest/core/ip-broken-header.zeek +++ b/testing/btest/core/ip-broken-header.zeek @@ -1,5 +1,5 @@ # This test has a trace that was generated from fuzzing which used to cause -# OOB reads in Bro. It has a number of packets broken in weird ways. +# OOB reads in Zeek. It has a number of packets broken in weird ways. # # @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | zeek -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/leaks/broker/data.zeek b/testing/btest/core/leaks/broker/data.zeek index 9d4aa120a7..9f9daadee0 100644 --- a/testing/btest/core/leaks/broker/data.zeek +++ b/testing/btest/core/leaks/broker/data.zeek @@ -110,7 +110,7 @@ if ( did_it ) return; did_it = T; -### Print every broker data type +### Print every Broker data type print Broker::data_type(Broker::data(T)); print Broker::data_type(Broker::data(+1)); @@ -134,7 +134,7 @@ print Broker::data_type(Broker::data(r)); print "***************************"; -### Convert a Bro value to a broker value, then print the result +### Convert a Zeek value to a Broker value, then print the result print (Broker::data(T)) as bool; print (Broker::data(F)) as bool; @@ -175,7 +175,7 @@ print broker_to_bro_record(cr); print "***************************"; -### Test the broker set BIFs +### Test the Broker set BIFs cs = Broker::set_create(); print Broker::set_size(cs); @@ -197,7 +197,7 @@ print broker_to_bro_set(cs); print "***************************"; -### Test the broker table BIFs +### Test the Broker table BIFs ct = Broker::table_create(); print Broker::table_size(ct); @@ -221,7 +221,7 @@ print broker_to_bro_table(ct); print "***************************"; -### Test the broker vector BIFs +### Test the Broker vector BIFs cv = Broker::vector_create(); print Broker::vector_size(cv); @@ -244,7 +244,7 @@ print broker_to_bro_vector(cv); print "***************************"; -### Test the broker record BIFs +### Test the Broker record BIFs cr = Broker::record_create(3); print Broker::record_size(cr); diff --git a/testing/btest/core/leaks/ip-in-ip.test b/testing/btest/core/leaks/ip-in-ip.test index 8f69f4ddd2..41cc6a7724 100644 --- a/testing/btest/core/leaks/ip-in-ip.test +++ b/testing/btest/core/leaks/ip-in-ip.test @@ -4,9 +4,9 @@ # # @TEST-GROUP: leaks # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 zeek -m -b -r $TRACES/tunnels/6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 zeek -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 zeek -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek1 zeek -m -b -r $TRACES/tunnels/6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek2 zeek -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run zeek3 zeek -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT # @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/load-duplicates.zeek b/testing/btest/core/load-duplicates.zeek index 3ab98015d5..846350988e 100644 --- a/testing/btest/core/load-duplicates.zeek +++ b/testing/btest/core/load-duplicates.zeek @@ -1,15 +1,15 @@ -# This tests bro's mechanism to prevent duplicate script loading. +# This tests Zeek's mechanism to prevent duplicate script loading. # # @TEST-EXEC: mkdir -p foo/bar -# @TEST-EXEC: echo "@load bar/test" >loader.bro -# @TEST-EXEC: cp %INPUT foo/bar/test.bro -# @TEST-EXEC: cp %INPUT foo/bar/test2.bro +# @TEST-EXEC: echo "@load bar/test" >loader.zeek +# @TEST-EXEC: cp %INPUT foo/bar/test.zeek +# @TEST-EXEC: cp %INPUT foo/bar/test2.zeek # # @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test.zeek # @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader foo/bar/test.zeek +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader `pwd`/foo/bar/test.zeek # @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo zeek -b misc/loaded-scripts loader bar/test2 global pi = 3.14; diff --git a/testing/btest/core/mobile-ipv6-home-addr.test b/testing/btest/core/mobile-ipv6-home-addr.test index a7e803c24a..9be171074a 100644 --- a/testing/btest/core/mobile-ipv6-home-addr.test +++ b/testing/btest/core/mobile-ipv6-home-addr.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/mobile-ipv6-routing.test b/testing/btest/core/mobile-ipv6-routing.test index f394ff865c..cca944f9c4 100644 --- a/testing/btest/core/mobile-ipv6-routing.test +++ b/testing/btest/core/mobile-ipv6-routing.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/mobility-checksums.test b/testing/btest/core/mobility-checksums.test index ee849c08a6..d680fdf406 100644 --- a/testing/btest/core/mobility-checksums.test +++ b/testing/btest/core/mobility-checksums.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -r $TRACES/chksums/mip6-bad-mh-chksum.pcap # @TEST-EXEC: mv weird.log bad.out # @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap diff --git a/testing/btest/core/mobility_msg.test b/testing/btest/core/mobility_msg.test index f0017e4cdd..89538fc667 100644 --- a/testing/btest/core/mobility_msg.test +++ b/testing/btest/core/mobility_msg.test @@ -1,4 +1,5 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h +# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output diff --git a/testing/btest/core/nop.zeek b/testing/btest/core/nop.zeek index d1316cdccd..e0f6f70323 100644 --- a/testing/btest/core/nop.zeek +++ b/testing/btest/core/nop.zeek @@ -1,4 +1,4 @@ -# Bro shouldn't crash when doing nothing, nor outputting anything. +# Zeek shouldn't crash when doing nothing, nor outputting anything. # # @TEST-EXEC: cat /dev/null | zeek >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/option-runtime-errors.zeek b/testing/btest/core/option-runtime-errors.zeek index aa7ad77874..ef512c6a8e 100644 --- a/testing/btest/core/option-runtime-errors.zeek +++ b/testing/btest/core/option-runtime-errors.zeek @@ -1,8 +1,9 @@ # @TEST-EXEC: zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr -# Errors that happen during runtime. At least at the moment we are not checking these early enough -# that Bro will bail out during startup. Perhaps we want to change this later. +# Errors that happen during runtime. At least at the moment we are not +# checking these early enough that Zeek will bail out during startup. Perhaps +# we want to change this later. option A = 5; Option::set("B", 6); diff --git a/testing/btest/core/recursive-event.zeek b/testing/btest/core/recursive-event.zeek index 75e3ce46d5..f82b4ed58b 100644 --- a/testing/btest/core/recursive-event.zeek +++ b/testing/btest/core/recursive-event.zeek @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff output # In old version, the event would keep triggering endlessely, with the network -# time not moving forward and Bro not terminating. +# time not moving forward and Zeek not terminating. # # Note that the output will not be 20 because we still execute two rounds # of events every time we drain and also at startup several (currently 3) diff --git a/testing/btest/core/reporter-shutdown-order-errors.zeek b/testing/btest/core/reporter-shutdown-order-errors.zeek index 03943679ff..f1478124b8 100644 --- a/testing/btest/core/reporter-shutdown-order-errors.zeek +++ b/testing/btest/core/reporter-shutdown-order-errors.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: touch reporter.log && chmod -w reporter.log # @TEST-EXEC: zeek %INPUT >out 2>&1 -# Output doesn't really matter, but we just want to know that Bro shutdowns +# Output doesn't really matter, but we just want to know that Zeek shutdowns # without crashing in such scenarios (reporter log not writable # and also reporter errors being emitting during shutdown). diff --git a/testing/btest/core/tcp/truncated-header.zeek b/testing/btest/core/tcp/truncated-header.zeek index babfd7531c..145f415754 100644 --- a/testing/btest/core/tcp/truncated-header.zeek +++ b/testing/btest/core/tcp/truncated-header.zeek @@ -3,7 +3,7 @@ event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string) { - # Just having this handler used to crash Bro on this trace. - print network_time(), c$id; + # Just having this handler used to crash Zeek on this trace. + print network_time(), c$id; } diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test index 22db760810..b602f13585 100644 --- a/testing/btest/core/truncation.test +++ b/testing/btest/core/truncation.test @@ -8,7 +8,7 @@ # @TEST-EXEC: cat weird.log >> output # If an ICMP packet's payload is truncated due to too small snaplen, -# the checksum calculation is bypassed (and Bro doesn't crash, of course). +# the checksum calculation is bypassed (and Zeek doesn't crash, of course). # @TEST-EXEC: rm -f weird.log # @TEST-EXEC: zeek -r $TRACES/trunc/icmp-payload-trunc.pcap diff --git a/testing/btest/core/tunnels/ip-in-ip-version.zeek b/testing/btest/core/tunnels/ip-in-ip-version.zeek index f5ff69c21c..49e8a5a3d0 100644 --- a/testing/btest/core/tunnels/ip-in-ip-version.zeek +++ b/testing/btest/core/tunnels/ip-in-ip-version.zeek @@ -10,5 +10,3 @@ # @TEST-EXEC: btest-diff output -@load base/frameworks/notice/weird.bro - diff --git a/testing/btest/core/vector-assignment.zeek b/testing/btest/core/vector-assignment.zeek index 8593562892..a66830f713 100644 --- a/testing/btest/core/vector-assignment.zeek +++ b/testing/btest/core/vector-assignment.zeek @@ -2,7 +2,7 @@ # This regression test checks a special case in the vector code. In this case # UnaryExpr will be called with a Type() of any. Tests succeeds if it does not -# crash Bro. +# crash Zeek. type OptionCacheValue: record { val: any; diff --git a/testing/btest/doc/record-add.zeek b/testing/btest/doc/record-add.zeek index baebaaf3f2..1c764cae5f 100644 --- a/testing/btest/doc/record-add.zeek +++ b/testing/btest/doc/record-add.zeek @@ -1,6 +1,6 @@ # @TEST-EXEC: zeek -b %INPUT -# To support documentation of type aliases, Bro clones declared types +# To support documentation of type aliases, Zeek clones declared types # (see add_type() in Var.cc) in order to keep track of type names and aliases. # This test makes sure that the cloning is done in a way that's compatible # with adding fields to a record type -- we want to be sure that cloning diff --git a/testing/btest/language/for.zeek b/testing/btest/language/for.zeek index 246eb47051..6918e78818 100644 --- a/testing/btest/language/for.zeek +++ b/testing/btest/language/for.zeek @@ -53,5 +53,5 @@ event zeek_init() test_case("keys that are tuples", s1 == "1 2 hi"); - # Tests for key value for loop are in key-value-for.bro + # Note: Tests for key value "for" loop are in key-value-for.zeek } diff --git a/testing/btest/language/no-module.zeek b/testing/btest/language/no-module.zeek index 3369e9b14e..f78c9da6c0 100644 --- a/testing/btest/language/no-module.zeek +++ b/testing/btest/language/no-module.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: zeek -b %INPUT secondtestfile >out # @TEST-EXEC: btest-diff out -# This is the same test as "module.bro", but here we omit the module definition +# This is the same test as "module.zeek", but here we omit the module definition global num: count = 123; diff --git a/testing/btest/language/record-bad-ctor.zeek b/testing/btest/language/record-bad-ctor.zeek index 7c465e7dea..40bafa47de 100644 --- a/testing/btest/language/record-bad-ctor.zeek +++ b/testing/btest/language/record-bad-ctor.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out -# At least shouldn't crash Bro, just report the invalid record ctor. +# At least shouldn't crash Zeek, just report the invalid record ctor. global asdfasdf; const blah = [$ports=asdfasdf]; diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index 9470231888..d7cf3fd7b0 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} --install-root=`pwd`/test-install # @TEST-EXEC: make diff --git a/testing/btest/plugins/bifs-and-scripts.sh b/testing/btest/plugins/bifs-and-scripts.sh index 222c961b2d..3cbe9c52d1 100644 --- a/testing/btest/plugins/bifs-and-scripts.sh +++ b/testing/btest/plugins/bifs-and-scripts.sh @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: bash %INPUT # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/file.zeek b/testing/btest/plugins/file.zeek index 9193fc7101..1f87103472 100644 --- a/testing/btest/plugins/file.zeek +++ b/testing/btest/plugins/file.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/file-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/hooks.zeek b/testing/btest/plugins/hooks.zeek index be00e50f5c..11ca139002 100644 --- a/testing/btest/plugins/hooks.zeek +++ b/testing/btest/plugins/hooks.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Hooks +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Hooks # @TEST-EXEC: cp -r %DIR/hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Demo::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output diff --git a/testing/btest/plugins/init-plugin.zeek b/testing/btest/plugins/init-plugin.zeek index c3332f170b..9099e02585 100644 --- a/testing/btest/plugins/init-plugin.zeek +++ b/testing/btest/plugins/init-plugin.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output # @TEST-EXEC: echo === >>output diff --git a/testing/btest/plugins/logging-hooks.zeek b/testing/btest/plugins/logging-hooks.zeek index 46a724957e..a901f14f70 100644 --- a/testing/btest/plugins/logging-hooks.zeek +++ b/testing/btest/plugins/logging-hooks.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Log Hooks +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Log Hooks # @TEST-EXEC: cp -r %DIR/logging-hooks-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Log::Hooks" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output diff --git a/testing/btest/plugins/pktdumper.zeek b/testing/btest/plugins/pktdumper.zeek index 0ed93db5a9..8595c8a278 100644 --- a/testing/btest/plugins/pktdumper.zeek +++ b/testing/btest/plugins/pktdumper.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktdumper-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/pktsrc.zeek b/testing/btest/plugins/pktsrc.zeek index 7aafe490ba..ac88b95162 100644 --- a/testing/btest/plugins/pktsrc.zeek +++ b/testing/btest/plugins/pktsrc.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/pktsrc-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/plugin-nopatchversion.zeek b/testing/btest/plugins/plugin-nopatchversion.zeek index d2460e4abc..19b3fdac62 100644 --- a/testing/btest/plugins/plugin-nopatchversion.zeek +++ b/testing/btest/plugins/plugin-nopatchversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Testing NoPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::NoPatchVersion >> output diff --git a/testing/btest/plugins/plugin-withpatchversion.zeek b/testing/btest/plugins/plugin-withpatchversion.zeek index 4ea5511929..29c5cb7907 100644 --- a/testing/btest/plugins/plugin-withpatchversion.zeek +++ b/testing/btest/plugins/plugin-withpatchversion.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Testing WithPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) zeek -N Testing::WithPatchVersion >> output diff --git a/testing/btest/plugins/protocol.zeek b/testing/btest/plugins/protocol.zeek index 14b2b09ee9..b0d6f89e88 100644 --- a/testing/btest/plugins/protocol.zeek +++ b/testing/btest/plugins/protocol.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/protocol-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/reader.zeek b/testing/btest/plugins/reader.zeek index 2c62db375d..0b0b2c4916 100644 --- a/testing/btest/plugins/reader.zeek +++ b/testing/btest/plugins/reader.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/reader-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/plugins/reporter-hook.zeek b/testing/btest/plugins/reporter-hook.zeek index 6c6c1fe323..1987b4e22b 100644 --- a/testing/btest/plugins/reporter-hook.zeek +++ b/testing/btest/plugins/reporter-hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Reporter Hook +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Reporter Hook # @TEST-EXEC: cp -r %DIR/reporter-hook-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_ACTIVATE="Reporter::Hook" BRO_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output diff --git a/testing/btest/plugins/writer.zeek b/testing/btest/plugins/writer.zeek index a10f4fb218..62224ece33 100644 --- a/testing/btest/plugins/writer.zeek +++ b/testing/btest/plugins/writer.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo +# @TEST-EXEC: ${DIST}/aux/zeek-aux/plugin-support/init-plugin -u . Demo Foo # @TEST-EXEC: cp -r %DIR/writer-plugin/* . # @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` zeek -NN Demo::Foo >>output diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek index a417f8a42c..8f493947fa 100644 --- a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 21 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek index 4149c33277..3c5db1147e 100644 --- a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.desc meta.url diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek index a7a9bcc7af..f0f5e59511 100644 --- a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.desc meta.url diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek index 41a018efa4..ab6399f45b 100644 --- a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek +++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: cat broproc/intel.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/intel.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek index 960c55f3c2..3dfcb9e334 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: cat broproc/reporter.log > output -# @TEST-EXEC: cat broproc/.stdout >> output +# @TEST-EXEC: cat zeekproc/reporter.log > output +# @TEST-EXEC: cat zeekproc/.stdout >> output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff output # @TEST-START-FILE intel.dat diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.zeek b/testing/btest/scripts/base/frameworks/logging/rotate.zeek index a7ae0df75a..235bc3829f 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1 -# @TEST-EXEC: grep "test" bro.out | sort >out +# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >zeek.out 2>&1 +# @TEST-EXEC: grep "test" zeek.out | sort >out # @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/misc/version.zeek b/testing/btest/scripts/base/misc/version.zeek index da911425e6..9826c69d58 100644 --- a/testing/btest/scripts/base/misc/version.zeek +++ b/testing/btest/scripts/base/misc/version.zeek @@ -21,7 +21,7 @@ print Version::parse("12.5"); print Version::parse("1.12-beta-drunk"); print Version::parse("JustARandomString"); -# check that current running version of Bro parses without error +# check that current running version of Zeek parses without error Version::parse(bro_version()); @TEST-START-NEXT diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb.test b/testing/btest/scripts/base/protocols/krb/smb2_krb.test index 38b6f592f4..a5ffd20ebc 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test @@ -2,7 +2,7 @@ # Kerberos analyzer can open the AD ticket in the Negociate # Protocol Request and find the user. # -# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab # @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test index e54b0d4ece..557b0128b5 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test @@ -1,7 +1,7 @@ # This test verifies that without a keytab file no entries are # created and no errors happen. # -# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h +# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab # @TEST-EXEC: zeek -C -r $TRACES/krb/smb2_krb.pcap %INPUT diff --git a/testing/btest/scripts/base/protocols/modbus/exception_handling.test b/testing/btest/scripts/base/protocols/modbus/exception_handling.test index cb62bd7a3b..b249fd33b0 100644 --- a/testing/btest/scripts/base/protocols/modbus/exception_handling.test +++ b/testing/btest/scripts/base/protocols/modbus/exception_handling.test @@ -5,4 +5,4 @@ # the binpac-generated analyzer code to throw a binpac::ExceptionOutOfBound. # This should be correctly caught as a type of binpac::Exception and the # binpac::ModbusTCP::Exception type that's defined as part of the analyzer -# shouldn't interfere with that handling and definitely shouldn't crash bro. +# shouldn't interfere with that handling and definitely shouldn't crash Zeek. diff --git a/testing/btest/scripts/base/protocols/mysql/encrypted.test b/testing/btest/scripts/base/protocols/mysql/encrypted.test index 0f806e4e25..d6bfb0a271 100644 --- a/testing/btest/scripts/base/protocols/mysql/encrypted.test +++ b/testing/btest/scripts/base/protocols/mysql/encrypted.test @@ -1,8 +1,9 @@ -# This tests how Bro deals with encrypted connections. Right now, it doesn't log them as it -# can't parse much of value. We're testing for an empty mysql.log file. +# This tests how Zeek deals with encrypted connections. Right now, it +# doesn't log them as it can't parse much of value. We're testing for an +# empty mysql.log file. # @TEST-EXEC: touch mysql.log # @TEST-EXEC: zeek -b -r $TRACES/mysql/encrypted.trace %INPUT # @TEST-EXEC: btest-diff mysql.log -@load base/protocols/mysql \ No newline at end of file +@load base/protocols/mysql diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index 2f11f84df1..ce405cb405 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -1,4 +1,4 @@ -# This tests if Bro does not crash when exposed to CVE-2015-3194 +# This tests if Zeek does not crash when exposed to CVE-2015-3194 # @TEST-EXEC: zeek -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.zeek b/testing/btest/scripts/policy/frameworks/intel/removal.zeek index 7ca2bd5541..fe2938e711 100644 --- a/testing/btest/scripts/policy/frameworks/intel/removal.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/removal.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: btest-bg-run broproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT # @TEST-EXEC: btest-bg-wait -k 5 -# @TEST-EXEC: btest-diff broproc/intel.log +# @TEST-EXEC: btest-diff zeekproc/intel.log @TEST-START-FILE intel.dat #fields indicator indicator_type meta.source meta.remove diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test index 036f9184b0..1627b00523 100644 --- a/testing/btest/scripts/site/local-compat.test +++ b/testing/btest/scripts/site/local-compat.test @@ -1,14 +1,14 @@ # @TEST-EXEC: zeek local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro # This tests the compatibility of the past release's site/local.bro -# script with the current version of Bro. If the test fails because +# script with the current version of Zeek. If the test fails because # it doesn't find the right file, that means everything stayed # compatibile between releases, so just add a TEST-START-FILE with -# the contents the latest Bro version's site/local.zeek script. +# the contents the latest Zeek version's site/local.zeek script. # If the test fails while loading the old local.bro, it usually # indicates a note will need to be made in NEWS explaining to users # how to migrate to the new version and this test's TEST-START-FILE -# should be updated with the latest contents of site/local.bro. +# should be updated with the latest contents of site/local.zeek. @TEST-START-FILE local-2.6.bro ##! Local site policy. Customize as appropriate. diff --git a/testing/coverage/README b/testing/coverage/README index d1352640f2..cc21827817 100644 --- a/testing/coverage/README +++ b/testing/coverage/README @@ -1,5 +1,5 @@ -On a Bro build configured with --enable-coverage, this script produces a code -coverage report after Bro has been invoked. The intended application of this +On a Zeek build configured with --enable-coverage, this script produces a code +coverage report after Zeek has been invoked. The intended application of this script is after the btest testsuite has run. This combination (btests first, coverage computation afterward) happens automatically when running "make" in the testing directory. This script puts .gcov files (which are included in diff --git a/testing/coverage/code_coverage.sh b/testing/coverage/code_coverage.sh index 758b2fa915..79999abe19 100755 --- a/testing/coverage/code_coverage.sh +++ b/testing/coverage/code_coverage.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -# On a Bro build configured with --enable-coverage, this script -# produces a code coverage report after Bro has been invoked. The +# On a Zeek build configured with --enable-coverage, this script +# produces a code coverage report after Zeek has been invoked. The # intended application of this script is after the btest testsuite has # run. This combination (btests first, coverage computation afterward) # happens automatically when running "make" in the testing directory. @@ -12,7 +12,7 @@ # 1. Run test suite # 2. Check for .gcda files existing. # 3a. Run gcov (-p to preserve path) -# 3b. Prune .gcov files for objects outside of the Bro tree +# 3b. Prune .gcov files for objects outside of the Zeek tree # 4a. Analyze .gcov files generated and create summary file # 4b. Send .gcov files to appropriate path # @@ -52,7 +52,7 @@ function check_file_coverage { function check_group_coverage { DATA="$1" # FILE CONTAINING COVERAGE DATA - SRC_FOLDER="$2" # WHERE BRO WAS COMPILED + SRC_FOLDER="$2" # WHERE ZEEK WAS COMPILED OUTPUT="$3" # Prints all the relevant directories @@ -117,9 +117,9 @@ else exit 1 fi -# 3b. Prune gcov files that fall outside of the Bro tree: +# 3b. Prune gcov files that fall outside of the Zeek tree: # Look for files containing gcov's slash substitution character "#" -# and remove any that don't contain the Bro path root. +# and remove any that don't contain the Zeek path root. echo -n "Pruning out-of-tree coverage files... " PREFIX=$(echo "$BASE" | sed 's|/|#|g') for i in "$TMP"/*#*.gcov; do diff --git a/testing/coverage/lcov_html.sh b/testing/coverage/lcov_html.sh index c729b2145c..f17e583e2c 100755 --- a/testing/coverage/lcov_html.sh +++ b/testing/coverage/lcov_html.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -# On a Bro build configured with --enable-coverage, this script -# produces a code coverage report in HTML format after Bro has been invoked. The +# On a Zeek build configured with --enable-coverage, this script +# produces a code coverage report in HTML format after Zeek has been invoked. The # intended application of this script is after the btest testsuite has run. # This depends on lcov to run. diff --git a/testing/external/README b/testing/external/README index ee6d71979e..6ab327b581 100644 --- a/testing/external/README +++ b/testing/external/README @@ -2,9 +2,9 @@ Test Suite for Large Trace Files ================================ -This test-suite runs more complex Bro configurations on larger trace +This test-suite runs more complex Zeek configurations on larger trace files, and compares the results to a pre-established baseline. Due to -their size, both traces and baseline are not part of the main Bro +their size, both traces and baseline are not part of the main Zeek repository but kept externally. In addition to the publically provided files, one can also add a local set to the test-suite for running on private traces. @@ -60,7 +60,7 @@ To update a test's baseline, first run ``btest`` in update mode: .. console: - > cd bro-testing + > cd zeek-testing > btest -u tests/test-you-want-to-update Then use ``git`` to commit the changes and push the changes upstream diff --git a/testing/external/scripts/diff-all b/testing/external/scripts/diff-all index d51f3b294f..0caa5078be 100755 --- a/testing/external/scripts/diff-all +++ b/testing/external/scripts/diff-all @@ -27,7 +27,7 @@ for i in `echo $files_cwd $files_baseline | sort | uniq`; do if [[ "$i" == "reporter.log" ]]; then # Do not diff the reporter.log if it only complains about missing # GeoIP support. - if ! egrep -v "^#|Bro was not configured for GeoIP support" $i; then + if ! egrep -v "^#|Zeek was not configured for GeoIP support" $i; then continue fi fi diff --git a/testing/external/scripts/perftools-adapt-paths b/testing/external/scripts/perftools-adapt-paths index cfecd39993..cbfaa610ab 100755 --- a/testing/external/scripts/perftools-adapt-paths +++ b/testing/external/scripts/perftools-adapt-paths @@ -5,6 +5,6 @@ # # Returns an exit code > 0 if there's a leak. -cat $1 | sed "s#bro *\"\./#../../../build/src/bro \".tmp/$TEST_NAME/#g" | sed 's/ *--gv//g' >$1.tmp && mv $1.tmp $1 +cat $1 | sed "s#zeek *\"\./#../../../build/src/zeek \".tmp/$TEST_NAME/#g" | sed 's/ *--gv//g' >$1.tmp && mv $1.tmp $1 grep -qv "detected leaks of" $1 diff --git a/testing/external/scripts/skel/test.skeleton b/testing/external/scripts/skel/test.skeleton index a76f3d4d09..aa32e72e7a 100644 --- a/testing/external/scripts/skel/test.skeleton +++ b/testing/external/scripts/skel/test.skeleton @@ -1,4 +1,4 @@ -# @TEST-EXEC: zcat $TRACES/trace.gz | bro -r - %INPUT +# @TEST-EXEC: zcat $TRACES/trace.gz | zeek -r - %INPUT # @TEST-EXEC: $SCRIPTS/diff-all '*.log' @load testing-setup diff --git a/testing/external/scripts/testing-setup.zeek b/testing/external/scripts/testing-setup.zeek index d24813e1fc..18e7c4783f 100644 --- a/testing/external/scripts/testing-setup.zeek +++ b/testing/external/scripts/testing-setup.zeek @@ -9,6 +9,6 @@ @ifdef ( LogAscii::use_json ) # Don't start logging everything as JSON. - # (json-logs.bro activates this). + # (json-logs.zeek activates this). redef LogAscii::use_json = F; @endif diff --git a/testing/scripts/coverage-calc b/testing/scripts/coverage-calc index df12e0c86f..3645f57144 100755 --- a/testing/scripts/coverage-calc +++ b/testing/scripts/coverage-calc @@ -1,12 +1,12 @@ #! /usr/bin/env python -# This script aggregates many files containing Bro script coverage information +# This script aggregates many files containing Zeek script coverage information # into a single file and reports the overall coverage information. Usage: # # coverage-calc