From 9322c063cc59cc2a52716da85b6e55cbb5c351f5 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 8 Aug 2011 22:12:40 -0700 Subject: [PATCH 01/16] Some working code. Adds UID pools classified by string. Just compiles and runs; need to go back through and make sure this code is actually doing what I want it to do. Note: Added new function unique_id_from(pool: string, prefix: string) that allows the user to explicitly specify a randomness pool to use when generating unique IDs. --- src/bro.bif | 8 ++- src/util.cc | 73 +++++++++++++++++------- src/util.h | 3 + testing/btest/bifs/unique_id-rnd.bro | 3 + testing/btest/bifs/unique_id.bro | 3 + testing/btest/btest.cfg | 1 + testing/btest/profiles/default/finish | 2 + testing/btest/profiles/default/setup | 2 + testing/btest/profiles/default/supported | 2 + testing/btest/profiles/default/transform | 2 + 10 files changed, 78 insertions(+), 21 deletions(-) create mode 100755 testing/btest/profiles/default/finish create mode 100755 testing/btest/profiles/default/setup create mode 100755 testing/btest/profiles/default/supported create mode 100755 testing/btest/profiles/default/transform diff --git a/src/bro.bif b/src/bro.bif index d3bbd7c072..0aa6850b18 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3414,10 +3414,16 @@ function bro_has_ipv6%(%) : bool function unique_id%(prefix: string%) : string %{ char tmp[20]; - uint64 uid = calculate_unique_id(); + uint64 uid = calculate_unique_id(BRO_SCRIPT_UID_POOL); return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} +function unique_id_from%(pool: string, prefix: string%) : string + %{ + char tmp[20]; + uint64 uid = calculate_unique_id(string((const char *)pool->Bytes(), pool->Len())); + return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); + %} %%{ #include #include diff --git a/src/util.cc b/src/util.cc index 528a505f60..70c65713af 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1206,15 +1206,30 @@ int time_compare(struct timeval* tv_a, struct timeval* tv_b) return tv_a->tv_sec - tv_b->tv_sec; } -static uint64 uid_counter; // Counter for unique IDs. -static uint64 uid_instance; // Instance ID, computed once. +struct BroUidEntry +{ + uint64 instance; + uint64 counter; + BroUidEntry(const uint64 i) + : instance(i), counter(0) { } +}; + +static std::map uid_pool; +static const std::string default_pool = string(BRO_DEFAULT_UID_POOL); uint64 calculate_unique_id() { - if ( uid_instance == 0 ) - { - // This is the first time we need a UID. + return calculate_unique_id(default_pool); + } +uint64 calculate_unique_id(const std::string& pool) + { + uint64 uid_instance = 0; + std::map::iterator pool_iter = uid_pool.find(pool); + if ( pool_iter == uid_pool.end() ) + { + // This is the first time we need a UID for this pool. + const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name if ( ! have_random_seed() ) { // If we don't need deterministic output (as @@ -1222,14 +1237,16 @@ uint64 calculate_unique_id() // instance ID by hashing something likely to be // globally unique. struct { - char hostname[128]; + char hostname[96]; + char pool[32]; struct timeval time; pid_t pid; int rnd; } unique; memset(&unique, 0, sizeof(unique)); // Make valgrind happy. - gethostname(unique.hostname, 128); + gethostname(unique.hostname, 96); + memcpy(unique.pool, pool.c_str(), pool_sz); unique.hostname[sizeof(unique.hostname)-1] = '\0'; gettimeofday(&unique.time, 0); unique.pid = getpid(); @@ -1238,22 +1255,38 @@ uint64 calculate_unique_id() uid_instance = HashKey::HashBytes(&unique, sizeof(unique)); ++uid_instance; // Now it's larger than zero. } - else - // Generate determistic UIDs. - uid_instance = 1; + { + // Generate determistic UIDs for each individual pool + uid_instance = HashKey::HashBytes(pool.c_str(), strnlen(pool.c_str(), pool_sz)); + } + // Guarantee no collisions (keep hashing until we get a unique instance) + bool found_collision = true; + while(found_collision) + { + found_collision = false; + for(pool_iter = uid_pool.begin(); pool_iter != uid_pool.end(); ++pool_iter) + { + if(pool_iter->second.instance == uid_instance) + { + found_collision = true; + uid_instance = HashKey::HashBytes(&uid_instance, sizeof(uid_instance)); + } + } + } + // Our instance is unique. Huzzah. + uid_pool.insert(std::make_pair(pool, BroUidEntry(uid_instance))); + pool_iter = uid_pool.end(); } + + if(pool_iter == uid_pool.end()) + { + pool_iter = uid_pool.find(pool); + } + assert(pool_iter != uid_pool.end()); // After all that work, wouldn't it be a shame...? + ++(pool_iter->second.counter); - // Now calculate the unique ID. - struct { - uint64 counter; - hash_t instance; - } key; - - key.counter = ++uid_counter; - key.instance = uid_instance; - - uint64_t h = HashKey::HashBytes(&key, sizeof(key)); + uint64_t h = HashKey::HashBytes(&(pool_iter->second), sizeof(pool_iter->second)); return h; } diff --git a/src/util.h b/src/util.h index 82c86da950..e104169af2 100644 --- a/src/util.h +++ b/src/util.h @@ -226,7 +226,10 @@ extern int time_compare(struct timeval* tv_a, struct timeval* tv_b); // Returns an integer that's very likely to be unique, even across Bro // instances. +#define BRO_DEFAULT_UID_POOL "bro" +#define BRO_SCRIPT_UID_POOL "bro script" extern uint64 calculate_unique_id(); +extern uint64 calculate_unique_id(const std::string& pool); // For now, don't use hash_maps - they're not fully portable. #if 0 diff --git a/testing/btest/bifs/unique_id-rnd.bro b/testing/btest/bifs/unique_id-rnd.bro index d3b3b85849..fdb04e05bc 100644 --- a/testing/btest/bifs/unique_id-rnd.bro +++ b/testing/btest/bifs/unique_id-rnd.bro @@ -7,3 +7,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); +print unique_id_from("alpha", "D-"); +print unique_id_from("beta", "E-"); +print unique_id_from("beta", "F-"); diff --git a/testing/btest/bifs/unique_id.bro b/testing/btest/bifs/unique_id.bro index d421803aa0..1451426556 100644 --- a/testing/btest/bifs/unique_id.bro +++ b/testing/btest/bifs/unique_id.bro @@ -5,3 +5,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); +print unique_id_from("alpha", "D-"); +print unique_id_from("beta", "E-"); +print unique_id_from("beta", "F-"); diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 1aa7b28f25..d33d533b28 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -1,4 +1,5 @@ [btest] +ProfileDir = profiles TestDirs = doc bifs language core policy istate TmpDir = %(testbase)s/.tmp BaselineDir = %(testbase)s/Baseline diff --git a/testing/btest/profiles/default/finish b/testing/btest/profiles/default/finish new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/finish @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + diff --git a/testing/btest/profiles/default/setup b/testing/btest/profiles/default/setup new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/setup @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + diff --git a/testing/btest/profiles/default/supported b/testing/btest/profiles/default/supported new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/supported @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + diff --git a/testing/btest/profiles/default/transform b/testing/btest/profiles/default/transform new file mode 100755 index 0000000000..20d602bdd3 --- /dev/null +++ b/testing/btest/profiles/default/transform @@ -0,0 +1,2 @@ +#!/usr/bin/env bash + From 90bad36e49112f13df3faca0c93aa49970260c91 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 8 Aug 2011 22:50:36 -0700 Subject: [PATCH 02/16] Simple test to verify various pools are not affecting each other. --- testing/btest/bifs/unique_id-pools.bro | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 testing/btest/bifs/unique_id-pools.bro diff --git a/testing/btest/bifs/unique_id-pools.bro b/testing/btest/bifs/unique_id-pools.bro new file mode 100644 index 0000000000..d8c3e9aa5f --- /dev/null +++ b/testing/btest/bifs/unique_id-pools.bro @@ -0,0 +1,27 @@ +# +# @TEST-EXEC: bro order_rand | sort >out.1 +# @TEST-EXEC: bro order_base | sort >out.2 +# @TEST-EXEC: cmp out.1 out.2 + +@TEST-START-FILE order_rand.bro + +print unique_id("A-"); +print unique_id_from("beta", "E-"); +print unique_id("B-"); +print unique_id_from("alpha", "D-"); +print unique_id("C-"); +print unique_id_from("beta", "F-"); + +@TEST-END-FILE + +@TEST-START-FILE order_base.bro + +print unique_id("A-"); +print unique_id("B-"); +print unique_id("C-"); +print unique_id_from("alpha", "D-"); +print unique_id_from("beta", "E-"); +print unique_id_from("beta", "F-"); + +@TEST-END-FILE + From df142b9c4b204f0d4b3ed57fc5a341b775f97141 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 8 Aug 2011 23:16:16 -0700 Subject: [PATCH 03/16] Testing long (>32 character) pool names. --- .../btest/bifs/unique_id-long-pool-names.bro | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 testing/btest/bifs/unique_id-long-pool-names.bro diff --git a/testing/btest/bifs/unique_id-long-pool-names.bro b/testing/btest/bifs/unique_id-long-pool-names.bro new file mode 100644 index 0000000000..de770ed412 --- /dev/null +++ b/testing/btest/bifs/unique_id-long-pool-names.bro @@ -0,0 +1,35 @@ +# Tests to ensure that collisions are resolved correctly. Note that pools only use the +# first 32 characters of their name to generate randomness. Thus, hashes of pools with +# more than 32 characters will be the same, inducing a collision. When this happens, +# the hash is repeated until an unused instance ID is determined. +# +# The order here is expected to be deterministic *if and only if* the first entries for +# each individual pool are created in a common order (e.g. ...7890 is created before +# ...7891 is created before ...7892). +# +# @TEST-EXEC: bro order_rand | sort >out.1 +# @TEST-EXEC: bro order_base | sort >out.2 +# @TEST-EXEC: cmp out.1 out.2 + +@TEST-START-FILE order_rand.bro + +print unique_id_from("1234567890123456789012345678901234567890", "A-"); +print unique_id_from("1234567890123456789012345678901234567891", "B-"); +print unique_id_from("1234567890123456789012345678901234567890", "C-"); +print unique_id_from("1234567890123456789012345678901234567891", "D-"); +print unique_id_from("1234567890123456789012345678901234567890", "E-"); +print unique_id_from("1234567890123456789012345678901234567892", "F-"); + +@TEST-END-FILE + +@TEST-START-FILE order_base.bro + +print unique_id_from("1234567890123456789012345678901234567890", "A-"); +print unique_id_from("1234567890123456789012345678901234567890", "C-"); +print unique_id_from("1234567890123456789012345678901234567890", "E-"); +print unique_id_from("1234567890123456789012345678901234567891", "B-"); +print unique_id_from("1234567890123456789012345678901234567891", "D-"); +print unique_id_from("1234567890123456789012345678901234567892", "F-"); + +@TEST-END-FILE + From e21feb8487e3ae14c6d2d0de01b9c5f41b317145 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Tue, 9 Aug 2011 09:44:31 -0700 Subject: [PATCH 04/16] A few minor tweaks to make code less braindead. Fixed-length piece of pool name now only used to hash when determinism is not required; otherwise, whole pool name is used. Note that collisions between pool name hashes will lead to sensitivity to initialization order within the UID generator. --- src/util.cc | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/util.cc b/src/util.cc index 70c65713af..85e9321bfc 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1229,13 +1229,13 @@ uint64 calculate_unique_id(const std::string& pool) if ( pool_iter == uid_pool.end() ) { // This is the first time we need a UID for this pool. - const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name if ( ! have_random_seed() ) { // If we don't need deterministic output (as // indicated by a set seed), we calculate the // instance ID by hashing something likely to be // globally unique. + const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name struct { char hostname[96]; char pool[32]; @@ -1258,7 +1258,7 @@ uint64 calculate_unique_id(const std::string& pool) else { // Generate determistic UIDs for each individual pool - uid_instance = HashKey::HashBytes(pool.c_str(), strnlen(pool.c_str(), pool_sz)); + uid_instance = HashKey::HashBytes(pool.c_str(), pool.length()); } // Guarantee no collisions (keep hashing until we get a unique instance) bool found_collision = true; @@ -1276,16 +1276,10 @@ uint64 calculate_unique_id(const std::string& pool) } // Our instance is unique. Huzzah. uid_pool.insert(std::make_pair(pool, BroUidEntry(uid_instance))); - pool_iter = uid_pool.end(); - } - - if(pool_iter == uid_pool.end()) - { pool_iter = uid_pool.find(pool); } assert(pool_iter != uid_pool.end()); // After all that work, wouldn't it be a shame...? ++(pool_iter->second.counter); - uint64_t h = HashKey::HashBytes(&(pool_iter->second), sizeof(pool_iter->second)); return h; } From 8feae0b7a70ac03f8455f687d4325e424f2578ee Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Tue, 9 Aug 2011 09:47:47 -0700 Subject: [PATCH 05/16] Test no longer relevant. Need a way to generate and test collisions. --- .../btest/bifs/unique_id-long-pool-names.bro | 35 ------------------- 1 file changed, 35 deletions(-) delete mode 100644 testing/btest/bifs/unique_id-long-pool-names.bro diff --git a/testing/btest/bifs/unique_id-long-pool-names.bro b/testing/btest/bifs/unique_id-long-pool-names.bro deleted file mode 100644 index de770ed412..0000000000 --- a/testing/btest/bifs/unique_id-long-pool-names.bro +++ /dev/null @@ -1,35 +0,0 @@ -# Tests to ensure that collisions are resolved correctly. Note that pools only use the -# first 32 characters of their name to generate randomness. Thus, hashes of pools with -# more than 32 characters will be the same, inducing a collision. When this happens, -# the hash is repeated until an unused instance ID is determined. -# -# The order here is expected to be deterministic *if and only if* the first entries for -# each individual pool are created in a common order (e.g. ...7890 is created before -# ...7891 is created before ...7892). -# -# @TEST-EXEC: bro order_rand | sort >out.1 -# @TEST-EXEC: bro order_base | sort >out.2 -# @TEST-EXEC: cmp out.1 out.2 - -@TEST-START-FILE order_rand.bro - -print unique_id_from("1234567890123456789012345678901234567890", "A-"); -print unique_id_from("1234567890123456789012345678901234567891", "B-"); -print unique_id_from("1234567890123456789012345678901234567890", "C-"); -print unique_id_from("1234567890123456789012345678901234567891", "D-"); -print unique_id_from("1234567890123456789012345678901234567890", "E-"); -print unique_id_from("1234567890123456789012345678901234567892", "F-"); - -@TEST-END-FILE - -@TEST-START-FILE order_base.bro - -print unique_id_from("1234567890123456789012345678901234567890", "A-"); -print unique_id_from("1234567890123456789012345678901234567890", "C-"); -print unique_id_from("1234567890123456789012345678901234567890", "E-"); -print unique_id_from("1234567890123456789012345678901234567891", "B-"); -print unique_id_from("1234567890123456789012345678901234567891", "D-"); -print unique_id_from("1234567890123456789012345678901234567892", "F-"); - -@TEST-END-FILE - From 066ca80ab452c40a0b07e8d0adf0231e84331cfb Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Sun, 14 Aug 2011 22:16:46 -0700 Subject: [PATCH 06/16] Updating tests. --- .../btest/Baseline/bifs.unique_id-rnd/count | 2 +- testing/btest/Baseline/bifs.unique_id/out | 9 ++- testing/btest/Baseline/core.conn-uid/output | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc2 | 78 +++++++++---------- .../core.print-bpf-filters-ipv4/conn.log | 2 +- .../btest/Baseline/core.vlan-mpls/conn.log | 6 +- .../istate.events-ssl/receiver.http.log | 2 +- .../istate.events-ssl/sender.http.log | 2 +- .../Baseline/istate.events/receiver.http.log | 2 +- .../Baseline/istate.events/sender.http.log | 2 +- .../dns.log | 2 +- .../http.log | 10 +-- .../http.log | 10 +-- .../policy.protocols.irc.basic/irc.log | 8 +- .../policy.protocols.irc.dcc-extract/irc.log | 8 +- 16 files changed, 151 insertions(+), 148 deletions(-) diff --git a/testing/btest/Baseline/bifs.unique_id-rnd/count b/testing/btest/Baseline/bifs.unique_id-rnd/count index 1e8b314962..48082f72f0 100644 --- a/testing/btest/Baseline/bifs.unique_id-rnd/count +++ b/testing/btest/Baseline/bifs.unique_id-rnd/count @@ -1 +1 @@ -6 +12 diff --git a/testing/btest/Baseline/bifs.unique_id/out b/testing/btest/Baseline/bifs.unique_id/out index f1275a52d4..4462de460b 100644 --- a/testing/btest/Baseline/bifs.unique_id/out +++ b/testing/btest/Baseline/bifs.unique_id/out @@ -1,3 +1,6 @@ -A-UWkUyAuUGXf -B-56gKBmhBBB6 -C-50da4BEzauh +A-QEredbF4G74 +B-GPd09JY6cn6 +C-enbKRz0Bp0a +D-kZIfYOWUxVi +E-kWcyWkqbEUg +F-irFNiS1QPpg diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output index ff6514e133..e07e83120e 100644 --- a/testing/btest/Baseline/core.conn-uid/output +++ b/testing/btest/Baseline/core.conn-uid/output @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff diff --git a/testing/btest/Baseline/core.conn-uid/output.cc b/testing/btest/Baseline/core.conn-uid/output.cc index ff6514e133..e07e83120e 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc +++ b/testing/btest/Baseline/core.conn-uid/output.cc @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff diff --git a/testing/btest/Baseline/core.conn-uid/output.cc2 b/testing/btest/Baseline/core.conn-uid/output.cc2 index ff6514e133..e07e83120e 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc2 +++ b/testing/btest/Baseline/core.conn-uid/output.cc2 @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log index a744346519..899c8e13e7 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -1128727435.450898 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1128727435.450898 fy6xiLr8WMl 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index 1d46bd7ab1..8a135818c8 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - -1128727435.450898 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf -1278600802.069419 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF +952109346.874907 fy6xiLr8WMl 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - +1128727435.450898 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1278600802.069419 TydSZAPSnUf 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index 2e56522dae..ad5c544954 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index 2e56522dae..ad5c544954 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 38ba563dc7..b95de8511e 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 38ba563dc7..b95de8511e 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log index 6a5b6c6044..867880cfed 100644 --- a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log +++ b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z TTL answers auth addl -930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - +930613226.529070 fy6xiLr8WMl 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - diff --git a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log index ee07722d92..50738b4760 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - -1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - -1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - -1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - -1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - +1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - +1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - +1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - +1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - +1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - diff --git a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log index 1c9e7eb7d6..9b22b581a2 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied md5 extraction_file -1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - -1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - -1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - -1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - -1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - +1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - +1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - +1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - +1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - +1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - diff --git a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log index bea67dcf5b..126cce3bca 100644 --- a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - -1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - -1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - +1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - +1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log index fcb002698e..df2aabbdd3 100644 --- a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - -1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - -1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - -1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - +1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - +1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - +1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat From 7bea71a2c2a541cae68429666e3d8561ae104c70 Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 15 Aug 2011 15:47:39 -0700 Subject: [PATCH 07/16] Updated uid pools to use integer values instead of strings. --- src/bro.bif | 4 +- src/util.cc | 57 ++++++++------ src/util.h | 6 +- testing/btest/Baseline/bifs.unique_id/out | 12 +-- testing/btest/Baseline/core.conn-uid/output | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc | 78 +++++++++---------- .../btest/Baseline/core.conn-uid/output.cc2 | 78 +++++++++---------- .../core.print-bpf-filters-ipv4/conn.log | 2 +- .../btest/Baseline/core.vlan-mpls/conn.log | 6 +- .../istate.events-ssl/receiver.http.log | 2 +- .../istate.events-ssl/sender.http.log | 2 +- .../Baseline/istate.events/receiver.http.log | 2 +- .../Baseline/istate.events/sender.http.log | 2 +- .../dns.log | 2 +- .../http.log | 10 +-- .../http.log | 10 +-- .../policy.protocols.irc.basic/irc.log | 8 +- .../policy.protocols.irc.dcc-extract/irc.log | 8 +- .../policy.protocols.smtp.basic/smtp.log | 2 +- .../smtp_entities.log | 6 +- .../smtp_entities.log | 6 +- testing/btest/bifs/unique_id-pools.bro | 12 +-- testing/btest/bifs/unique_id-rnd.bro | 6 +- testing/btest/bifs/unique_id.bro | 6 +- 24 files changed, 209 insertions(+), 196 deletions(-) diff --git a/src/bro.bif b/src/bro.bif index a2185534b0..6c450c044a 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3418,10 +3418,10 @@ function unique_id%(prefix: string%) : string return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} -function unique_id_from%(pool: string, prefix: string%) : string +function unique_id_from%(pool: int, prefix: string%) : string %{ char tmp[20]; - uint64 uid = calculate_unique_id(string((const char *)pool->Bytes(), pool->Len())); + uint64 uid = calculate_unique_id(pool); return new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} %%{ diff --git a/src/util.cc b/src/util.cc index fa772bc8f8..82daa49adc 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1184,25 +1184,38 @@ int time_compare(struct timeval* tv_a, struct timeval* tv_b) struct BroUidEntry { - uint64 instance; - uint64 counter; + struct BroUidKey + { + uint64 instance; + uint64 counter; + BroUidKey(uint64 i, uint64 c) + : instance(i), counter(c) { } + } key; + bool needs_init; + BroUidEntry(const uint64 i) - : instance(i), counter(0) { } + : key(i, 0), needs_init(false) { } + + BroUidEntry() + : key(0, 0), needs_init(true) { } }; -static std::map uid_pool; -static const std::string default_pool = string(BRO_DEFAULT_UID_POOL); +static std::vector uid_pool; uint64 calculate_unique_id() { - return calculate_unique_id(default_pool); + return calculate_unique_id(BRO_DEFAULT_UID_POOL); } -uint64 calculate_unique_id(const std::string& pool) +uint64 calculate_unique_id(const size_t pool) { uint64 uid_instance = 0; - std::map::iterator pool_iter = uid_pool.find(pool); - if ( pool_iter == uid_pool.end() ) + if(uid_pool.size() <= pool) + { + assert(pool < 100000); // ... Yeah. No. + uid_pool.resize(pool + 1); + } + if ( uid_pool[pool].needs_init ) { // This is the first time we need a UID for this pool. if ( ! have_random_seed() ) @@ -1211,18 +1224,17 @@ uint64 calculate_unique_id(const std::string& pool) // indicated by a set seed), we calculate the // instance ID by hashing something likely to be // globally unique. - const size_t pool_sz = (pool.length() < 32) ? pool.length() : 32; //Only keep the first 32 characters of the pool name struct { - char hostname[96]; - char pool[32]; + char hostname[120]; + uint64 pool; struct timeval time; pid_t pid; int rnd; } unique; memset(&unique, 0, sizeof(unique)); // Make valgrind happy. - gethostname(unique.hostname, 96); - memcpy(unique.pool, pool.c_str(), pool_sz); + gethostname(unique.hostname, 120); + memcpy(&unique.pool, &pool, sizeof(pool)); unique.hostname[sizeof(unique.hostname)-1] = '\0'; gettimeofday(&unique.time, 0); unique.pid = getpid(); @@ -1234,16 +1246,16 @@ uint64 calculate_unique_id(const std::string& pool) else { // Generate determistic UIDs for each individual pool - uid_instance = HashKey::HashBytes(pool.c_str(), pool.length()); + uid_instance = pool; } // Guarantee no collisions (keep hashing until we get a unique instance) bool found_collision = true; while(found_collision) { found_collision = false; - for(pool_iter = uid_pool.begin(); pool_iter != uid_pool.end(); ++pool_iter) + for(size_t i = 0; i < uid_pool.size(); ++i) { - if(pool_iter->second.instance == uid_instance) + if(!uid_pool[i].needs_init && uid_pool[i].key.instance == uid_instance) { found_collision = true; uid_instance = HashKey::HashBytes(&uid_instance, sizeof(uid_instance)); @@ -1251,12 +1263,13 @@ uint64 calculate_unique_id(const std::string& pool) } } // Our instance is unique. Huzzah. - uid_pool.insert(std::make_pair(pool, BroUidEntry(uid_instance))); - pool_iter = uid_pool.find(pool); + uid_pool[pool] = BroUidEntry(uid_instance); + uid_pool[pool].needs_init = false; } - assert(pool_iter != uid_pool.end()); // After all that work, wouldn't it be a shame...? - ++(pool_iter->second.counter); - uint64_t h = HashKey::HashBytes(&(pool_iter->second), sizeof(pool_iter->second)); + ++(uid_pool[pool].key.counter); + assert(!uid_pool[pool].needs_init); + assert(uid_pool[pool].key.instance != 0); + uint64_t h = HashKey::HashBytes(&(uid_pool[pool].key), sizeof(uid_pool[pool].key)); return h; } diff --git a/src/util.h b/src/util.h index 3647e85db8..299926c057 100644 --- a/src/util.h +++ b/src/util.h @@ -226,10 +226,10 @@ extern int time_compare(struct timeval* tv_a, struct timeval* tv_b); // Returns an integer that's very likely to be unique, even across Bro // instances. -#define BRO_DEFAULT_UID_POOL "bro" -#define BRO_SCRIPT_UID_POOL "bro script" +#define BRO_DEFAULT_UID_POOL 1 +#define BRO_SCRIPT_UID_POOL 2 extern uint64 calculate_unique_id(); -extern uint64 calculate_unique_id(const std::string& pool); +extern uint64 calculate_unique_id(const size_t pool); // For now, don't use hash_maps - they're not fully portable. #if 0 diff --git a/testing/btest/Baseline/bifs.unique_id/out b/testing/btest/Baseline/bifs.unique_id/out index 4462de460b..8a796b3db6 100644 --- a/testing/btest/Baseline/bifs.unique_id/out +++ b/testing/btest/Baseline/bifs.unique_id/out @@ -1,6 +1,6 @@ -A-QEredbF4G74 -B-GPd09JY6cn6 -C-enbKRz0Bp0a -D-kZIfYOWUxVi -E-kWcyWkqbEUg -F-irFNiS1QPpg +A-56gKBmhBBB6 +B-PjbroujOxH4 +C-N4zgPFAv3J +D-WUjEZFOdSS +E-ecqdozAET6c +F-qOawpgrpAdl diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output index e07e83120e..25001033e3 100644 --- a/testing/btest/Baseline/core.conn-uid/output +++ b/testing/btest/Baseline/core.conn-uid/output @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l diff --git a/testing/btest/Baseline/core.conn-uid/output.cc b/testing/btest/Baseline/core.conn-uid/output.cc index e07e83120e..25001033e3 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc +++ b/testing/btest/Baseline/core.conn-uid/output.cc @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l diff --git a/testing/btest/Baseline/core.conn-uid/output.cc2 b/testing/btest/Baseline/core.conn-uid/output.cc2 index e07e83120e..25001033e3 100644 --- a/testing/btest/Baseline/core.conn-uid/output.cc2 +++ b/testing/btest/Baseline/core.conn-uid/output.cc2 @@ -1,39 +1,39 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], fy6xiLr8WMl -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], rs0oKVCARFb -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], TydSZAPSnUf -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CBxih2i8leh -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], G7cPfJNUB7l -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], SdSLy1wlf2c -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], WTlLNH35ckf -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], w5rU7L9Lbi4 -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], kdTi9xhoA51 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], BGGpa2FRSKa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], deH6MH2gGX4 -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], lOMhOvhRTD -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], QG8fxWUYz6a -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], KPGOQiXPvk1 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], nqlkNbjwfRa -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], fMtKHwQfRy5 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], BtftcY0cTm -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], VYKU5X3Lyvg -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], qeN1HyRHpc6 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], MH90l08qRaa -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], HFpdIhKARP5 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Afy8jm0Ud4 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UIP6iZhtlr6 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], FRRZfatA245 -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], PdBORleidTl -[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], n5MDsVnlWob -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 7bufSycmF0g -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 4XYJohCKlth -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], kN69dOI3f3l -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], MBl4p2dighc -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], M7BBMucyPff +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], arKYeMETxOg +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], k6kgXLOoSKl +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], nQcgTWjvg4c +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], j4u32Pc5bif +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], VW0XPVINV8a +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], GSxOnSLghOa +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4 +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Tw8jXtpTGu6 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05 +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], 0Q4FH8sESw5 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 5OKnoww6xl4 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], iE6yhOq3SF +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g +[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], zno26fFZkrh +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], v5rgkJBig5l diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log index 899c8e13e7..a744346519 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -1128727435.450898 fy6xiLr8WMl 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1128727435.450898 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index 8a135818c8..c0b6af7f11 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history -952109346.874907 fy6xiLr8WMl 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - -1128727435.450898 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf -1278600802.069419 TydSZAPSnUf 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF +952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - +1128727435.450898 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 tcp http 1.73330307006836 98 9417 SF - 0 ShADdFaf +1278600802.069419 k6kgXLOoSKl 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index ad5c544954..30b4085ae2 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448356.390278 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index ad5c544954..30b4085ae2 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385054.894163 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448356.390278 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index b95de8511e..e57465a850 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448372.638550 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index b95de8511e..e57465a850 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313385081.412259 rs0oKVCARFb 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1313448372.638550 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log index 867880cfed..6a5b6c6044 100644 --- a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log +++ b/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z TTL answers auth addl -930613226.529070 fy6xiLr8WMl 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - +930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.0 4.3.2.1 - - diff --git a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log index 50738b4760..ee07722d92 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - -1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - -1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - -1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - -1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - +1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - +1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - +1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - +1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - +1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - diff --git a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log index 9b22b581a2..1c9e7eb7d6 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log @@ -1,6 +1,6 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied md5 extraction_file -1258577884.844956 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - -1258577884.960135 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - -1258577885.317160 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - -1258577885.349639 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - -1258577885.394612 fy6xiLr8WMl 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - +1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - +1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - +1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - +1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - - - +1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - - - diff --git a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log index 126cce3bca..bea67dcf5b 100644 --- a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.basic/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - -1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - -1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - +1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - +1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 - diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log index df2aabbdd3..fcb002698e 100644 --- a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log +++ b/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log @@ -1,5 +1,5 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - -1311189164.119437 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - -1311189174.474127 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - -1311189316.326025 fy6xiLr8WMl 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - +1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - +1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - +1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat diff --git a/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log index ea638d1892..db7d92f946 100644 --- a/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log +++ b/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log @@ -1,2 +1,2 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent -1254722768.219663 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 +1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log index 9496887d65..76794985ee 100644 --- a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log +++ b/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat - -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 1918 FAKE_MIME - - - -1254722770.692804 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - +1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat - diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log index 2b143eacda..1cd3397097 100644 --- a/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log +++ b/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log @@ -1,4 +1,4 @@ # ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - - -1254722770.692743 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh - 1918 FAKE_MIME - - - -1254722770.692804 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - - +1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - +1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - - diff --git a/testing/btest/bifs/unique_id-pools.bro b/testing/btest/bifs/unique_id-pools.bro index d8c3e9aa5f..abdc4b22ba 100644 --- a/testing/btest/bifs/unique_id-pools.bro +++ b/testing/btest/bifs/unique_id-pools.bro @@ -6,11 +6,11 @@ @TEST-START-FILE order_rand.bro print unique_id("A-"); -print unique_id_from("beta", "E-"); +print unique_id_from(5, "E-"); print unique_id("B-"); -print unique_id_from("alpha", "D-"); +print unique_id_from(4, "D-"); print unique_id("C-"); -print unique_id_from("beta", "F-"); +print unique_id_from(5, "F-"); @TEST-END-FILE @@ -19,9 +19,9 @@ print unique_id_from("beta", "F-"); print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); -print unique_id_from("alpha", "D-"); -print unique_id_from("beta", "E-"); -print unique_id_from("beta", "F-"); +print unique_id_from(4, "D-"); +print unique_id_from(5, "E-"); +print unique_id_from(5, "F-"); @TEST-END-FILE diff --git a/testing/btest/bifs/unique_id-rnd.bro b/testing/btest/bifs/unique_id-rnd.bro index fdb04e05bc..4188725373 100644 --- a/testing/btest/bifs/unique_id-rnd.bro +++ b/testing/btest/bifs/unique_id-rnd.bro @@ -7,6 +7,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); -print unique_id_from("alpha", "D-"); -print unique_id_from("beta", "E-"); -print unique_id_from("beta", "F-"); +print unique_id_from(4, "D-"); +print unique_id_from(5, "E-"); +print unique_id_from(5, "F-"); diff --git a/testing/btest/bifs/unique_id.bro b/testing/btest/bifs/unique_id.bro index 1451426556..097f5d490d 100644 --- a/testing/btest/bifs/unique_id.bro +++ b/testing/btest/bifs/unique_id.bro @@ -5,6 +5,6 @@ print unique_id("A-"); print unique_id("B-"); print unique_id("C-"); -print unique_id_from("alpha", "D-"); -print unique_id_from("beta", "E-"); -print unique_id_from("beta", "F-"); +print unique_id_from(4, "D-"); +print unique_id_from(5, "E-"); +print unique_id_from(5, "F-"); From cff47dd98ff802a39caa6e50e1b89bdb964fa73f Mon Sep 17 00:00:00 2001 From: "Gilbert Clark gc355804@ohio.edu" Date: Mon, 5 Sep 2011 12:12:09 -0700 Subject: [PATCH 08/16] Updating tests. --- testing/btest/Baseline/core.vlan-mpls/conn.log | 4 ++-- testing/btest/Baseline/istate.events-ssl/receiver.http.log | 2 +- testing/btest/Baseline/istate.events-ssl/sender.http.log | 2 +- testing/btest/Baseline/istate.events/receiver.http.log | 2 +- testing/btest/Baseline/istate.events/sender.http.log | 7 +------ .../scripts.base.protocols.http.http-mime-and-md5/http.log | 5 ++++- .../scripts.base.protocols.irc.dcc-extract/irc.log | 5 ++++- .../Baseline/scripts.base.protocols.smtp.basic/smtp.log | 2 +- .../smtp_entities.log | 5 ++++- .../scripts.base.protocols.smtp.mime/smtp_entities.log | 5 ++++- 10 files changed, 23 insertions(+), 16 deletions(-) diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index 9c65be0b34..5cc726c7b5 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -3,5 +3,5 @@ #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes #types time string addr port addr port enum string interval count count string bool count string count count count count 952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 25 0 SH - 0 - 11 280 0 0 -1128727435.450898 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 710 10 9945 -1278600802.069419 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 361 7 3801 +1128727435.450898 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 710 10 9945 +1278600802.069419 k6kgXLOoSKl 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 361 7 3801 diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index 3e53efd7f2..59d0e4205e 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -2,4 +2,4 @@ #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167107.671488 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1315248437.500464 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index 3e53efd7f2..59d0e4205e 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -2,4 +2,4 @@ #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167107.671488 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1315248437.500464 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 85d74c943c..c85a3cad22 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -2,4 +2,4 @@ #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167116.842377 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +1315248460.480614 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 79b5b67b04..c85a3cad22 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,10 +1,5 @@ -<<<<<<< HEAD -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1313448372.638550 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - -======= #separator \x09 #path http #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port string string string string string count count count string string table string string table string string file -1315167116.842377 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - ->>>>>>> master +1315248460.480614 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log index ee07722d92..6e38a9459f 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#separator \x09 +#path http +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port string string string string string count count count string string table string string table string string file 1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - FAKE_MIME - - 1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - FAKE_MIME - - 1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - FAKE_MIME - - diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log index fcb002698e..a692d2dd4d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log +++ b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file +#separator \x09 +#path irc +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file +#types time string addr port addr port string string table string string string table string count string file 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - 1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log index 817207108c..324d8a2557 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log @@ -2,4 +2,4 @@ #path smtp #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent #types time string addr port addr port string string string table string string table string string string string addr string string string vector string -1254722768.219663 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 +1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log index 76794985ee..30566ba6f9 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#separator \x09 +#path smtp_entities +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#types time string addr port addr port string string count string string file string 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat - 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - 1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat - diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log index 1cd3397097..562848404c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#separator \x09 +#path smtp_entities +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid filename content_len mime_type md5 extraction_file excerpt +#types time string addr port addr port string string count string string file string 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - - 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 - 1918 FAKE_MIME - - - 1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 @56gKBmhBBB6 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - - From 80e154ba3c63bf39c16ce3d66bc8c73f8e515a4b Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 7 Sep 2011 10:02:15 -0500 Subject: [PATCH 09/16] Various changes to documentation framework. - Reorganize top-level 'doc' Makefile target so submodules can easily add their own doc-generating routines to it. e.g. the Bro project makes a placeholder 'doc' target, then adds 'restdoc', 'sphinxdoc'; later Broccoli can add it's own target as a dependency for generating API docs. - Fixed generated docs for BIFs not being organized under a base/ subdirectory like the original source files. - Fixed documentation style for function parameters not applying to functions declared as record fields. - Misc. script documentation tweaks to address warnings given by Sphinx. --- Makefile | 5 +- doc/CMakeLists.txt | 3 + doc/scripts/CMakeLists.txt | 15 +++-- doc/scripts/DocSourcesList.cmake | 16 +++--- doc/scripts/genDocSourcesList.sh | 2 +- scripts/base/frameworks/logging/main.bro | 2 +- scripts/base/init-bare.bro | 9 +-- scripts/base/protocols/conn/main.bro | 4 +- src/CMakeLists.txt | 1 + src/scan.l | 38 +++++++------ src/util.cc | 8 ++- .../autogen-reST-func-params.rst | 57 +++++++++++++++++++ .../btest/doc/autogen-reST-func-params.bro | 20 +++++++ 13 files changed, 137 insertions(+), 43 deletions(-) create mode 100644 testing/btest/Baseline/doc.autogen-reST-func-params/autogen-reST-func-params.rst create mode 100644 testing/btest/doc/autogen-reST-func-params.bro diff --git a/Makefile b/Makefile index cf230198f5..482bfde17f 100644 --- a/Makefile +++ b/Makefile @@ -13,15 +13,14 @@ all: configured install: configured ( cd $(BUILD) && make install ) -clean: configured +clean: configured docclean ( cd $(BUILD) && make clean ) - ( cd $(BUILD) && make docclean && make restclean ) doc: configured ( cd $(BUILD) && make doc ) docclean: configured - ( cd $(BUILD) && make docclean && make restclean ) + ( cd $(BUILD) && make docclean ) dist: @./pkg/make-src-packages diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index e2c3f25f4e..acef059ce8 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -1 +1,4 @@ +add_custom_target(doc) +add_custom_target(docclean) + add_subdirectory(scripts) diff --git a/doc/scripts/CMakeLists.txt b/doc/scripts/CMakeLists.txt index b82605d533..1cf2f768ec 100644 --- a/doc/scripts/CMakeLists.txt +++ b/doc/scripts/CMakeLists.txt @@ -212,9 +212,9 @@ add_custom_target(restclean ${RST_OUTPUT_DIR} VERBATIM) -# The "doc" target generates reST documentation for any outdated bro scripts -# and then uses Sphinx to generate HTML documentation from the reST -add_custom_target(doc +# The "sphinxdoc" target generates reST documentation for any outdated bro +# scripts and then uses Sphinx to generate HTML documentation from the reST +add_custom_target(sphinxdoc # copy the template documentation to the build directory # to give as input for sphinx COMMAND "${CMAKE_COMMAND}" -E copy_directory @@ -252,13 +252,16 @@ add_custom_target(doc # SOURCES just adds stuff to IDE projects as a convenience SOURCES ${DOC_SOURCES}) -# The "docclean" target removes just the Sphinx input/output directories +# The "sphinxclean" target removes just the Sphinx input/output directories # from the build directory. -add_custom_target(docclean +add_custom_target(sphinxclean COMMAND "${CMAKE_COMMAND}" -E remove_directory ${DOC_SOURCE_WORKDIR} COMMAND "${CMAKE_COMMAND}" -E remove_directory ${DOC_OUTPUT_DIR} VERBATIM) -add_dependencies(doc docclean restdoc) +add_dependencies(sphinxdoc sphinxclean restdoc) + +add_dependencies(doc sphinxdoc) +add_dependencies(docclean sphinxclean restclean) diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake index 048a51ff12..30b72fc3c2 100644 --- a/doc/scripts/DocSourcesList.cmake +++ b/doc/scripts/DocSourcesList.cmake @@ -16,13 +16,13 @@ rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal) rest_target(${psd} base/init-default.bro internal) rest_target(${psd} base/init-bare.bro internal) -rest_target(${CMAKE_BINARY_DIR}/src/base bro.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src/base const.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src/base event.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src/base logging.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src/base reporter.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src/base strings.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src/base types.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/bro.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/const.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/event.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/logging.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/reporter.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/strings.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/types.bif.bro) rest_target(${psd} base/frameworks/cluster/main.bro) rest_target(${psd} base/frameworks/cluster/nodes/manager.bro) rest_target(${psd} base/frameworks/cluster/nodes/proxy.bro) @@ -33,6 +33,7 @@ rest_target(${psd} base/frameworks/control/main.bro) rest_target(${psd} base/frameworks/dpd/main.bro) rest_target(${psd} base/frameworks/intel/main.bro) rest_target(${psd} base/frameworks/logging/main.bro) +rest_target(${psd} base/frameworks/logging/postprocessors/scp.bro) rest_target(${psd} base/frameworks/logging/writers/ascii.bro) rest_target(${psd} base/frameworks/metrics/cluster.bro) rest_target(${psd} base/frameworks/metrics/main.bro) @@ -101,6 +102,7 @@ rest_target(${psd} policy/integration/barnyard2/main.bro) rest_target(${psd} policy/integration/barnyard2/types.bro) rest_target(${psd} policy/misc/analysis-groups.bro) rest_target(${psd} policy/misc/loaded-scripts.bro) +rest_target(${psd} policy/misc/pf-ring-load-balancing.bro) rest_target(${psd} policy/misc/profiling.bro) rest_target(${psd} policy/misc/trim-trace-file.bro) rest_target(${psd} policy/protocols/conn/known-hosts.bro) diff --git a/doc/scripts/genDocSourcesList.sh b/doc/scripts/genDocSourcesList.sh index 1f56843f5f..ca654cb1cc 100755 --- a/doc/scripts/genDocSourcesList.sh +++ b/doc/scripts/genDocSourcesList.sh @@ -73,7 +73,7 @@ bifs=`( cd ${sourcedir}/src && find . -name \*\.bif | sort )` for file in $bifs do f=${file:2}.bro - echo "rest_target(\${CMAKE_BINARY_DIR}/src/base $f)" >> $outfile + echo "rest_target(\${CMAKE_BINARY_DIR}/src base/$f)" >> $outfile done scriptfiles=`( cd ${sourcedir}/scripts && find . -name \*\.bro | sort )` diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index 91327f4f88..cb2696dde7 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -52,7 +52,7 @@ export { ## If not given, all entries are recorded. ## ## rec: An instance of the streams's ``columns`` type with its - ## fields set to the values to logged. + ## fields set to the values to logged. ## ## Returns: True if the entry is to be recorded. pred: function(rec: any): bool &optional; diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 2a9f093385..b95a5c3823 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -1382,8 +1382,9 @@ const enable_syslog = F &redef; const peer_description = "bro" &redef; ## If true, broadcast events/state received from one peer to other peers. -## NOTE: These options are only temporary. They will disappear when we get a -## more sophisticated script-level communication framework. +## +## .. note:: These options are only temporary. They will disappear when we get +## a more sophisticated script-level communication framework. const forward_remote_events = F &redef; ## See :bro:id:`forward_remote_events` const forward_remote_state_changes = F &redef; @@ -1513,6 +1514,6 @@ const skip_http_data = F &redef; ## UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro. const parse_udp_tunnels = F &redef; -## Load the logging framework here because it uses fairly deep integration with -## BiFs and script-land defined types. +# Load the logging framework here because it uses fairly deep integration with +# BiFs and script-land defined types. @load base/frameworks/logging diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro index fca1f49ca6..751fe8f6cf 100644 --- a/scripts/base/protocols/conn/main.bro +++ b/scripts/base/protocols/conn/main.bro @@ -74,11 +74,11 @@ export { ## This history is not meant to encode how much data that happened to be. history: string &log &optional; ## Number of packets the originator sent. - ## Only set if :bro:id:`use_conn_size_analyzer`=T + ## Only set if :bro:id:`use_conn_size_analyzer` = T orig_pkts: count &log &optional; ## Number IP level bytes the originator sent (as seen on the wire, ## taken from IP total_length header field). - ## Only set if :bro:id:`use_conn_size_analyzer`=T + ## Only set if :bro:id:`use_conn_size_analyzer` = T orig_ip_bytes: count &log &optional; ## Number of packets the responder sent. See ``orig_pkts``. resp_pkts: count &log &optional; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a6cd823e56..99b905d4af 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -418,6 +418,7 @@ collect_headers(bro_HEADERS ${bro_SRCS}) add_definitions(-DBRO_SCRIPT_INSTALL_PATH="${BRO_SCRIPT_INSTALL_PATH}") add_definitions(-DBRO_SCRIPT_SOURCE_PATH="${BRO_SCRIPT_SOURCE_PATH}") +add_definitions(-DBRO_BUILD_PATH="${CMAKE_CURRENT_BINARY_DIR}") add_executable(bro ${bro_SRCS} ${bro_HEADERS}) diff --git a/src/scan.l b/src/scan.l index cdeedbf038..a6f6d14593 100644 --- a/src/scan.l +++ b/src/scan.l @@ -80,6 +80,19 @@ static const char* canon_doc_comment(const char* comment) return ( comment[0] == ' ' ) ? comment + 1 : comment; } +static std::string canon_doc_func_param(const char* id_start) + { + std::string id_name(id_start, strcspn(id_start, ":")); + const char* comment = id_start + id_name.size() + 1; + std::string doc; + + if ( id_name == "Returns" ) + doc.append(":returns:").append(comment); + else + doc.append(":param ").append(id_name).append(":").append(comment); + return doc; + } + static ino_t get_inode_num(FILE* f, const char* filename) { struct stat b; @@ -155,6 +168,12 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) return TOK_POST_DOC; } +##{OWS}{ID}:.* { + const char* id_start = skip_whitespace(yytext + 2); + yylval.str = copy_string(canon_doc_func_param(id_start).c_str()); + return TOK_DOC; +} + ##.* { if ( yytext[2] != '#' ) { @@ -169,20 +188,6 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) // Comment is documenting either a function parameter or return type, // so appropriate reST markup substitutions are automatically made // in order to distinguish them from other comments. - const char* id_start = skip_whitespace(yytext + 2); - size_t id_len = strcspn(id_start, ":"); - char* id_name = new char[id_len + 1]; - strncpy(id_name, id_start, id_len); - id_name[id_len] = '\0'; - const char* comment = id_start + id_len + 1; - - std::string doc; - - if ( streq(id_name, "Returns") ) - doc.append(":returns:").append(comment); - else - doc.append(":param ").append(id_name).append(":").append(comment); - if ( ! reST_doc_comments ) reST_doc_comments = new std::list(); @@ -192,9 +197,8 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) // 2) has a blank line between it and non-field-list reST markup, // which is required for correct HTML rendering by Sphinx reST_doc_comments->push_back(""); - reST_doc_comments->push_back(doc); - - delete [] id_name; + const char* id_start = skip_whitespace(yytext + 2); + reST_doc_comments->push_back(canon_doc_func_param(id_start)); } } diff --git a/src/util.cc b/src/util.cc index 90eac56cca..a04d9827df 100644 --- a/src/util.cc +++ b/src/util.cc @@ -891,7 +891,7 @@ const char* normalize_path(const char* path) return copy_string(new_path.c_str()); } -// Returns the subpath of the root Bro script install/source directory in +// Returns the subpath of the root Bro script install/source/build directory in // which the loaded file is located. If it's not under a subpath of that // directory (e.g. cwd or custom path) then the full path is returned. void get_script_subpath(const std::string& full_filename, const char** subpath) @@ -909,11 +909,15 @@ void get_script_subpath(const std::string& full_filename, const char** subpath) // first check if this is some subpath of the installed scripts root path, // if not check if it's a subpath of the script source root path, - // if neither, will just use the given directory + // then check if it's a subpath of the build directory (where BIF scripts + // will get generated). + // If none of those, will just use the given directory. if ( (p=my_subpath.find(BRO_SCRIPT_INSTALL_PATH)) != std::string::npos ) my_subpath.erase(0, strlen(BRO_SCRIPT_INSTALL_PATH)); else if ( (p=my_subpath.find(BRO_SCRIPT_SOURCE_PATH)) != std::string::npos ) my_subpath.erase(0, strlen(BRO_SCRIPT_SOURCE_PATH)); + else if ( (p=my_subpath.find(BRO_BUILD_PATH)) != std::string::npos ) + my_subpath.erase(0, strlen(BRO_BUILD_PATH)); // if root path found, remove path separators until next path component if ( p != std::string::npos ) diff --git a/testing/btest/Baseline/doc.autogen-reST-func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.autogen-reST-func-params/autogen-reST-func-params.rst new file mode 100644 index 0000000000..4de4970c9e --- /dev/null +++ b/testing/btest/Baseline/doc.autogen-reST-func-params/autogen-reST-func-params.rst @@ -0,0 +1,57 @@ +.. Automatically generated. Do not edit. + +autogen-reST-func-params.bro +============================ + +:download:`Original Source File ` + +Overview +-------- + + +Summary +~~~~~~~ +Types +##### +======================================== = +:bro:type:`test_rec`: :bro:type:`record` +======================================== = + +Functions +######### +===================================== ====================================== +:bro:id:`test_func`: :bro:type:`func` This is a global function declaration. +===================================== ====================================== + +Public Interface +---------------- +Types +~~~~~ +.. bro:type:: test_rec + + :Type: :bro:type:`record` + + field_func: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` + This is a record field function. + + :param i: First param. + :param j: Second param. + + :returns: A string. + +Functions +~~~~~~~~~ +.. bro:id:: test_func + + :Type: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` + + This is a global function declaration. + + + :param i: First param. + + :param j: Second param. + + + :returns: A string. + diff --git a/testing/btest/doc/autogen-reST-func-params.bro b/testing/btest/doc/autogen-reST-func-params.bro new file mode 100644 index 0000000000..89cf90ef5a --- /dev/null +++ b/testing/btest/doc/autogen-reST-func-params.bro @@ -0,0 +1,20 @@ +# @TEST-EXEC: bro --doc-scripts %INPUT +# @TEST-EXEC: btest-diff autogen-reST-func-params.rst + +## This is a global function declaration. +## +## i: First param. +## j: Second param. +## +## Returns: A string. +global test_func: function(i: int, j: int): string; + +type test_rec: record { + ## This is a record field function. + ## + ## i: First param. + ## j: Second param. + ## + ## Returns: A string. + field_func: function(i: int, j: int): string; +}; From 95ed1920885e3b3975b2e9eb248182a1fc9709d7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 7 Sep 2011 11:33:08 -0500 Subject: [PATCH 10/16] More tweaks to generated script docs. - The "private interface" section is still tracked, but no longer rendered. We can judge the usefulness of it later and add back if there's demand. - Documentation of event handlers was being treated the same as event declarations. Now handlers are tracked separately, but not currently rendered in the generated doc output since usefulness is questionable. --- doc/scripts/example.bro | 14 ----- src/BroDoc.cc | 2 + src/BroDoc.h | 13 +++++ src/parse.y | 2 +- .../doc.autogen-reST-example/example.rst | 57 ------------------- 5 files changed, 16 insertions(+), 72 deletions(-) diff --git a/doc/scripts/example.bro b/doc/scripts/example.bro index 0b283d028a..c239f2d2a2 100644 --- a/doc/scripts/example.bro +++ b/doc/scripts/example.bro @@ -5,20 +5,6 @@ ##! (reST) document's summary section. ##! ##! .. tip:: You can embed directives and roles within ``##``-stylized comments. -##! -##! A script's logging information has to be documented manually as minimally -##! shown below. Note that references may not always be possible (e.g. -##! anonymous filter functions) and a script may not need to document -##! each of "columns", "event", "filter" depending on exactly what it's doing. -##! -##! **Logging Stream ID:** :bro:enum:`Example::EXAMPLE` -##! :Columns: :bro:type:`Example::Info` -##! :Event: :bro:id:`Example::log_example` -##! :Filter: ``example-filter`` -##! uses :bro:id:`Example::filter_func` to determine whether to -##! exclude the ``ts`` field -##! -##! :Author: Jon Siwek # Comments that use a single pound sign (#) are not significant to # a script's auto-generated documentation, but ones that use a diff --git a/src/BroDoc.cc b/src/BroDoc.cc index d3406ad113..2ffda01680 100644 --- a/src/BroDoc.cc +++ b/src/BroDoc.cc @@ -227,6 +227,7 @@ void BroDoc::WriteDocFile() const WriteToDoc("%s\n", packet_filter.c_str()); } +/* BroDocObjList::const_iterator it; bool hasPrivateIdentifiers = false; @@ -241,6 +242,7 @@ void BroDoc::WriteDocFile() const if ( hasPrivateIdentifiers ) WriteInterface("Private Interface", '-', '~', false, false); +*/ } void BroDoc::WriteInterface(const char* heading, char underline, diff --git a/src/BroDoc.h b/src/BroDoc.h index 112401253c..ac6ff0a59b 100644 --- a/src/BroDoc.h +++ b/src/BroDoc.h @@ -167,6 +167,18 @@ public: all.push_back(o); } + /** + * Schedules documentation of an event handler declared by the script. + * @param o A pointer to a BroDocObj which contains the internal + * Bro language representation of the script event handler and + * also any associated comments about it. + */ + void AddEventHandler(const BroDocObj* o) + { + event_handlers.push_back(o); + all.push_back(o); + } + /** * Schedules documentation of a function declared by the script. * @param o A pointer to a BroDocObj which contains the internal @@ -228,6 +240,7 @@ protected: BroDocObjList types; BroDocObjList notices; BroDocObjList events; + BroDocObjList event_handlers; BroDocObjMap functions; BroDocObjList redefs; diff --git a/src/parse.y b/src/parse.y index 2eb84680b7..2410358f81 100644 --- a/src/parse.y +++ b/src/parse.y @@ -1179,7 +1179,7 @@ func_hdr: FUNC_FLAVOR_EVENT, 0, $3); $$ = $3; if ( generate_documentation ) - current_reST_doc->AddEvent( + current_reST_doc->AddEventHandler( new BroDocObj($2, reST_doc_comments)); } | TOK_REDEF TOK_EVENT event_id func_params diff --git a/testing/btest/Baseline/doc.autogen-reST-example/example.rst b/testing/btest/Baseline/doc.autogen-reST-example/example.rst index f6f7b4b2fc..b76b9af59b 100644 --- a/testing/btest/Baseline/doc.autogen-reST-example/example.rst +++ b/testing/btest/Baseline/doc.autogen-reST-example/example.rst @@ -15,20 +15,6 @@ these comments are transferred directly into the auto-generated .. tip:: You can embed directives and roles within ``##``-stylized comments. -A script's logging information has to be documented manually as minimally -shown below. Note that references may not always be possible (e.g. -anonymous filter functions) and a script may not need to document -each of "columns", "event", "filter" depending on exactly what it's doing. - -**Logging Stream ID:** :bro:enum:`Example::EXAMPLE` - :Columns: :bro:type:`Example::Info` - :Event: :bro:id:`Example::log_example` - :Filter: ``example-filter`` - uses :bro:id:`Example::filter_func` to determine whether to - exclude the ``ts`` field - -:Author: Jon Siwek - :Imports: :doc:`policy/frameworks/software/vulnerable ` Summary @@ -72,8 +58,6 @@ Events :bro:id:`Example::log_example`: :bro:type:`event` This is a declaration of an example event that can be used in logging streams and is raised once for each log entry. - -:bro:id:`bro_init`: :bro:type:`event` ================================================= ============================================================= Functions @@ -233,10 +217,6 @@ Events This is a declaration of an example event that can be used in logging streams and is raised once for each log entry. -.. bro:id:: bro_init - - :Type: :bro:type:`event` () - Functions ~~~~~~~~~ .. bro:id:: Example::a_function @@ -309,40 +289,3 @@ Filters added:: [ssl] = tcp port 443, [nntps] = tcp port 562 -Private Interface ------------------ -State Variables -~~~~~~~~~~~~~~~ -.. bro:id:: Example::example_ports - - :Type: :bro:type:`set` [:bro:type:`port`] - :Attributes: :bro:attr:`&redef` - :Default: - - :: - - { - 443/tcp, - 562/tcp - } - -Types -~~~~~ -.. bro:type:: Example::PrivateRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`count` - -Functions -~~~~~~~~~ -.. bro:id:: Example::filter_func - - :Type: :bro:type:`function` (rec: :bro:type:`Example::Info`) : :bro:type:`bool` - -.. bro:id:: Example::function_without_proto - - :Type: :bro:type:`function` (tag: :bro:type:`string`) : :bro:type:`string` - From f868af101cd4e789094984fa0950d26822defcdc Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 7 Sep 2011 11:03:36 -0700 Subject: [PATCH 11/16] Potential fix for #588. --- CHANGES | 14 ++++++++++++++ VERSION | 2 +- src/LogMgr.cc | 5 +++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 2732e9e29a..e3c500d6d8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,18 @@ +1.6-dev-1198 | 2011-09-07 11:03:36 -0700 + + * Extended header for ASCII log that make it easier for scripts to + parse Bro log files. (Gilbert Clark) + + * Potential fix for rotation crashes. Addresses #588. (Robin Sommer) + + * Added PF_RING load balancing support to the scripting layer, + enabled by loading the misc/pf-ring-load-balancing script. (Seth + Hall) + + * Added a BiF setenv() for setting environment variables. (Seth + Hall) + 1.6-dev-1184 | 2011-09-04 09:34:50 -0700 * FindPCAP now links against thread library when necessary (e.g. diff --git a/VERSION b/VERSION index 3128920913..64f5808603 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev-1184 +1.6-dev-1198 diff --git a/src/LogMgr.cc b/src/LogMgr.cc index 950de24a8f..700237e693 100644 --- a/src/LogMgr.cc +++ b/src/LogMgr.cc @@ -444,7 +444,7 @@ LogMgr::WriterInfo* LogMgr::FindWriter(LogWriter* writer) { WriterInfo* winfo = i->second; - if ( winfo->writer == writer ) + if ( winfo && winfo->writer == writer ) return winfo; } } @@ -1506,7 +1506,8 @@ bool LogMgr::FinishedRotation(LogWriter* writer, string new_name, string old_nam writer->Path().c_str(), network_time, new_name.c_str()); WriterInfo* winfo = FindWriter(writer); - assert(winfo); + if ( ! winfo ) + return true; RecordVal* rc = LookupRotationControl(winfo->type, winfo->writer->Path()); From e07e4ca11736af3aa90a321e8a5af1f28c90eb2c Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 7 Sep 2011 15:11:01 -0400 Subject: [PATCH 12/16] Cleaned up some small SSL mistakes. --- scripts/base/protocols/ssl/main.bro | 5 ++++- scripts/policy/protocols/ssl/validate-certs.bro | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index f2e1605aab..857e9073ec 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -113,10 +113,13 @@ event ssl_extension(c: connection, code: count, val: string) &priority=5 c$ssl$server_name = sub_bytes(val, 6, |val|); } -event ssl_established(c: connection) &priority=-5 +event ssl_established(c: connection) &priority=5 { set_session(c); + } +event ssl_established(c: connection) &priority=-5 + { Log::write(SSL::LOG, c$ssl); } diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro index 3e457c72ea..bf6421b5c1 100644 --- a/scripts/policy/protocols/ssl/validate-certs.bro +++ b/scripts/policy/protocols/ssl/validate-certs.bro @@ -14,7 +14,7 @@ export { } -event ssl_established(c: connection) &priority=5 +event ssl_established(c: connection) &priority=3 { # If there aren't any certs we can't very well do certificate validation. if ( !c$ssl?$cert || !c$ssl?$cert_chain ) From 4931aa815f5de7f0dac31e4ee526c69c56b4961d Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 8 Sep 2011 01:52:25 -0400 Subject: [PATCH 13/16] Delete SSL certificates from memory after ssl_established event. - This is an attempt at fixing the memory issues brought about by the introduction of the new SSL analyzer. My initial testing shows a hefty memory saving. --- scripts/base/protocols/ssl/main.bro | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 857e9073ec..99dc846903 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -28,6 +28,11 @@ export { ## This is where the default root CA bundle is defined. By loading the ## mozilla-ca-list.bro script it will be set to Mozilla's root CA list. const root_certs: table[string] of string = {} &redef; + + ## This determines if the c$ssl record is deleted after the record is + ## logged. You probably want this to be deleted since it contains + ## the full certificate and all of the chain certificates in it. + const delete_certs_after_logging = T &redef; global log_ssl: event(rec: Info); @@ -121,5 +126,13 @@ event ssl_established(c: connection) &priority=5 event ssl_established(c: connection) &priority=-5 { Log::write(SSL::LOG, c$ssl); + + if ( delete_certs_after_logging ) + { + if ( c$ssl?$cert ) + delete c$ssl$cert; + if ( c$ssl?$cert_chain ) + delete c$ssl$cert_chain; + } } From cdbf0fda386effee61dc023ea539d73515221773 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 8 Sep 2011 02:21:43 -0400 Subject: [PATCH 14/16] Updating broctl submodule for the new pf_ring support. --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 2b9053d40d..3679dbce2e 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 2b9053d40d7ef497c8cef6357b59f43129976d65 +Subproject commit 3679dbce2e1a7fc31065b174670fa54e35c3ae75 From 3bf98548f753e4899bdac673fdcd760daf409ada Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 8 Sep 2011 02:28:04 -0400 Subject: [PATCH 15/16] The script level pf_ring support isn't working so removing it. --- .../policy/misc/pf-ring-load-balancing.bro | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100644 scripts/policy/misc/pf-ring-load-balancing.bro diff --git a/scripts/policy/misc/pf-ring-load-balancing.bro b/scripts/policy/misc/pf-ring-load-balancing.bro deleted file mode 100644 index eb0540ec0f..0000000000 --- a/scripts/policy/misc/pf-ring-load-balancing.bro +++ /dev/null @@ -1,22 +0,0 @@ -##! This script adds the necessary environment variables for Bro to make use -##! of PF_RING's clustering (and load balancing) support through the libpcap -##! wrapper. - -module PFRing; - -export { - ## Define the pf_ring cluster ID that you would like this instance - ## of Bro to use. Please set a value from 0 to 255 - const cluster_id = 150 &redef; -} - - -event bro_init() &priority=10 - { - if ( cluster_id > 255 || cluster_id < 0 ) - Reporter::fatal(fmt("%d is an invalid value for PFRing::cluster_id", cluster_id)); - - if ( ! setenv("PCAP_PF_RING_USE_CLUSTER_PER_FLOW", "1") || - ! setenv("PCAP_PF_RING_CLUSTER_ID", fmt("%d", cluster_id)) ) - Reporter::fatal("Unable to set one or both of the PF_RING environment variables."); - } From 856e207359b287aa99669a5fec13040b029eeb93 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 8 Sep 2011 09:08:34 -0700 Subject: [PATCH 16/16] Updating submodule(s). --- aux/broccoli | 2 +- aux/broctl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/broccoli b/aux/broccoli index 89c20c7f06..89620cc8e5 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 89c20c7f063afe5f39aa72bfec02d6996b291c13 +Subproject commit 89620cc8e500855fb763281000cbe2a24290a829 diff --git a/aux/broctl b/aux/broctl index 2b9053d40d..c7499ee54f 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 2b9053d40d7ef497c8cef6357b59f43129976d65 +Subproject commit c7499ee54f50bca65606dc3edc1aff132d93af80