From d95affde4d94bbcda145b0f0785a238de1b98003 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Mon, 4 Aug 2025 15:41:23 -0700 Subject: [PATCH] Remove deprecations tagged for v8.1 --- cmake_templates/zeek-config-paths.h.in | 2 - configure | 24 --- scripts/base/frameworks/analyzer/dpd.zeek | 4 - scripts/base/frameworks/broker/main.zeek | 86 +--------- scripts/base/frameworks/cluster/main.zeek | 2 - scripts/base/frameworks/telemetry/main.zeek | 23 --- scripts/base/init-bare.zeek | 15 +- .../analyzer/deprecated-dpd-log.zeek | 96 ----------- .../frameworks/dpd/detect-protocols.zeek | 3 - .../dpd/packet-segment-logging.zeek | 34 ---- .../management/controller/main.zeek | 7 +- .../policy/protocols/http/detect-sqli.zeek | 142 ---------------- scripts/test-all-policy.zeek | 4 - scripts/zeekygen/__load__.zeek | 14 -- src/Attr.cc | 8 +- src/Conn.cc | 51 ++---- src/Conn.h | 22 --- src/Desc.h | 4 - src/Event.cc | 63 ++------ src/Event.h | 31 +--- src/EventHandler.cc | 40 +---- src/EventHandler.h | 24 +-- src/Func.h | 5 - src/IPAddr.cc | 121 -------------- src/IPAddr.h | 36 ----- src/RunState.h | 2 - src/Span.h | 12 -- src/ZeekArgs.h | 11 -- src/ZeekString.cc | 51 +----- src/ZeekString.h | 8 - src/analyzer/Analyzer.h | 12 -- src/analyzer/protocol/dns/DNS.cc | 5 +- src/analyzer/protocol/tcp/ContentLine.h | 6 - src/analyzer/protocol/tcp/TCP_Endpoint.h | 38 ----- src/broker/Manager.cc | 68 -------- src/broker/Manager.h | 37 ----- src/broker/messaging.bif | 20 --- src/cluster/Backend.cc | 5 - src/cluster/Backend.h | 11 -- src/event.bif | 1 - src/fuzzers/dns-fuzzer.cc | 18 +-- src/fuzzers/websocket-fuzzer.cc | 16 +- src/logging/WriterFrontend.cc | 42 ++--- src/logging/WriterFrontend.h | 22 +-- src/packet_analysis/Manager.h | 5 - src/packet_analysis/protocol/ip/IP.h | 4 - .../protocol/ip/IPBasedAnalyzer.cc | 11 +- .../protocol/ip/IPBasedAnalyzer.h | 13 +- src/plugin/Manager.cc | 1 + src/scan.l | 9 +- src/session/Manager.h | 3 - src/util.h | 6 +- src/zeek.bif | 18 --- .../.stderr | 6 +- .../..manager..stderr | 4 - .../cluster.websocket.tls-usage-error/.stderr | 4 +- .../Baseline/bifs.record_type_to_vector/out | 2 - .../recv.recv.out | 7 - .../send.send.out | 7 - .../broker.remote_event_auto/recv.recv.out | 7 - .../broker.remote_event_auto/send.send.out | 7 - .../broker.remote_event_auto_ts/recv.recv.out | 11 -- .../broker.remote_event_auto_ts/send.send.out | 13 -- .../client.output | 4 - .../server.output | 6 - .../broker.web-socket-events/client.output | 4 - .../broker.web-socket-events/server.output | 6 - .../..client..stderr | 1 - .../..client.out | 12 -- .../..manager..stderr | 3 - .../..manager.out | 8 - testing/btest/Baseline/core.dns-init/.stderr | 1 - testing/btest/Baseline/core.fake_dns/err | 3 - .../core.hostname-literal-resolve/err | 2 - .../err.parse-only | 2 - .../core.hostname-literal-resolve/out | 4 - .../out.parse-only | 1 - .../Baseline/coverage.bare-mode-errors/errors | 3 - .../btest/Baseline/coverage.find-bro-logs/out | 1 - .../.stderr | 6 - .../.stdout | 2 - testing/btest/Baseline/plugins.hooks/output | 3 - .../scripts.base.protocols.dns.binds/output | 32 ++-- .../dpd-ftp-invalid-reply-code.log | 11 -- ...dpd-ftp-missing-space-after-reply-code.log | 11 -- .../dpd-gtp9_unknown_or_too_short_payload.log | 11 -- .../dpd-http-11-request-then-cruft.log | 11 -- .../dpd-ntlm-empty-av-sequence.log | 11 -- .../dpd.log | 11 -- .../http.log.cut | 5 - .../output | 4 - testing/btest/bifs/record_type_to_vector.zeek | 13 -- .../btest/broker/event-group-interaction.zeek | 119 -------------- testing/btest/broker/remote_event_auto.zeek | 98 ----------- .../btest/broker/remote_event_auto_ts.zeek | 89 ---------- .../broker/web-socket-events-metadata.zeek | 153 ------------------ testing/btest/broker/web-socket-events.zeek | 128 --------------- .../websocket/one-ipv6-deprecated.zeek | 85 ---------- testing/btest/core/dns-init.zeek | 4 +- testing/btest/core/fake_dns.zeek | 6 +- .../btest/core/hostname-literal-resolve.zeek | 11 -- .../language/optional-and-default-field.zeek | 18 --- .../plugins/func-hook-plugin/src/Plugin.cc | 2 +- .../analyzer/deprecated-dpd-log.zeek | 18 --- .../dpd/packet-segment-logging.zeek | 16 -- .../http/sql-injection-plus-dvwa.zeek | 14 -- .../http/test-sql-injection-regex.zeek | 4 +- testing/btest/scripts/site/local-compat.test | 2 +- 108 files changed, 113 insertions(+), 2230 deletions(-) delete mode 100644 scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek delete mode 100644 scripts/policy/frameworks/dpd/detect-protocols.zeek delete mode 100644 scripts/policy/frameworks/dpd/packet-segment-logging.zeek delete mode 100644 scripts/policy/protocols/http/detect-sqli.zeek delete mode 100644 src/Span.h delete mode 100644 testing/btest/Baseline.zam/cluster.websocket.one-ipv6-deprecated/..manager..stderr delete mode 100644 testing/btest/Baseline/bifs.record_type_to_vector/out delete mode 100644 testing/btest/Baseline/broker.event-group-interaction/recv.recv.out delete mode 100644 testing/btest/Baseline/broker.event-group-interaction/send.send.out delete mode 100644 testing/btest/Baseline/broker.remote_event_auto/recv.recv.out delete mode 100644 testing/btest/Baseline/broker.remote_event_auto/send.send.out delete mode 100644 testing/btest/Baseline/broker.remote_event_auto_ts/recv.recv.out delete mode 100644 testing/btest/Baseline/broker.remote_event_auto_ts/send.send.out delete mode 100644 testing/btest/Baseline/broker.web-socket-events-metadata/client.output delete mode 100644 testing/btest/Baseline/broker.web-socket-events-metadata/server.output delete mode 100644 testing/btest/Baseline/broker.web-socket-events/client.output delete mode 100644 testing/btest/Baseline/broker.web-socket-events/server.output delete mode 100644 testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client..stderr delete mode 100644 testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client.out delete mode 100644 testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager..stderr delete mode 100644 testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager.out delete mode 100644 testing/btest/Baseline/core.hostname-literal-resolve/err delete mode 100644 testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only delete mode 100644 testing/btest/Baseline/core.hostname-literal-resolve/out delete mode 100644 testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only delete mode 100644 testing/btest/Baseline/language.optional-and-default-field/.stderr delete mode 100644 testing/btest/Baseline/language.optional-and-default-field/.stdout delete mode 100644 testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-invalid-reply-code.log delete mode 100644 testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-missing-space-after-reply-code.log delete mode 100644 testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-gtp9_unknown_or_too_short_payload.log delete mode 100644 testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-http-11-request-then-cruft.log delete mode 100644 testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ntlm-empty-av-sequence.log delete mode 100644 testing/btest/Baseline/scripts.policy.frameworks.dpd.packet-segment-logging/dpd.log delete mode 100644 testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/http.log.cut delete mode 100644 testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/output delete mode 100644 testing/btest/bifs/record_type_to_vector.zeek delete mode 100644 testing/btest/broker/event-group-interaction.zeek delete mode 100644 testing/btest/broker/remote_event_auto.zeek delete mode 100644 testing/btest/broker/remote_event_auto_ts.zeek delete mode 100644 testing/btest/broker/web-socket-events-metadata.zeek delete mode 100644 testing/btest/broker/web-socket-events.zeek delete mode 100644 testing/btest/cluster/websocket/one-ipv6-deprecated.zeek delete mode 100644 testing/btest/core/hostname-literal-resolve.zeek delete mode 100644 testing/btest/language/optional-and-default-field.zeek delete mode 100644 testing/btest/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek delete mode 100644 testing/btest/scripts/policy/frameworks/dpd/packet-segment-logging.zeek delete mode 100644 testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek diff --git a/cmake_templates/zeek-config-paths.h.in b/cmake_templates/zeek-config-paths.h.in index 9cedf0d70e..c9de76700f 100644 --- a/cmake_templates/zeek-config-paths.h.in +++ b/cmake_templates/zeek-config-paths.h.in @@ -3,8 +3,6 @@ #pragma once constexpr char ZEEK_SCRIPT_INSTALL_PATH[] = "@ZEEK_SCRIPT_INSTALL_PATH@"; -[[deprecated("Remove in v8.1. Use ZEEK_PLUGIN_INSTALL_PATH")]] constexpr char BRO_PLUGIN_INSTALL_PATH[] = - "@ZEEK_PLUGIN_DIR@"; constexpr char ZEEK_PLUGIN_INSTALL_PATH[] = "@ZEEK_PLUGIN_DIR@"; constexpr char DEFAULT_ZEEKPATH[] = "@DEFAULT_ZEEKPATH@"; constexpr char ZEEK_SPICY_MODULE_PATH[] = "@ZEEK_SPICY_MODULE_PATH@"; diff --git a/configure b/configure index ee42154318..d407343ad0 100755 --- a/configure +++ b/configure @@ -90,10 +90,6 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --disable-zkg don't install zkg Required Packages in Non-Standard Locations: - --with-bifcl=PATH path to Zeek BIF compiler executable - (useful for cross-compiling) - --with-binpac=PATH path to BinPAC executable - (useful for cross-compiling) --with-bison=PATH path to bison executable --with-broker=PATH path to Broker install root (Zeek uses an embedded version by default) @@ -184,8 +180,6 @@ builddir=build CMakeCacheEntries="" display_cmake=0 has_disable_archiver=0 -has_with_binpac=0 -has_with_bifcl=0 # parse arguments while [ $# -ne 0 ]; do @@ -369,15 +363,9 @@ while [ $# -ne 0 ]; do --disable-zkg) append_cache_entry INSTALL_ZKG BOOL false ;; - --with-bifcl=*) - has_with_bifcl=1 - ;; --with-bind=*) append_cache_entry BIND_ROOT_DIR PATH $optarg ;; - --with-binpac=*) - has_with_binpac=1 - ;; --with-bison=*) append_cache_entry BISON_EXECUTABLE PATH $optarg ;; @@ -508,15 +496,3 @@ eval ${cmake} 2>&1 echo "# This is the command used to configure this build" >config.status echo $command >>config.status chmod u+x config.status - -if [ $has_with_bifcl -eq 1 ]; then - echo - echo "The --with-bifcl option has been deprecated and will be removed in v8.1." - echo "The bundled version of bifcl will always be used." -fi - -if [ $has_with_binpac -eq 1 ]; then - echo - echo "The --with-binpac option has been deprecated and will be removed in v8.1." - echo "The bundled version of BinPAC will always be used.\n" -fi diff --git a/scripts/base/frameworks/analyzer/dpd.zeek b/scripts/base/frameworks/analyzer/dpd.zeek index bd2ae3982e..c7630e5734 100644 --- a/scripts/base/frameworks/analyzer/dpd.zeek +++ b/scripts/base/frameworks/analyzer/dpd.zeek @@ -6,9 +6,6 @@ module DPD; export { - ## Deprecated, please see https://github.com/zeek/zeek/pull/4200 for details - option max_violations: table[Analyzer::Tag] of count = table() &deprecated="Remove in v8.1: This has become non-functional in Zeek 7.2, see PR #4200" &default = 5; - ## Analyzers which you don't want to remove on violations. option ignore_violations: set[Analyzer::Tag] = set(); @@ -110,4 +107,3 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI if ( disabled ) event analyzer_failed(network_time(), atype, info); } - diff --git a/scripts/base/frameworks/broker/main.zeek b/scripts/base/frameworks/broker/main.zeek index 10606c74af..e81e3c4124 100644 --- a/scripts/base/frameworks/broker/main.zeek +++ b/scripts/base/frameworks/broker/main.zeek @@ -28,7 +28,7 @@ export { ## Default address on which to listen for WebSocket connections. ## - ## .. zeek:see:: Broker::listen_websocket + ## .. zeek:see:: Cluster::listen_websocket const default_listen_address_websocket = getenv("ZEEK_DEFAULT_LISTEN_ADDRESS") &redef; ## Default interval to retry connecting to a peer if it cannot be made to @@ -69,11 +69,6 @@ export { ## all peers. const ssl_keyfile = "" &redef; - ## The number of buffered messages at the Broker/CAF layer after which - ## a subscriber considers themselves congested (i.e. tune the congestion - ## control mechanisms). - const congestion_queue_size = 200 &redef &deprecated="Remove in v8.1. Non-functional since v5.0"; - ## The max number of log entries per log stream to batch together when ## sending log messages to a remote logger. const log_batch_size = 400 &redef; @@ -319,27 +314,6 @@ export { p: port &default = default_port, retry: interval &default = default_listen_retry): port; - ## Listen for remote connections using WebSocket. - ## - ## a: an address string on which to accept connections, e.g. - ## "127.0.0.1". An empty string refers to INADDR_ANY. - ## - ## p: the TCP port to listen on. The value 0 means that the OS should choose - ## the next available free port. - ## - ## retry: If non-zero, retries listening in regular intervals if the port cannot be - ## acquired immediately. 0 disables retries. If the - ## ZEEK_DEFAULT_LISTEN_RETRY environment variable is set (as number - ## of seconds), it overrides any value given here. - ## - ## Returns: the bound port or 0/? on failure. - ## - ## .. zeek:see:: Broker::status - global listen_websocket: function(a: string &default = default_listen_address_websocket, - p: port &default = default_port_websocket, - retry: interval &default = default_listen_retry): port - &deprecated="Remove in v8.1. Switch to Cluster::listen_websocket() instead."; - ## Initiate a remote connection. ## ## a: an address to connect to, e.g. "localhost" or "127.0.0.1". @@ -450,29 +424,6 @@ export { ## ## Returns: true if a new event forwarding/subscription is now registered. global forward: function(topic_prefix: string): bool; - - ## Automatically send an event to any interested peers whenever it is - ## locally dispatched. (For example, using "event my_event(...);" in a - ## script.) - ## - ## topic: a topic string associated with the event message. - ## Peers advertise interest by registering a subscription to some - ## prefix of this topic name. - ## - ## ev: a Zeek event value. - ## - ## Returns: true if automatic event sending is now enabled. - global auto_publish: function(topic: string, ev: any): bool &deprecated="Remove in v8.1. Switch to explicit Cluster::publish() calls. Auto-publish won't work with all cluster backends."; - - ## Stop automatically sending an event to peers upon local dispatch. - ## - ## topic: a topic originally given to :zeek:see:`Broker::auto_publish`. - ## - ## ev: an event originally given to :zeek:see:`Broker::auto_publish`. - ## - ## Returns: true if automatic events will not occur for the topic/event - ## pair. - global auto_unpublish: function(topic: string, ev: any): bool &deprecated="Remove in v8.1. See Broker::auto_publish()"; } @load base/bif/comm.bif @@ -514,31 +465,6 @@ function listen(a: string, p: port, retry: interval): port return bound; } -event retry_listen_websocket(a: string, p: port, retry: interval) - { -@pragma push ignore-deprecations - listen_websocket(a, p, retry); -@pragma pop ignore-deprecations - } - -function listen_websocket(a: string, p: port, retry: interval): port - { - local bound = __listen(a, p, Broker::WEBSOCKET); - - if ( bound == 0/tcp ) - { - local e = getenv("ZEEK_DEFAULT_LISTEN_RETRY"); - - if ( e != "" ) - retry = double_to_interval(to_double(e)); - - if ( retry != 0secs ) - schedule retry { retry_listen_websocket(a, p, retry) }; - } - - return bound; - } - function peer(a: string, p: port, retry: interval): bool { return __peer(a, p, retry); @@ -593,13 +519,3 @@ function unsubscribe(topic_prefix: string): bool { return __unsubscribe(topic_prefix); } - -function auto_publish(topic: string, ev: any): bool - { - return __auto_publish(topic, ev); - } - -function auto_unpublish(topic: string, ev: any): bool - { - return __auto_unpublish(topic, ev); - } diff --git a/scripts/base/frameworks/cluster/main.zeek b/scripts/base/frameworks/cluster/main.zeek index 86c27eff4a..7124cf23d8 100644 --- a/scripts/base/frameworks/cluster/main.zeek +++ b/scripts/base/frameworks/cluster/main.zeek @@ -362,8 +362,6 @@ export { ## WebSocket server options to pass to :zeek:see:`Cluster::listen_websocket`. type WebSocketServerOptions: record { - ## The host address to listen on. - listen_host: string &optional &deprecated="Remove in v8.1: Use $listen_addr instead."; ## The address to listen on, cannot be used together with ``listen_host``. listen_addr: addr &optional; ## The port the WebSocket server is supposed to listen on. diff --git a/scripts/base/frameworks/telemetry/main.zeek b/scripts/base/frameworks/telemetry/main.zeek index 3be4156228..facda527f1 100644 --- a/scripts/base/frameworks/telemetry/main.zeek +++ b/scripts/base/frameworks/telemetry/main.zeek @@ -245,16 +245,6 @@ export { label_values: labels_vector, measurement: double): bool; - ## Interval at which the :zeek:see:`Telemetry::sync` hook is invoked. - ## - ## By default, the hook is invoked on demand, setting this option to - ## a positive interval allows to invoke it regularly, too. Regular - ## invocations are relative to Zeek's network time. - ## - ## Note that on-demand hook invocation will happen even if this - ## is set. - option sync_interval = 0sec &deprecated="Remove in 8.1. If you require regular sync invocation, do so explicitly in a scheduled event."; - ## Collect all counter and gauge metrics matching the given *name* and *prefix*. ## ## For histogram metrics, use the :zeek:see:`Telemetry::collect_histogram_metrics`. @@ -465,14 +455,6 @@ function collect_histogram_metrics(prefix: string, name: string): vector of Hist return Telemetry::__collect_histogram_metrics(prefix, name); } -event run_sync_hook() - { - hook Telemetry::sync(); -@pragma push ignore-deprecations - schedule sync_interval { run_sync_hook() }; -@pragma pop ignore-deprecations - } - # Expose the Zeek version as Prometheus style info metric global version_gauge_family = Telemetry::register_gauge_family(Telemetry::MetricOpts( $prefix="zeek", @@ -485,11 +467,6 @@ global version_gauge_family = Telemetry::register_gauge_family(Telemetry::Metric event zeek_init() { -@pragma push ignore-deprecations - if ( sync_interval > 0sec ) - schedule sync_interval { run_sync_hook() }; -@pragma pop ignore-deprecations - local v = Version::info; local labels = vector(cat(v$version_number), cat(v$major), cat(v$minor), cat (v$patch), diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index ba96df34ab..66ce27876c 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -1726,18 +1726,6 @@ const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024 &redef; ## buffering. const tcp_max_old_segments = 0 &redef; -## For services without a handler, these sets define originator-side ports -## that still trigger reassembly. -## -## .. zeek:see:: tcp_reassembler_ports_resp -const tcp_reassembler_ports_orig: set[port] = {} &redef &deprecated="Remove in v8.1. Non-functional since v4.1"; - -## For services without a handler, these sets define responder-side ports -## that still trigger reassembly. -## -## .. zeek:see:: tcp_reassembler_ports_orig -const tcp_reassembler_ports_resp: set[port] = {} &redef &deprecated="Remove in v8.1. Non-functional since v4.1"; - ## Defines destination TCP ports for which the contents of the originator stream ## should be delivered via :zeek:see:`tcp_contents`. ## @@ -3063,9 +3051,8 @@ type dns_binds_rr: record { algorithm: count; ##< Algorithm for Public Key. key_id: count; ##< key tag. removal_flag: count; ##< rm flag. - complte_flag: string &deprecated="Remove in v8.1: Use complete_flag instead."; ##< complete flag. - is_query: count; ##< The RR is a query/Response. complete_flag: count; ##< complete flag. + is_query: count; ##< The RR is a query/Response. }; ## A Private RR type LOC record. diff --git a/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek b/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek deleted file mode 100644 index b526f0a4da..0000000000 --- a/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek +++ /dev/null @@ -1,96 +0,0 @@ -##! Creates the now deprecated dpd.logfile. -# Remove in v8.1 - -module DPD; - -export { - ## Add the DPD logging stream identifier. - redef enum Log::ID += { LOG }; - - ## A default logging policy hook for the stream. - global log_policy: Log::PolicyHook; - - ## The record type defining the columns to log in the DPD logging stream. - type Info: record { - ## Timestamp for when protocol analysis failed. - ts: time &log; - ## Connection unique ID. - uid: string &log; - ## Connection ID containing the 4-tuple which identifies endpoints. - id: conn_id &log; - ## Transport protocol for the violation. - proto: transport_proto &log; - ## The analyzer that generated the violation. - analyzer: string &log; - ## The textual reason for the analysis failure. - failure_reason: string &log; - }; -} - -redef record connection += { - dpd: Info &optional; - ## The set of services (analyzers) for which Zeek has observed a - ## violation after the same service had previously been confirmed. - service_violation: set[string] &default=set() &ordered &deprecated="Remove in v8.1. Consider using failed_analyzers instead"; - -}; - -event zeek_init() &priority=5 - { - Log::create_stream(DPD::LOG, Log::Stream($columns=Info, $path="dpd", $policy=log_policy)); - } - -# before the same event in dpd.zeek -event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=15 - { - if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) ) - return; - - if ( ! info?$c ) - return; - - local c = info$c; - local analyzer = Analyzer::name(atype); - # If the service hasn't been confirmed yet, or already failed, - # don't generate a log message for the protocol violation. - if ( analyzer !in c$service || analyzer in c$service_violation ) - return; - - add c$service_violation[analyzer]; - - local dpd: Info; - dpd$ts = network_time(); - dpd$uid = c$uid; - dpd$id = c$id; - dpd$proto = get_port_transport_proto(c$id$orig_p); - dpd$analyzer = analyzer; - - # Encode data into the reason if there's any as done for the old - # analyzer_violation event, previously. - local reason = info$reason; - if ( info?$data ) - { - local ellipsis = |info$data| > 40 ? "..." : ""; - local data = info$data[0:40]; - reason = fmt("%s [%s%s]", reason, data, ellipsis); - } - - dpd$failure_reason = reason; - c$dpd = dpd; - } - -event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo ) &priority=-5 - { - if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) ) - return; - - if ( ! info?$c ) - return; - - if ( info$c?$dpd ) - { - Log::write(DPD::LOG, info$c$dpd); - delete info$c$dpd; - } - } - diff --git a/scripts/policy/frameworks/dpd/detect-protocols.zeek b/scripts/policy/frameworks/dpd/detect-protocols.zeek deleted file mode 100644 index d36dd36b7d..0000000000 --- a/scripts/policy/frameworks/dpd/detect-protocols.zeek +++ /dev/null @@ -1,3 +0,0 @@ -@deprecated("frameworks/dpd/detect-protocols.zeek moved to frameworks/analyzer/detect-protocols.zeek. Please switch to frameworks/analyzer/detect-protocols.zeek. Remove in 8.1") - -@load frameworks/analyzer/detect-protocols.zeek diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.zeek b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek deleted file mode 100644 index 37e26e3d13..0000000000 --- a/scripts/policy/frameworks/dpd/packet-segment-logging.zeek +++ /dev/null @@ -1,34 +0,0 @@ -@deprecated("Please switch to frameworks/analyzer/packet-segment-logging, which logs to analyzer.log. Remove in 8.1") - -##! This script enables logging of packet segment data when a protocol -##! parsing violation is encountered. The amount of data from the -##! packet logged is set by the :zeek:see:`DPD::packet_segment_size` variable. -##! A caveat to logging packet data is that in some cases, the packet may -##! not be the packet that actually caused the protocol violation. - -@load frameworks/analyzer/deprecated-dpd-log - -module DPD; - -export { - redef record Info += { - ## A chunk of the payload that most likely resulted in the - ## analyzer violation. - packet_segment: string &optional &log; - }; - - ## Size of the packet segment to display in the DPD log. - option packet_segment_size: int = 255; -} - - -event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=4 - { - if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) ) - return; - - if ( ! info?$c || ! info$c?$dpd ) - return; - - info$c$dpd$packet_segment = fmt("%s", sub_bytes(get_current_packet()$data, 0, packet_segment_size)); - } diff --git a/scripts/policy/frameworks/management/controller/main.zeek b/scripts/policy/frameworks/management/controller/main.zeek index 7b9a817a42..19135149bf 100644 --- a/scripts/policy/frameworks/management/controller/main.zeek +++ b/scripts/policy/frameworks/management/controller/main.zeek @@ -4,6 +4,7 @@ ##! by the supervisor. @load base/frameworks/broker +@load base/frameworks/cluster @load policy/frameworks/management @load policy/frameworks/management/agent/config # For the agent topic prefix @@ -1644,9 +1645,9 @@ event zeek_init() if ( cni$bound_port != 0/unknown ) { -@pragma push ignore-deprecations - Broker::listen_websocket(cat(cni$address), cni$bound_port); -@pragma pop ignore-deprecations + local ws_opts = Cluster::WebSocketServerOptions($listen_addr=to_addr(cni$address), + $listen_port=cni$bound_port); + Cluster::listen_websocket(ws_opts); websocket_info = fmt("websocket port %s:%s", cni$address, cni$bound_port); } diff --git a/scripts/policy/protocols/http/detect-sqli.zeek b/scripts/policy/protocols/http/detect-sqli.zeek deleted file mode 100644 index ea6b818713..0000000000 --- a/scripts/policy/protocols/http/detect-sqli.zeek +++ /dev/null @@ -1,142 +0,0 @@ -##! SQL injection attack detection in HTTP. - -## This package is deprecated in favor of detect-sql-injection.zeek. -## -## The replacement script annotates the notices it generates with -## an associated $uid connection identifier; always provides an attacker -## IP address in the $src field; and always provides a victim IP address -## in the $dst field. The notices generated by this script, on the other -## hand, lack a $uid identifier, and do not provide $dst information. -## In addition, for SQL_Injection_Victim notices, this script provides the -## victim's IP address in the $src field, which some find counter-intuitive. -## -## In addition, the replacement script removes support for generating -## Notice emails. - -@deprecated "Remove in v8.1: Switch to the improved detect-sql-injection script" - -@load base/frameworks/notice -@load base/frameworks/sumstats -@load base/protocols/http - -module HTTP; - -export { - redef enum Notice::Type += { - ## Indicates that a host performing SQL injection attacks was - ## detected. - SQL_Injection_Attacker, - ## Indicates that a host was seen to have SQL injection attacks - ## against it. This is tracked by IP address as opposed to - ## hostname. - SQL_Injection_Victim, - }; - - redef enum Tags += { - ## Indicator of a URI based SQL injection attack. - URI_SQLI, - ## Indicator of client body based SQL injection attack. This is - ## typically the body content of a POST request. Not implemented - ## yet. - POST_SQLI, - ## Indicator of a cookie based SQL injection attack. Not - ## implemented yet. - COOKIE_SQLI, - }; - - ## Defines the threshold that determines if an SQL injection attack - ## is ongoing based on the number of requests that appear to be SQL - ## injection attacks. - const sqli_requests_threshold: double = 50.0 &redef; - - ## Interval at which to watch for the - ## :zeek:id:`HTTP::sqli_requests_threshold` variable to be crossed. - ## At the end of each interval the counter is reset. - const sqli_requests_interval = 5min &redef; - - ## Collecting samples will add extra data to notice emails - ## by collecting some sample SQL injection url paths. Disable - ## sample collection by setting this value to 0. - const collect_SQLi_samples = 5 &redef; - - ## Regular expression is used to match URI based SQL injections. - const match_sql_injection_uri = - /[\?&][^[:blank:]\x00-\x1f\|\+]+?=[\-[:alnum:]%]+([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]?([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|\)?;)+.*?([hH][aA][vV][iI][nN][gG]|[uU][nN][iI][oO][nN]|[eE][xX][eE][cC]|[sS][eE][lL][eE][cC][tT]|[dD][eE][lL][eE][tT][eE]|[dD][rR][oO][pP]|[dD][eE][cC][lL][aA][rR][eE]|[cC][rR][eE][aA][tT][eE]|[iI][nN][sS][eE][rR][tT])([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)+/ - | /[\?&][^[:blank:]\x00-\x1f\|\+]+?=[\-0-9%]+([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]?([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|\)?;)+([xX]?[oO][rR]|[nN]?[aA][nN][dD])([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)+['"]?(([^a-zA-Z&]+)?=|[eE][xX][iI][sS][tT][sS])/ - | /[\?&][^[:blank:]\x00-\x1f\+]+?=[\-0-9%]*([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]([[:blank:]\x00-\x1f]|\/\*.*?\*\/)*(-|=|\+|\|\|)([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*([0-9]|\(?[cC][oO][nN][vV][eE][rR][tT]|[cC][aA][sS][tT])/ - | /[\?&][^[:blank:]\x00-\x1f\|\+]+?=([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/)*['"]([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|;)*([xX]?[oO][rR]|[nN]?[aA][nN][dD]|[hH][aA][vV][iI][nN][gG]|[uU][nN][iI][oO][nN]|[eE][xX][eE][cC]|[sS][eE][lL][eE][cC][tT]|[dD][eE][lL][eE][tT][eE]|[dD][rR][oO][pP]|[dD][eE][cC][lL][aA][rR][eE]|[cC][rR][eE][aA][tT][eE]|[rR][eE][gG][eE][xX][pP]|[iI][nN][sS][eE][rR][tT])([[:blank:]\x00-\x1f\+]|\/\*.*?\*\/|[\[(])+[a-zA-Z&]{2,}/ - | /[\?&][^[:blank:]\x00-\x1f\+]+?=[^\.]*?([cC][hH][aA][rR]|[aA][sS][cC][iI][iI]|[sS][uU][bB][sS][tT][rR][iI][nN][gG]|[tT][rR][uU][nN][cC][aA][tT][eE]|[vV][eE][rR][sS][iI][oO][nN]|[lL][eE][nN][gG][tT][hH])\(/ - | /\/\*![[:digit:]]{5}.*?\*\// &redef; - - ## A hook that can be used to prevent specific requests from being counted - ## as an injection attempt. Use a 'break' statement to exit the hook - ## early and ignore the request. - global HTTP::sqli_policy: hook(c: connection, method: string, unescaped_URI: string); -} - -function format_sqli_samples(samples: vector of SumStats::Observation): string - { - local ret = "SQL Injection samples\n---------------------"; - for ( i in samples ) - ret += "\n" + samples[i]$str; - return ret; - } - -event zeek_init() &priority=3 - { - # Add filters to the metrics so that the metrics framework knows how to - # determine when it looks like an actual attack and how to respond when - # thresholds are crossed. - local r1 = SumStats::Reducer($stream="http.sqli.attacker", $apply=set(SumStats::SUM, SumStats::SAMPLE), $num_samples=collect_SQLi_samples); - SumStats::create(SumStats::SumStat($name="detect-sqli-attackers", - $epoch=sqli_requests_interval, - $reducers=set(r1), - $threshold_val(key: SumStats::Key, result: SumStats::Result) = - { - return result["http.sqli.attacker"]$sum; - }, - $threshold=sqli_requests_threshold, - $threshold_crossed(key: SumStats::Key, result: SumStats::Result) = - { - local r = result["http.sqli.attacker"]; - NOTICE(Notice::Info($note=SQL_Injection_Attacker, - $msg="An SQL injection attacker was discovered!", - $email_body_sections=vector(format_sqli_samples(r$samples)), - $src=key$host, - $identifier=cat(key$host))); - })); - - local r2 = SumStats::Reducer($stream="http.sqli.victim", $apply=set(SumStats::SUM, SumStats::SAMPLE), $num_samples=collect_SQLi_samples); - SumStats::create(SumStats::SumStat($name="detect-sqli-victims", - $epoch=sqli_requests_interval, - $reducers=set(r2), - $threshold_val(key: SumStats::Key, result: SumStats::Result) = - { - return result["http.sqli.victim"]$sum; - }, - $threshold=sqli_requests_threshold, - $threshold_crossed(key: SumStats::Key, result: SumStats::Result) = - { - local r = result["http.sqli.victim"]; - NOTICE(Notice::Info($note=SQL_Injection_Victim, - $msg="An SQL injection victim was discovered!", - $email_body_sections=vector(format_sqli_samples(r$samples)), - $src=key$host, - $identifier=cat(key$host))); - })); - } - -event http_request(c: connection, method: string, original_URI: string, - unescaped_URI: string, version: string) &priority=3 - { - if ( ! hook HTTP::sqli_policy(c, method, unescaped_URI) ) - return; - - if ( match_sql_injection_uri in unescaped_URI ) - { - add c$http$tags[URI_SQLI]; - - SumStats::observe("http.sqli.attacker", SumStats::Key($host=c$id$orig_h), SumStats::Observation($str=original_URI)); - SumStats::observe("http.sqli.victim", SumStats::Key($host=c$id$resp_h), SumStats::Observation($str=original_URI)); - } - } diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index 3aa07c1c8d..3292921e86 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -11,7 +11,6 @@ @load frameworks/analyzer/debug-logging.zeek @load frameworks/analyzer/detect-protocols.zeek -# @load frameworks/analyzer/deprecated-dpd-log.zeek @load frameworks/analyzer/packet-segment-logging.zeek # @load frameworks/control/controllee.zeek # @load frameworks/control/controller.zeek @@ -50,8 +49,6 @@ @load frameworks/management/request.zeek @load frameworks/management/types.zeek @load frameworks/management/util.zeek -# @load frameworks/dpd/detect-protocols.zeek -# @load frameworks/dpd/packet-segment-logging.zeek @load frameworks/intel/do_notice.zeek @load frameworks/intel/do_expire.zeek @load frameworks/intel/whitelist.zeek @@ -126,7 +123,6 @@ @load protocols/ftp/detect-bruteforcing.zeek @load protocols/ftp/detect.zeek @load protocols/ftp/software.zeek -# @load protocols/http/detect-sqli.zeek @load protocols/http/detect-sql-injection.zeek @load protocols/http/detect-webapps.zeek @load protocols/http/header-names.zeek diff --git a/scripts/zeekygen/__load__.zeek b/scripts/zeekygen/__load__.zeek index d392c027b6..2894c7807e 100644 --- a/scripts/zeekygen/__load__.zeek +++ b/scripts/zeekygen/__load__.zeek @@ -1,14 +1,8 @@ @load test-all-policy.zeek # Scripts which are commented out in test-all-policy.zeek. -@load frameworks/analyzer/deprecated-dpd-log.zeek @load frameworks/conn_key/vlan_fivetuple.zeek -# Remove in v8.1: replaced by frameworks/analyzer/detect-protocols.zeek -@pragma push ignore-deprecations -@load frameworks/dpd/detect-protocols.zeek -@pragma pop ignore-deprecations - @load protocols/ssl/decryption.zeek @ifdef ( Cluster::CLUSTER_BACKEND_ZEROMQ ) @load frameworks/cluster/backend/zeromq/connect.zeek @@ -17,11 +11,6 @@ @load frameworks/control/controllee.zeek @load frameworks/control/controller.zeek -# Remove in v8.1: replaced by frameworks/analyzer/packet-segment-logging.zeek -@pragma push ignore-deprecations -@load frameworks/dpd/packet-segment-logging.zeek -@pragma pop ignore-deprecations - @load frameworks/management/agent/main.zeek @load frameworks/management/controller/main.zeek @load frameworks/management/node/__load__.zeek @@ -31,9 +20,6 @@ @load policy/misc/dump-events.zeek @load policy/protocols/conn/speculative-service.zeek -# Remove in v8.1: This script is deprecated and conflicts with detect-sql-injection.zeek -# @load policy/protocols/http/detect-sqli.zeek - @if ( have_spicy() ) # Loading this messes up documentation of some elements defined elsewhere. # @load frameworks/spicy/record-spicy-batch.zeek diff --git a/src/Attr.cc b/src/Attr.cc index 4dc568818a..52c7c461b6 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -300,10 +300,8 @@ bool Attributes::CheckAttr(Attr* a) { if ( global_var ) return AttrError("&optional is not valid for global variables"); - // Remove in v8.1: Call AttrError() if ( in_record && Find(ATTR_DEFAULT) ) - zeek::reporter->Deprecation( - "Remove in v8.1: Using &default and &optional together results in &default behavior"); + return AttrError("Using &default and &optional together results in &default behavior"); break; @@ -342,10 +340,8 @@ bool Attributes::CheckAttr(Attr* a) { if ( Find(ATTR_DEFAULT_INSERT) ) return AttrError("&default and &default_insert cannot be used together"); - // Remove in v8.1: Call AttrError() if ( in_record && Find(ATTR_OPTIONAL) ) - zeek::reporter->Deprecation( - "Remove in v8.1: Using &default and &optional together results in &default behavior"); + return AttrError("Using &default and &optional together results in &default behavior"); std::string err_msg; if ( ! check_default_attr(a, type, global_var, in_record, err_msg) && ! err_msg.empty() ) diff --git a/src/Conn.cc b/src/Conn.cc index d1336803a7..d54b9c851e 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -39,43 +39,6 @@ Connection::Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const resp_port = key->DstPort(); proto = key->GetTransportProto(); - Init(flow, pkt); -} - -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt) - : Session(t, connection_timeout, connection_status_update, detail::connection_status_update_interval) { - orig_addr = id->src_addr; - resp_addr = id->dst_addr; - orig_port = id->src_port; - resp_port = id->dst_port; - - key = std::make_unique(); - key->InitTuple(id->src_addr, id->src_port, id->dst_addr, id->dst_port, id->proto, id->is_one_way); - key->Init(*pkt); - - proto = key->GetTransportProto(); - - Init(flow, pkt); -} -#pragma GCC diagnostic pop - -Connection::~Connection() { - if ( ! finished ) - reporter->InternalError("Done() not called before destruction of Connection"); - - CancelTimers(); - - if ( conn_val ) - conn_val->SetOrigin(nullptr); - - delete adapter; - - --current_connections; -} - -void Connection::Init(uint32_t flow, const Packet* pkt) { orig_flow_label = flow; resp_flow_label = 0; saw_first_orig_packet = 1; @@ -109,6 +72,20 @@ void Connection::Init(uint32_t flow, const Packet* pkt) { encapsulation = pkt->encap; } +Connection::~Connection() { + if ( ! finished ) + reporter->InternalError("Done() not called before destruction of Connection"); + + CancelTimers(); + + if ( conn_val ) + conn_val->SetOrigin(nullptr); + + delete adapter; + + --current_connections; +} + void Connection::CheckEncapsulation(const std::shared_ptr& arg_encap) { if ( encapsulation && arg_encap ) { if ( *encapsulation != *arg_encap ) { diff --git a/src/Conn.h b/src/Conn.h index 4afb044e6b..3460aa31d7 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -53,21 +53,6 @@ enum ConnEventToFlag : uint8_t { NUM_EVENTS_TO_FLAG, }; -// Deprecated without replacement: remove in v8.1. -// XXX using [[deprecated]] for the whole struct leads to hard errors on FreeBSD/MacOS. -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -struct ConnTuple { -#pragma GCC diagnostic pop - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr src_addr; - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr dst_addr; - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t src_port = 0; - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t dst_port = 0; - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint16_t proto = UNKNOWN_IP_PROTO; - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] bool is_one_way = - false; // if true, don't canonicalize order -}; - static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, const IPAddr& addr2, uint32_t p2) { return addr1 < addr2 || (addr1 == addr2 && p1 < p2); } @@ -76,9 +61,6 @@ class Connection final : public session::Session { public: Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const Packet* pkt); - [[deprecated("Remove in v8.1. Switch to ConnKey factories and the new zeek::ConnKey tree.")]] - Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt); - ~Connection() override; /** @@ -213,10 +195,6 @@ public: static void InitPostScript(); private: - // Common initialization for the constructors. This can move back into the - // (sole) constructor when we remove the deprecated one in 8.1. - void Init(uint32_t flow, const Packet* pkt); - friend class session::detail::Timer; IPAddr orig_addr; diff --git a/src/Desc.h b/src/Desc.h index 25bcddf0cf..8ca401558c 100644 --- a/src/Desc.h +++ b/src/Desc.h @@ -144,10 +144,6 @@ public: return byte_vec(t); } - [[deprecated("Remove in v8.1. Use Size() that returns size_t instead.")]] - int Len() const { - return static_cast(offset); - } size_t Size() const { return offset; } void Clear(); diff --git a/src/Event.cc b/src/Event.cc index 4c6680415d..e802567e47 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -41,16 +41,6 @@ RecordValPtr detail::MetadataEntry::BuildVal() const { return rv; } -Event::Event(const EventHandlerPtr& arg_handler, zeek::Args arg_args, util::detail::SourceID arg_src, - analyzer::ID arg_aid, Obj* arg_obj, double arg_ts) - : handler(arg_handler), - args(std::move(arg_args)), - meta(detail::MakeEventMetadataVector(arg_ts)), - src(arg_src), - aid(arg_aid), - obj(zeek::NewRef{}, arg_obj), - next_event(nullptr) {} - Event::Event(detail::EventMetadataVectorPtr arg_meta, const EventHandlerPtr& arg_handler, zeek::Args arg_args, util::detail::SourceID arg_src, analyzer::ID arg_aid, Obj* arg_obj) : handler(arg_handler), @@ -58,8 +48,7 @@ Event::Event(detail::EventMetadataVectorPtr arg_meta, const EventHandlerPtr& arg meta(std::move(arg_meta)), src(arg_src), aid(arg_aid), - obj(zeek::NewRef{}, arg_obj), - next_event(nullptr) {} + obj(zeek::NewRef{}, arg_obj) {} zeek::VectorValPtr Event::MetadataValues(const EnumValPtr& id) const { static const auto& any_vec_t = zeek::id::find_type("any_vec"); @@ -135,14 +124,8 @@ void Event::Dispatch(bool no_remote) { reporter->BeginErrorHandler(); try { -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - // Replace in v8.1 with handler->Call(&args). - handler->Call(&args, no_remote, Time()); -#pragma GCC diagnostic pop - } - - catch ( InterpreterException& e ) { + handler->Call(&args); + } catch ( InterpreterException& e ) { // Already reported. } @@ -161,15 +144,12 @@ EventMgr::~EventMgr() { } } -void EventMgr::Enqueue(const EventHandlerPtr& h, Args vl, util::detail::SourceID src, analyzer::ID aid, Obj* obj, - DeprecatedTimestamp deprecated_ts) { +void EventMgr::Enqueue(const EventHandlerPtr& h, Args vl, util::detail::SourceID src, analyzer::ID aid, Obj* obj) { detail::EventMetadataVectorPtr meta; - double ts = double(deprecated_ts); - // If this is a local event and EventMetadata::add_network_timestamp is // enabled, automatically set the network timestamp for this event to the - // current network time when it is < 0 (default of deprecated_ts is -1.0). + // current network time. // // See the other Enqueue() implementation for the local vs broker/remote // motivation of want_network_timestamp. @@ -178,19 +158,8 @@ void EventMgr::Enqueue(const EventHandlerPtr& h, Args vl, util::detail::SourceID ((src == util::detail::SOURCE_LOCAL) || (src == util::detail::SOURCE_BROKER && BifConst::EventMetadata::add_missing_remote_network_timestamp)); - if ( want_network_timestamp ) { - if ( ts < 0.0 ) - ts = run_state::network_time; - - // In v8.1 when the deprecated_ts parameters is gone: Just use run_state::network_time directly here. - meta = detail::MakeEventMetadataVector(ts); - } - else if ( ts >= 0.0 ) { - // EventMetadata::add_network_timestamp is false, but EventMgr::Enqueue() - // with an explicit (non-negative) timestamp is used. That's a deprecated - // API, but we continue to support it until v8.1. - meta = detail::MakeEventMetadataVector(ts); - } + if ( want_network_timestamp ) + meta = detail::MakeEventMetadataVector(run_state::network_time); QueueEvent(new Event(std::move(meta), h, std::move(vl), src, aid, obj)); } @@ -261,14 +230,6 @@ void EventMgr::QueueEvent(Event* event) { ++event_mgr.num_events_queued; } -void EventMgr::Dispatch(Event* event, bool no_remote) { - Event* old_current = current; - current = event; - event->Dispatch(no_remote); - current = old_current; - Unref(event); -} - void EventMgr::Dispatch(const EventHandlerPtr& h, zeek::Args vl) { detail::EventMetadataVectorPtr meta; @@ -284,11 +245,11 @@ void EventMgr::Dispatch(const EventHandlerPtr& h, zeek::Args vl) { if ( done ) return; -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - // TODO: Open-code the old Dispatch() implementation here in v8.1. - Dispatch(ev); -#pragma GCC diagnostic pop + Event* old_current = current; + current = ev; + ev->Dispatch(); + current = old_current; + Unref(ev); } void EventMgr::Drain() { diff --git a/src/Event.h b/src/Event.h index 69914e1432..0b32348363 100644 --- a/src/Event.h +++ b/src/Event.h @@ -55,10 +55,6 @@ constexpr double NO_TIMESTAMP = -1.0; class Event final : public Obj { public: - [[deprecated("Remove in v8.1: Do not instantiate raw events. Use EventMgr::Dispatch() or EventMgr::Enqueue().")]] - Event(const EventHandlerPtr& handler, zeek::Args args, util::detail::SourceID src = util::detail::SOURCE_LOCAL, - analyzer::ID aid = 0, Obj* obj = nullptr, double ts = run_state::network_time); - void SetNext(Event* n) { next_event = n; } Event* NextEvent() const { return next_event; } @@ -99,12 +95,10 @@ private: util::detail::SourceID src; analyzer::ID aid; zeek::IntrusivePtr obj; - Event* next_event; + Event* next_event = nullptr; }; class EventMgr final : public Obj, public iosource::IOSource { - class DeprecatedTimestamp; - public: ~EventMgr() override; @@ -123,7 +117,7 @@ public: * (defaults to current network time - deprecated). */ void Enqueue(const EventHandlerPtr& h, zeek::Args vl, util::detail::SourceID src = util::detail::SOURCE_LOCAL, - analyzer::ID aid = 0, Obj* obj = nullptr, DeprecatedTimestamp ts = {}); + analyzer::ID aid = 0, Obj* obj = nullptr); /** * A version of Enqueue() taking a variable number of arguments. @@ -147,9 +141,6 @@ public: void Enqueue(detail::EventMetadataVectorPtr meta, const EventHandlerPtr& h, zeek::Args vl, util::detail::SourceID src = util::detail::SOURCE_LOCAL, analyzer::ID aid = 0, Obj* obj = nullptr); - [[deprecated("Remove in v8.1: Use Dispatch(handler, args) instead.")]] - void Dispatch(Event* event, bool no_remote = false); - // Dispatch an event with the given handler and arguments immediately. // // While the event is technically not queued, HookQueueEvent() is @@ -196,24 +187,6 @@ public: uint64_t num_events_dispatched = 0; private: - /** - * Helper class to produce a compile time warning if Enqueue() is called with an explicit timestamp. - * - * Remove in v8.1. - */ - class DeprecatedTimestamp { - public: - DeprecatedTimestamp() : d(-1.0) {} - [[deprecated("Use overload EventMgr::Enqueue(EventMetadataVectorPtr meta, ...) to pass timestamp metadata")]] - /*implicit*/ DeprecatedTimestamp(double d) - : d(d) {} - - explicit operator double() const { return d; } - - private: - double d; - }; - void QueueEvent(Event* event); Event* current = nullptr; diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 57cc0703c6..8c91bb20c1 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -22,9 +22,7 @@ EventHandler::EventHandler(std::string arg_name) { generate_always = false; } -EventHandler::operator bool() const { - return enabled && ((local && local->HasEnabledBodies()) || generate_always || ! auto_publish.empty()); -} +EventHandler::operator bool() const { return enabled && ((local && local->HasEnabledBodies()) || generate_always); } const FuncTypePtr& EventHandler::GetType(bool check_export) { if ( type ) @@ -44,7 +42,7 @@ const FuncTypePtr& EventHandler::GetType(bool check_export) { void EventHandler::SetFunc(FuncPtr f) { local = std::move(f); } -void EventHandler::Call(Args* vl, bool no_remote, double ts) { +void EventHandler::Call(Args* vl) { if ( ! call_count ) { static auto eh_invocations_family = telemetry_mgr->CounterFamily("zeek", "event-handler-invocations", {"name"}, @@ -58,40 +56,6 @@ void EventHandler::Call(Args* vl, bool no_remote, double ts) { if ( new_event ) NewEvent(vl); - if ( ! no_remote ) { - if ( ! auto_publish.empty() ) { - // Send event in form [name, xs...] where xs represent the arguments. - BrokerListBuilder xs; - xs.Reserve(vl->size()); - bool valid_args = true; - - for ( const auto& v : *vl ) { - if ( ! xs.Add(v) ) { - valid_args = false; - auto_publish.clear(); - reporter->Error("failed auto-remote event '%s', disabled", Name()); - break; - } - } - - if ( valid_args ) { - auto ev_args = std::move(xs).Build(); - - for ( auto it = auto_publish.begin();; ) { - const auto& topic = *it; - ++it; - - if ( it != auto_publish.end() ) - broker_mgr->PublishEvent(topic, Name(), ev_args, ts); - else { - broker_mgr->PublishEvent(topic, Name(), std::move(ev_args), ts); - break; - } - } - } - } - } - if ( local ) // No try/catch here; we pass exceptions upstream. local->Invoke(vl); diff --git a/src/EventHandler.h b/src/EventHandler.h index 775fd90408..e393d1dfbd 100644 --- a/src/EventHandler.h +++ b/src/EventHandler.h @@ -35,28 +35,8 @@ public: void SetFunc(FuncPtr f); - [[deprecated("Remove in v8.1, use explicit Publish().")]] - void AutoPublish(std::string topic) { - auto_publish.insert(std::move(topic)); - } - - [[deprecated("Remove in v8.1.")]] - void AutoUnpublish(const std::string& topic) { - auto_publish.erase(topic); - } - - [[deprecated( - "Remove in v8.1. The no_remote and ts parameters are AutoPublish() specific and won't have an effect " - "in the future. Use Call(args)")]] - void Call(zeek::Args* vl, bool no_remote = false, double ts = run_state::network_time); - // Call the function associated with this handler. - void Call(zeek::Args* vl) { -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - Call(vl, false, run_state::network_time); -#pragma GCC diagnostic pop - } + void Call(zeek::Args* vl); // Returns true if there is at least one local or remote handler. explicit operator bool() const; @@ -89,8 +69,6 @@ private: // Initialize this lazy, so we don't expose metrics for 0 values. std::shared_ptr call_count; - - std::unordered_set auto_publish; }; // Encapsulates a ptr to an event handler to overload the boolean operator. diff --git a/src/Func.h b/src/Func.h index 4476935d2a..250e77c44f 100644 --- a/src/Func.h +++ b/src/Func.h @@ -129,11 +129,6 @@ public: Kind GetKind() const { return kind; } - [[deprecated("Remove with v8.1 - use GetName() instead")]] - const char* Name() const { - return name.c_str(); - } - const std::string& GetName() const { return name; } void SetName(const std::string& arg_name) { name = arg_name; } diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 83265c3161..ae63970e75 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -16,127 +16,6 @@ namespace zeek { const IPAddr IPAddr::v4_unspecified = IPAddr(in4_addr{}); const IPAddr IPAddr::v6_unspecified = IPAddr(); -namespace detail { - -ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto, - bool one_way) { - Init(src, dst, src_port, dst_port, proto, one_way); -} - -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -ConnKey::ConnKey(const ConnTuple& id) { - Init(id.src_addr, id.dst_addr, id.src_port, id.dst_port, id.proto, id.is_one_way); -} - -ConnKey& ConnKey::operator=(const ConnKey& rhs) { - if ( this == &rhs ) - return *this; - - // Because of padding in the object, this needs to memset to clear out - // the extra memory used by padding. Otherwise, the session key stuff - // doesn't work quite right. The static_cast is to silence a - // -Wnontrival-memcall warning from clang++ 17 and later. - memset(static_cast(this), 0, sizeof(ConnKey)); - - memcpy(&ip1, &rhs.ip1, sizeof(in6_addr)); - memcpy(&ip2, &rhs.ip2, sizeof(in6_addr)); - port1 = rhs.port1; - port2 = rhs.port2; - transport = rhs.transport; - - return *this; -} -#pragma GCC diagnostic pop - -ConnKey::ConnKey(Val* v) { - const auto& vt = v->GetType(); - if ( ! IsRecord(vt->Tag()) ) { - transport = INVALID_CONN_KEY_IP_PROTO; - return; - } - - RecordType* vr = vt->AsRecordType(); - auto vl = v->As(); - - // indices into record's value list - int orig_h; - int orig_p; - - int resp_h; - int resp_p; - int proto; - - if ( vr == id::conn_id ) { - orig_h = 0; - orig_p = 1; - resp_h = 2; - resp_p = 3; - proto = 4; - } - else { - // While it's not a conn_id, it may have equivalent fields. - orig_h = vr->FieldOffset("orig_h"); - resp_h = vr->FieldOffset("resp_h"); - orig_p = vr->FieldOffset("orig_p"); - resp_p = vr->FieldOffset("resp_p"); - proto = vr->FieldOffset("proto"); - - if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 || proto < 0 ) { - transport = INVALID_CONN_KEY_IP_PROTO; - return; - } - - // TODO we ought to check that the fields have the right - // types, too. - } - - if ( ! vl->HasField(orig_h) || ! vl->HasField(resp_h) || ! vl->HasField(orig_p) || ! vl->HasField(resp_p) ) { - transport = INVALID_CONN_KEY_IP_PROTO; - return; - } - - const IPAddr& orig_addr = vl->GetFieldAs(orig_h); - const IPAddr& resp_addr = vl->GetFieldAs(resp_h); - - const auto& orig_portv = vl->GetFieldAs(orig_p); - const auto& resp_portv = vl->GetFieldAs(resp_p); - - const auto& protov = vl->GetField(proto); - - Init(orig_addr, resp_addr, htons((unsigned short)orig_portv->Port()), htons((unsigned short)resp_portv->Port()), - protov->AsCount(), false); -} - -void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto, - bool one_way) { - // Because of padding in the object, this needs to memset to clear out - // the extra memory used by padding. Otherwise, the session key stuff - // doesn't work quite right. The static_cast is to silence a - // -Wnontrival-memcall warning from clang++ 17 and later. - memset(static_cast(this), 0, sizeof(ConnKey)); - - // Lookup up connection based on canonical ordering, which is - // the smaller of and - // followed by the other. - if ( one_way || addr_port_canon_lt(src, src_port, dst, dst_port) ) { - ip1 = src.in6; - ip2 = dst.in6; - port1 = src_port; - port2 = dst_port; - } - else { - ip1 = dst.in6; - ip2 = src.in6; - port1 = dst_port; - port2 = src_port; - } - - transport = proto; -} - -} // namespace detail - IPAddr::IPAddr(const String& s) { Init(s.CheckString()); } std::unique_ptr IPAddr::MakeHashKey() const { diff --git a/src/IPAddr.h b/src/IPAddr.h index 341b1cc583..5e03a295cb 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -25,41 +25,6 @@ constexpr uint16_t INVALID_CONN_KEY_IP_PROTO = 65534; class HashKey; -// Deprecated: Remove the whole class in v8.1. Switch usage to the conntuple factories and the new zeek::ConnKey tree. -class ConnKey { -public: - in6_addr ip1; - in6_addr ip2; - uint16_t port1 = 0; - uint16_t port2 = 0; - uint16_t transport = INVALID_CONN_KEY_IP_PROTO; - - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const IPAddr& src, const IPAddr& dst, - uint16_t src_port, uint16_t dst_port, - uint16_t proto, bool one_way); - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnTuple& conn); - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnKey& rhs) { *this = rhs; } - [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(Val* v); - - // FIXME: This is getting reworked as part of the connection tuple changes. Suppress - // the clang-tidy warning for the time being. - // NOLINTBEGIN(bugprone-suspicious-memory-comparison) - bool operator<(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) < 0; } - bool operator<=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) <= 0; } - bool operator==(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) == 0; } - bool operator!=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) != 0; } - bool operator>=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) >= 0; } - bool operator>(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) > 0; } - // NOLINTEND(bugprone-suspicious-memory-comparison) - - ConnKey& operator=(const ConnKey& rhs); - - bool Valid() const { return transport <= 0xFF; }; - -private: - void Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto, bool one_way); -}; - } // namespace detail /** @@ -406,7 +371,6 @@ public: static const IPAddr v6_unspecified; private: - friend class detail::ConnKey; friend class IPPrefix; /** diff --git a/src/RunState.h b/src/RunState.h index 115539b2c6..88dc02aa1f 100644 --- a/src/RunState.h +++ b/src/RunState.h @@ -67,8 +67,6 @@ extern void suspend_processing(); extern void continue_processing(); bool is_processing_suspended(); -[[deprecated("Remove with v8.1. Use run_state::current_pseudo directly if needed.")]] -extern double current_packet_timestamp(); extern double current_packet_wallclock(); // Whether we're reading live traffic. diff --git a/src/Span.h b/src/Span.h deleted file mode 100644 index 586b8ae7dd..0000000000 --- a/src/Span.h +++ /dev/null @@ -1,12 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#pragma once - -#include - -namespace zeek { - -template -using Span [[deprecated("Remove in v8.1: Use std::span instead")]] = std::span; - -} // namespace zeek diff --git a/src/ZeekArgs.h b/src/ZeekArgs.h index bc9f36af01..eab6d46875 100644 --- a/src/ZeekArgs.h +++ b/src/ZeekArgs.h @@ -19,17 +19,6 @@ using RecordTypePtr = IntrusivePtr; using Args = std::vector; -/** - * Converts a legacy-style argument list for use in modern Zeek function - * calling or event queueing APIs. - * @param vl the argument list to convert, the returned value takes ownership - * of a reference to each element in the list - * @return the converted argument list - * - */ -[[deprecated("Remove in v8.1. Convert users to produce zeek::Args directly.")]] -Args val_list_to_args(const ValPList& vl); - /** * Creates a vector of "call_argument" meta data describing the arguments to * function/event invocation. diff --git a/src/ZeekString.cc b/src/ZeekString.cc index 4085045916..52ac930920 100644 --- a/src/ZeekString.cc +++ b/src/ZeekString.cc @@ -322,46 +322,6 @@ String::Vec* String::Split(const String::IdxVec& indices) const { return result; } -VectorVal* String::VecToPolicy(Vec* vec) { - auto result = make_intrusive(id::string_vec); - - for ( unsigned int i = 0; i < vec->size(); ++i ) { - String* string = (*vec)[i]; - auto val = make_intrusive(string->Len(), (const char*)string->Bytes()); - result->Assign(i, std::move(val)); - } - - return result.release(); -} - -String::Vec* String::VecFromPolicy(VectorVal* vec) { - Vec* result = new Vec(); - - for ( unsigned int i = 0; i < vec->Size(); ++i ) { - auto v = vec->StringAt(i); - if ( ! v ) - continue; - - String* string = new String(*v); - result->push_back(string); - } - - return result; -} - -char* String::VecToString(const Vec* vec) { - std::string result("["); - - for ( const auto* str : *vec ) { - result += str->CheckString(); - result += ","; - } - - result += "]"; - - return strdup(result.c_str()); -} - bool StringLenCmp::operator()(String* const& bst1, String* const& bst2) { return _increasing ? (bst1->Len() < bst2->Len()) : (bst1->Len() > bst2->Len()); } @@ -587,15 +547,8 @@ TEST_CASE("searching/modification") { CHECK_EQ(s, *s3); delete s3; -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - char* temp = zeek::String::VecToString(splits); -#pragma GCC diagnostic pop - CHECK_EQ(std::string(temp), "[this, is, a, test,]"); - free(temp); - - for ( auto* entry : *splits ) - delete entry; + for ( auto& spl : *splits ) + delete spl; delete splits; } diff --git a/src/ZeekString.h b/src/ZeekString.h index ce3705e323..a97c39255c 100644 --- a/src/ZeekString.h +++ b/src/ZeekString.h @@ -166,14 +166,6 @@ public: // Vec* Split(const IdxVec& indices) const; - // Helper functions for vectors: - [[deprecated("Remove in v8.1. The ZeekString vector methods are unused.")]] - static VectorVal* VecToPolicy(Vec* vec); - [[deprecated("Remove in v8.1. The ZeekString vector methods are unused.")]] - static Vec* VecFromPolicy(VectorVal* vec); - [[deprecated("Remove in v8.1. The ZeekString vector methods are unused.")]] - static char* VecToString(const Vec* vec); - protected: void Reset(); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 51cd822646..4655cbc434 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -903,15 +903,3 @@ constexpr int CONTENTS_RESP = 2; constexpr int CONTENTS_BOTH = 3; } // namespace zeek::analyzer - -[[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_NONE = - zeek::analyzer::CONTENTS_NONE; - -[[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_ORIG = - zeek::analyzer::CONTENTS_ORIG; - -[[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_RESP = - zeek::analyzer::CONTENTS_RESP; - -[[deprecated("Remove in v8.1. Use version in zeek::analyzer namespace.")]] constexpr int CONTENTS_BOTH = - zeek::analyzer::CONTENTS_BOTH; diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index f90ce0c393..9b1cf6acdc 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1352,6 +1352,8 @@ bool DNS_Interpreter::ParseRR_BINDS(detail::DNS_MsgInfo* msg, const u_char*& dat msg->BuildBINDS_Val(&binds)); } + delete completeflag; + return true; } @@ -1912,9 +1914,8 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds) { r->Assign(2, binds->algorithm); r->Assign(3, binds->key_id); r->Assign(4, binds->removal_flag); - r->Assign(5, binds->complete_flag); // Remove in v8.1: Move field 7 here. Drop String* usage. + r->Assign(5, binds->complete_flag->Len() > 0 ? binds->complete_flag->Bytes()[0] : 0); r->Assign(6, is_query); - r->Assign(7, binds->complete_flag->Len() > 0 ? binds->complete_flag->Bytes()[0] : 0); return r; } diff --git a/src/analyzer/protocol/tcp/ContentLine.h b/src/analyzer/protocol/tcp/ContentLine.h index 234154b834..a12e85b5f0 100644 --- a/src/analyzer/protocol/tcp/ContentLine.h +++ b/src/analyzer/protocol/tcp/ContentLine.h @@ -122,9 +122,3 @@ protected: }; } // namespace zeek::analyzer::tcp - -// These were previously #defined, so they have to be outside of the namespace. -[[deprecated("Remove in v8.1, use the version in the zeek:::analyzer::tcp namespace")]] constexpr int CR_as_EOL = - zeek::analyzer::tcp::CR_as_EOL; -[[deprecated("Remove in v8.1, use the version in the zeek:::analyzer::tcp namespace")]] constexpr int LF_as_EOL = - zeek::analyzer::tcp::LF_as_EOL; diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.h b/src/analyzer/protocol/tcp/TCP_Endpoint.h index d560f6577d..b50981ceb7 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.h +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h @@ -260,41 +260,3 @@ enum EndianTypes : uint8_t { } // namespace analyzer::tcp } // namespace zeek - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_SYN_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_SYN_PKT; - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_FIN_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_FIN_PKT; - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_RST_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_RST_PKT; - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_FIN_RST_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_FIN_RST_PKT; - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_DATA_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_DATA_PKT; - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_ACK_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_ACK_PKT; - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_MULTI_FLAG_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_MULTI_FLAG_PKT; - -[[deprecated( - "Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_CORRUPT_PKT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_CORRUPT_PKT; - -[[deprecated("Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_RXMIT = - zeek::analyzer::tcp::TCP_Endpoint::HIST_RXMIT; - -[[deprecated("Remove in v8.1. Use version in zeek::analyzer::tcp::TCP_Endpoint namespace.")]] constexpr int HIST_WIN0 = - zeek::analyzer::tcp::TCP_Endpoint::HIST_WIN0; diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index a4290eb046..bd7fd90e1d 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -826,8 +826,6 @@ std::vector Manager::Peers() const { return bstate->endpoint.peers(); } -std::string Manager::NodeID() const { return to_string(bstate->endpoint.node_id()); } - bool Manager::DoPublishEvent(const std::string& topic, cluster::Event& event) { bool do_publish = PLUGIN_HOOK_WITH_RESULT(HOOK_PUBLISH_EVENT, HookPublishEvent(*this, topic, event), true); if ( ! do_publish ) @@ -1107,72 +1105,6 @@ void Manager::Error(const char* format, ...) { reporter->Error("%s", msg); } -bool Manager::AutoPublishEvent(string topic, Val* event) { - if ( event->GetType()->Tag() != TYPE_FUNC ) { - Error("Broker::auto_publish must operate on an event"); - return false; - } - - auto event_val = event->AsFunc(); - if ( event_val->Flavor() != FUNC_FLAVOR_EVENT ) { - Error("Broker::auto_publish must operate on an event"); - return false; - } - - auto handler = event_registry->Lookup(event_val->GetName()); - if ( ! handler ) { - Error("Broker::auto_publish failed to lookup event '%s'", event_val->GetName().c_str()); - return false; - } - - DBG_LOG(DBG_BROKER, "Enabling auto-publishing of event %s to topic %s", handler->Name(), topic.c_str()); -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - handler->AutoPublish(std::move(topic)); -#pragma GCC diagnostic pop - - return true; -} - -bool Manager::AutoUnpublishEvent(const string& topic, Val* event) { - if ( event->GetType()->Tag() != TYPE_FUNC ) { - Error("Broker::auto_event_stop must operate on an event"); - return false; - } - - auto event_val = event->AsFunc(); - - if ( event_val->Flavor() != FUNC_FLAVOR_EVENT ) { - Error("Broker::auto_event_stop must operate on an event"); - return false; - } - - auto handler = event_registry->Lookup(event_val->GetName()); - - if ( ! handler ) { - Error("Broker::auto_event_stop failed to lookup event '%s'", event_val->GetName().c_str()); - return false; - } - - DBG_LOG(DBG_BROKER, "Disabling auto-publishing of event %s to topic %s", handler->Name(), topic.c_str()); -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - handler->AutoUnpublish(topic); -#pragma GCC diagnostic pop - - return true; -} - -RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) { - // Deprecated MakeEvent() version using ValPList - requires extra copy. - zeek::Args cargs; - cargs.reserve(args->size()); - for ( auto* a : *args ) - cargs.emplace_back(zeek::NewRef{}, a); - - return MakeEvent(ArgsSpan{cargs}, frame)->Ref()->AsRecordVal(); -} - zeek::RecordValPtr Manager::MakeEvent(ArgsSpan args, zeek::detail::Frame* frame) { scoped_reporter_location srl{frame}; auto rval = zeek::make_intrusive(BifType::Record::Broker::Event); diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 5d43f3ba0d..58bdadf0e0 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -175,11 +175,6 @@ public: */ std::vector Peers() const; - /** - * @return a unique identifier for this broker endpoint. - */ - [[deprecated("Remove in v8.1: Use Backend::NodeId() instead.")]] std::string NodeID() const; - /** * Send an identifier's value to interested peers. * @param topic a topic string associated with the message. @@ -252,38 +247,6 @@ public: bool PublishLogWrite(EnumVal* stream, EnumVal* writer, const std::string& path, const logging::detail::LogRecord& rec); - /** - * Automatically send an event to any interested peers whenever it is - * locally dispatched (e.g. using "event my_event(...);" in a script). - * @param topic a topic string associated with the event message. - * Peers advertise interest by registering a subscription to some prefix - * of this topic name. - * @param event a Zeek event value. - * @return true if automatic event sending is now enabled. - */ - [[deprecated("Remove in v8.1, use explicit Publish().")]] - bool AutoPublishEvent(std::string topic, Val* event); - - /** - * Stop automatically sending an event to peers upon local dispatch. - * @param topic a topic originally given to zeek::Broker::Manager::AutoPublish(). - * @param event an event originally given to zeek::Broker::Manager::AutoPublish(). - * @return true if automatic events will no occur for the topic/event pair. - */ - [[deprecated("Remove in v8.1.")]] - bool AutoUnpublishEvent(const std::string& topic, Val* event); - - /** - * Create an `Event` record value from an event and its arguments. - * @param args the event and its arguments. The event is always the first - * elements in the list. - * @param frame the calling frame, used to report location info upon error - * @return an `Event` record value. If an invalid event or arguments - * were supplied the optional "name" field will not be set. - */ - [[deprecated("Remove in v8.1: Use the ArgsSpan version instead")]] RecordVal* MakeEvent(ValPList* args, - zeek::detail::Frame* frame); - using ArgsSpan = std::span; /** diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index 93423c468b..7a7c631340 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -146,26 +146,6 @@ function Broker::__publish_id%(topic: string, id: string%): bool return zeek::val_mgr->Bool(rval); %} -function Broker::__auto_publish%(topic: string, ev: any%): bool - %{ - zeek::Broker::Manager::ScriptScopeGuard ssg; -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - auto rval = zeek::broker_mgr->AutoPublishEvent(topic->CheckString(), ev); -#pragma GCC diagnostic pop - return zeek::val_mgr->Bool(rval); - %} - -function Broker::__auto_unpublish%(topic: string, ev: any%): bool - %{ - zeek::Broker::Manager::ScriptScopeGuard ssg; -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - auto rval = zeek::broker_mgr->AutoUnpublishEvent(topic->CheckString(), ev); -#pragma GCC diagnostic pop - return zeek::val_mgr->Bool(rval); - %} - function Broker::__subscribe%(topic_prefix: string%): bool %{ zeek::Broker::Manager::ScriptScopeGuard ssg; diff --git a/src/cluster/Backend.cc b/src/cluster/Backend.cc index e0aa6f6c16..70f3d7d87c 100644 --- a/src/cluster/Backend.cc +++ b/src/cluster/Backend.cc @@ -277,11 +277,6 @@ void ThreadedBackend::DoTerminate() { } } -void ThreadedBackend::QueueForProcessing(QueueMessage&& qmessages) { - if ( onloop ) - onloop->QueueForProcessing(std::move(qmessages)); -} - void ThreadedBackend::Process(QueueMessage&& msg) { // sonarlint wants to use std::visit. not sure... if ( auto* emsg = std::get_if(&msg) ) { diff --git a/src/cluster/Backend.h b/src/cluster/Backend.h index 9775d598f0..3a6bd195e6 100644 --- a/src/cluster/Backend.h +++ b/src/cluster/Backend.h @@ -568,17 +568,6 @@ protected: ThreadedBackend(std::string_view name, std::unique_ptr es, std::unique_ptr ls, std::unique_ptr ehs); - /** - * To be used by implementations to enqueue messages for processing on the IO loop. - * - * It's safe to call this method from any thread before ThreadedBackend's - * DoTerminate() implementation is invoked. - * - * @param messages Messages to be enqueued. - */ - [[deprecated("Remove in v8.1: Use OnLoop() and QueueForProcessing() directly.")]] - void QueueForProcessing(QueueMessage&& messages); - /** * The default DoInit() implementation of ThreadedBackend * registers itself as a counting IO source to keep the IO diff --git a/src/event.bif b/src/event.bif index ea4cb56a0f..06719f03d9 100644 --- a/src/event.bif +++ b/src/event.bif @@ -898,7 +898,6 @@ event Pcap::file_done%(path: string%); ## ## .. zeek:see:: UnknownProtocol::first_bytes_count event unknown_protocol%(analyzer_name: string, protocol: count, first_bytes: string, analyzer_history: string_vec%); -event unknown_protocol%(analyzer_name: string, protocol: count, first_bytes: string%) &deprecated="Remove in v8.1. Use the version that includes analyzer_history."; ## An event for handling packets that reached the end of processing without ## being marked as processed. Note that this event may lead to unpredictable diff --git a/src/fuzzers/dns-fuzzer.cc b/src/fuzzers/dns-fuzzer.cc index ef0e3decf9..6fdbeb3708 100644 --- a/src/fuzzers/dns-fuzzer.cc +++ b/src/fuzzers/dns-fuzzer.cc @@ -8,8 +8,9 @@ #include "zeek/analyzer/Manager.h" #include "zeek/analyzer/protocol/pia/PIA.h" #include "zeek/analyzer/protocol/tcp/TCP.h" -#include "zeek/fuzzers/FuzzBuffer.h" +#include "zeek/conn_key/Manager.h" #include "zeek/fuzzers/fuzzer-setup.h" +#include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h" #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" #include "zeek/session/Manager.h" @@ -19,16 +20,13 @@ static zeek::Connection* add_connection() { static constexpr double network_time_start = 1439471031; zeek::run_state::detail::update_network_time(network_time_start); + zeek::ConnKeyPtr ck = zeek::conn_key_mgr->GetFactory().NewConnKey(); + zeek::IPBasedConnKeyPtr key = zeek::IPBasedConnKeyPtr(static_cast(ck.release())); + key->InitTuple(zeek::IPAddr("1.2.3.4"), htons(23132), zeek::IPAddr("5.6.7.8"), htons(80), TRANSPORT_TCP, false); + + zeek::Packet p; - zeek::ConnTuple conn_id; - conn_id.src_addr = zeek::IPAddr("1.2.3.4"); - conn_id.dst_addr = zeek::IPAddr("5.6.7.8"); - conn_id.src_port = htons(23132); - conn_id.dst_port = htons(80); - conn_id.is_one_way = false; - conn_id.proto = TRANSPORT_TCP; - zeek::detail::ConnKey key(conn_id); - zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p); + zeek::Connection* conn = new zeek::Connection(std::move(key), network_time_start, 1, &p); conn->SetTransport(TRANSPORT_TCP); zeek::session_mgr->Insert(conn); return conn; diff --git a/src/fuzzers/websocket-fuzzer.cc b/src/fuzzers/websocket-fuzzer.cc index a83dfe4341..d3c98d7aa2 100644 --- a/src/fuzzers/websocket-fuzzer.cc +++ b/src/fuzzers/websocket-fuzzer.cc @@ -10,8 +10,10 @@ #include "zeek/analyzer/protocol/pia/PIA.h" #include "zeek/analyzer/protocol/tcp/TCP.h" #include "zeek/analyzer/protocol/websocket/WebSocket.h" +#include "zeek/conn_key/Manager.h" #include "zeek/fuzzers/FuzzBuffer.h" #include "zeek/fuzzers/fuzzer-setup.h" +#include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h" #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" #include "zeek/session/Manager.h" @@ -21,16 +23,12 @@ static zeek::Connection* add_connection() { static constexpr double network_time_start = 1439471031; zeek::run_state::detail::update_network_time(network_time_start); + zeek::ConnKeyPtr ck = zeek::conn_key_mgr->GetFactory().NewConnKey(); + zeek::IPBasedConnKeyPtr key = zeek::IPBasedConnKeyPtr(static_cast(ck.release())); + key->InitTuple(zeek::IPAddr("1.2.3.4"), htons(23132), zeek::IPAddr("5.6.7.8"), htons(80), TRANSPORT_TCP, false); + zeek::Packet p; - zeek::ConnTuple conn_id; - conn_id.src_addr = zeek::IPAddr("1.2.3.4"); - conn_id.dst_addr = zeek::IPAddr("5.6.7.8"); - conn_id.src_port = htons(23132); - conn_id.dst_port = htons(80); - conn_id.is_one_way = false; - conn_id.proto = TRANSPORT_TCP; - zeek::detail::ConnKey key(conn_id); - zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p); + zeek::Connection* conn = new zeek::Connection(std::move(key), network_time_start, 1, &p); conn->SetTransport(TRANSPORT_TCP); zeek::session_mgr->Insert(conn); return conn; diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index c03f188145..7be32c2304 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -106,9 +106,6 @@ WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVa remote = arg_remote; info = new WriterBackend::WriterInfo(arg_info); - num_fields = 0; - fields = nullptr; - const char* w = arg_writer->GetType()->AsEnumType()->Lookup(arg_writer->InternalInt()); name = util::copy_string(util::fmt("%s/%s", arg_info.path, w)); @@ -124,11 +121,6 @@ WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVa } WriterFrontend::~WriterFrontend() { - for ( auto i = 0; i < num_fields; ++i ) - delete fields[i]; - - delete[] fields; - delete info; delete[] name; } @@ -154,27 +146,25 @@ void WriterFrontend::Init(int arg_num_fields, const Field* const* arg_fields) { if ( initialized ) reporter->InternalError("writer initialize twice"); - num_fields = arg_num_fields; - fields = arg_fields; - initialized = true; - if ( backend ) { - auto fs = new Field*[num_fields]; - - for ( auto i = 0; i < num_fields; ++i ) - fs[i] = new Field(*fields[i]); - - backend->SendIn(new InitMessage(backend, arg_num_fields, fs)); - } + header.fields.reserve(arg_num_fields); + for ( int i = 0; i < arg_num_fields; i++ ) + header.fields.emplace_back(*arg_fields[i]); if ( remote ) { broker_mgr->PublishLogCreate(header.stream_id.get(), header.writer_id.get(), *info, arg_num_fields, arg_fields); } - header.fields.reserve(arg_num_fields); - for ( int i = 0; i < arg_num_fields; i++ ) - header.fields.emplace_back(*arg_fields[i]); + if ( backend ) + // InitMessage takes ownership of the pointer passed in here and deletes it and + // the fields when done processing the message. + backend->SendIn(new InitMessage(backend, arg_num_fields, arg_fields)); + else { + for ( int i = 0; i < arg_num_fields; i++ ) + delete arg_fields[i]; + delete[] arg_fields; + } } void WriterFrontend::Write(detail::LogRecord&& arg_vals) { @@ -183,9 +173,9 @@ void WriterFrontend::Write(detail::LogRecord&& arg_vals) { if ( disabled ) return; - if ( vals.size() != static_cast(num_fields) ) { - reporter->Warning("WriterFrontend %s expected %d fields in write, got %zu. Skipping line.", name, num_fields, - vals.size()); + if ( vals.size() != header.fields.size() ) { + reporter->Warning("WriterFrontend %s expected %zu fields in write, got %zu. Skipping line.", name, + header.fields.size(), vals.size()); return; } @@ -238,7 +228,7 @@ void WriterFrontend::FlushWriteBuffer() { zeek::cluster::backend->PublishLogWrites(header, std::span{records}); if ( backend ) - backend->SendIn(new WriteMessage(backend, num_fields, std::move(records))); + backend->SendIn(new WriteMessage(backend, header.fields.size(), std::move(records))); } void WriterFrontend::SetBuf(bool enabled) { diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h index 6210e44874..fce315ae1e 100644 --- a/src/logging/WriterFrontend.h +++ b/src/logging/WriterFrontend.h @@ -226,14 +226,6 @@ public: */ const WriterBackend::WriterInfo& Info() const { return *info; } - /** - * Returns the number of log fields as passed into the constructor. - */ - [[deprecated("Remove in v8.1: Use GetFields() instead")]] - int NumFields() const { - return num_fields; - } - /** * Returns a descriptive name for the writer, including the type of * the backend and the path used. @@ -247,14 +239,6 @@ public: */ const std::string& GetFilterName() const { return info->filter_name; } - /** - * Returns the log fields as passed into the constructor. - */ - [[deprecated("Remove in v8.1: Use GetFields() instead")]] - const threading::Field* const* Fields() const { - return fields; - } - /** * Returns the log fields once Init() was called on the frontend. */ @@ -270,10 +254,8 @@ protected: bool local; // True if logging locally. bool remote; // True if logging remotely. - const char* name; // Descriptive name of the - WriterBackend::WriterInfo* info; // The writer information. - int num_fields; // Remove in v8.1. - const threading::Field* const* fields; // Remove in v8.1. + const char* name; // Descriptive name of the writer. + WriterBackend::WriterInfo* info; // The writer information. detail::LogWriteHeader header; // Collected information about the WriterFrontend. detail::WriteBuffer write_buffer; // Buffer for bulk writes. diff --git a/src/packet_analysis/Manager.h b/src/packet_analysis/Manager.h index 8d68e29ecc..b801ef1379 100644 --- a/src/packet_analysis/Manager.h +++ b/src/packet_analysis/Manager.h @@ -171,11 +171,6 @@ public: return pkt_filter; } - [[deprecated("Remove in v8.1: Use PacketsUnprocessed() instead.")]] - uint64_t GetUnprocessedCount() const { - return PacketsUnprocessed(); - } - /** * Returns the total number of packets received that weren't considered * processed by some analyzer. diff --git a/src/packet_analysis/protocol/ip/IP.h b/src/packet_analysis/protocol/ip/IP.h index ee2371ae18..e47ba5c752 100644 --- a/src/packet_analysis/protocol/ip/IP.h +++ b/src/packet_analysis/protocol/ip/IP.h @@ -31,13 +31,9 @@ private: enum class ParseResult : int8_t { CAPLEN_TOO_SMALL = -1, - CaplenTooSmall [[deprecated("Remove in v8.1, use ParseResult::CAPLEN_TOO_SMALL.")]] = CAPLEN_TOO_SMALL, BAD_PROTOCOL = -2, - BadProtocol [[deprecated("Remove in v8.1, use ParseResult::BAD_PROTOCOL.")]] = BAD_PROTOCOL, OK = 0, - Ok [[deprecated("Remove in v8.1, use ParseResult::OK.")]] = OK, CAPLEN_TOO_LARGE = 1, - CaplenTooLarge [[deprecated("Remove in v8.1, use ParseResult::CAPLEN_TOO_LARGE.")]] = CAPLEN_TOO_LARGE, }; /** diff --git a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc index bb7ee12901..8980f5a7de 100644 --- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc +++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc @@ -36,17 +36,8 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt key = IPBasedConnKeyPtr(static_cast(ck.release())); } - // Deprecated: remove ConnTuple use in 8.1 and only use InitConnKey(). -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - ConnTuple tuple; - if ( BuildConnTuple(len, data, pkt, tuple) ) { - key->InitTuple(tuple.src_addr, tuple.src_port, tuple.dst_addr, tuple.dst_port, pkt->proto); -#pragma GCC diagnostic pop - } - else if ( ! InitConnKey(len, data, pkt, *key) ) { + if ( ! InitConnKey(len, data, pkt, *key) ) return false; - } key->Init(*pkt); diff --git a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h index bdbf672993..bd9c4a2539 100644 --- a/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h +++ b/src/packet_analysis/protocol/ip/IPBasedAnalyzer.h @@ -109,18 +109,7 @@ protected: * @return True if initialization succeeded, false otherwise (e.g. because * there wasn't enough data available). */ - virtual bool InitConnKey(size_t len, const uint8_t* data, Packet* packet, IPBasedConnKey& key) { - // Given deprecation of BuildConnTuple below, make this pure virtual in 8.1. - return false; - } - - /** - * Parse the header from the packet into a ConnTuple object. - */ - [[deprecated("Remove in v8.1. Switch to InitConnKey() and key-only initialization.")]] - virtual bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) { - return false; - } + virtual bool InitConnKey(size_t len, const uint8_t* data, Packet* packet, IPBasedConnKey& key) = 0; /** * Continues process of packet after the connection has been inserted into the diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index b160ea3494..37aa245778 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include diff --git a/src/scan.l b/src/scan.l index 051d6e0779..2abe6a98b8 100644 --- a/src/scan.l +++ b/src/scan.l @@ -663,14 +663,9 @@ F RET_CONST(zeek::val_mgr->False()->Ref()) ({H}".")+{HTLD} { zeek::TableValPtr result; - std::string msg = zeek::util::fmt("Remove in v8.1: DNS lookup of host literal '%s' is deprecated. " + std::string msg = zeek::util::fmt("DNS lookup of host literal '%s' is not supported. " "Replace with blocking_lookup_hostname().", yytext); - zeek::reporter->Deprecation(msg.c_str()); - if ( ! zeek::detail::parse_only ) - result = zeek::detail::dns_mgr->LookupHost(yytext); - else - result = zeek::detail::dns_mgr->empty_addr_set(); - RET_CONST(result.release()); + zeek::reporter->Error("%s", msg.c_str()); } \"([^\\\r\\\n\"]|{ESCSEQ})*\" { diff --git a/src/session/Manager.h b/src/session/Manager.h index 38476c575a..d91dfa4297 100644 --- a/src/session/Manager.h +++ b/src/session/Manager.h @@ -58,9 +58,6 @@ public: Manager(); ~Manager(); - [[deprecated("Remove in v8.1 - no functionality. Use Drain() and Clear().")]] - void Done() {}; - // Looks up the connection referred to by the given Val, // which should be a conn_id record. Returns nil if there's // no such connection or the Val is ill-formed. diff --git a/src/util.h b/src/util.h index 91d20d2891..1b0e85d9fe 100644 --- a/src/util.h +++ b/src/util.h @@ -21,7 +21,7 @@ #include #include #include -#include // Remove in v8.1. +#include #include #include #include @@ -100,10 +100,6 @@ constexpr int UID_POOL_CUSTOM_SCRIPT = 10; // First available custom script leve namespace zeek { -// This alias is deprecated and should be removed in v8.1. There isn't a way to mark -// it so the compiler will flag it. -namespace filesystem = std::filesystem; - class ODesc; class RecordVal; diff --git a/src/zeek.bif b/src/zeek.bif index f4b46c310b..a70d5f11f1 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -2046,24 +2046,6 @@ function bare_mode%(%): bool return zeek::val_mgr->Bool(zeek::run_state::detail::bare_mode); %} -## Converts a record type name to a vector of strings, where each element is -## the name of a record field. Nested records are flattened. -## -## rt: The name of the record type. -## -## Returns: A string vector with the field names of *rt*. -function record_type_to_vector%(rt: string%): string_vec &deprecated="Remove in v8.1: Consider using the ordered table from record_fields" - %{ - auto result = zeek::make_intrusive(zeek::id::string_vec); - - zeek::RecordType* type = zeek::id::find_type(rt->CheckString())->AsRecordType(); - - for ( int i = 0; i < type->NumFields(); ++i ) - result->Assign(i+1, zeek::make_intrusive(type->FieldName(i))); - - return std::move(result); - %} - ## Returns the type name of an arbitrary Zeek variable. ## ## t: An arbitrary object. diff --git a/testing/btest/Baseline.zam/cluster.websocket.listen-idempotent/.stderr b/testing/btest/Baseline.zam/cluster.websocket.listen-idempotent/.stderr index dce9b20598..084d35407c 100644 --- a/testing/btest/Baseline.zam/cluster.websocket.listen-idempotent/.stderr +++ b/testing/btest/Baseline.zam/cluster.websocket.listen-idempotent/.stderr @@ -1,5 +1,5 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -error in <...>/main.zeek, line 691: Already listening on 127.0.0.1: (Cluster::__listen_websocket(ws_opts_x)) -error in <...>/main.zeek, line 691: Already listening on 127.0.0.1: (Cluster::__listen_websocket(ws_opts_wss_port)) -error in <...>/main.zeek, line 691: Already listening on 127.0.0.1: (Cluster::__listen_websocket(ws_opts_qs)) +error in <...>/main.zeek, line 689: Already listening on 127.0.0.1: (Cluster::__listen_websocket(ws_opts_x)) +error in <...>/main.zeek, line 689: Already listening on 127.0.0.1: (Cluster::__listen_websocket(ws_opts_wss_port)) +error in <...>/main.zeek, line 689: Already listening on 127.0.0.1: (Cluster::__listen_websocket(ws_opts_qs)) received termination signal diff --git a/testing/btest/Baseline.zam/cluster.websocket.one-ipv6-deprecated/..manager..stderr b/testing/btest/Baseline.zam/cluster.websocket.one-ipv6-deprecated/..manager..stderr deleted file mode 100644 index 9cdf7df5e4..0000000000 --- a/testing/btest/Baseline.zam/cluster.websocket.one-ipv6-deprecated/..manager..stderr +++ /dev/null @@ -1,4 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in ../manager.zeek, line 12: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. ((coerce [$listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))] to Cluster::WebSocketServerOptions)) -warning in : deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. (Cluster::WebSocketServerOptions($listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT)))) -received termination signal diff --git a/testing/btest/Baseline.zam/cluster.websocket.tls-usage-error/.stderr b/testing/btest/Baseline.zam/cluster.websocket.tls-usage-error/.stderr index 3a54b399a3..ab1364f9f1 100644 --- a/testing/btest/Baseline.zam/cluster.websocket.tls-usage-error/.stderr +++ b/testing/btest/Baseline.zam/cluster.websocket.tls-usage-error/.stderr @@ -1,3 +1,3 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -error in <...>/main.zeek, line 691: Invalid tls_options: No key_file field (Cluster::__listen_websocket(Cluster::options.0)) -error in <...>/main.zeek, line 691: Invalid tls_options: No cert_file field (Cluster::__listen_websocket(Cluster::options.3)) +error in <...>/main.zeek, line 689: Invalid tls_options: No key_file field (Cluster::__listen_websocket(Cluster::options.0)) +error in <...>/main.zeek, line 689: Invalid tls_options: No cert_file field (Cluster::__listen_websocket(Cluster::options.3)) diff --git a/testing/btest/Baseline/bifs.record_type_to_vector/out b/testing/btest/Baseline/bifs.record_type_to_vector/out deleted file mode 100644 index 4af27c2a38..0000000000 --- a/testing/btest/Baseline/bifs.record_type_to_vector/out +++ /dev/null @@ -1,2 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -[, ct, str1] diff --git a/testing/btest/Baseline/broker.event-group-interaction/recv.recv.out b/testing/btest/Baseline/broker.event-group-interaction/recv.recv.out deleted file mode 100644 index 24ee373fe9..0000000000 --- a/testing/btest/Baseline/broker.event-group-interaction/recv.recv.out +++ /dev/null @@ -1,7 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -receiver added peer: endpoint=127.0.0.1 msg=handshake successful -receiver got ping: my-message, 1 -receiver got ping: my-message, 2 -receiver got ping: my-message, 3 -receiver got ping: my-message, 4 -receiver got ping: my-message, 5 diff --git a/testing/btest/Baseline/broker.event-group-interaction/send.send.out b/testing/btest/Baseline/broker.event-group-interaction/send.send.out deleted file mode 100644 index bd2182597e..0000000000 --- a/testing/btest/Baseline/broker.event-group-interaction/send.send.out +++ /dev/null @@ -1,7 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -sender added peer: endpoint=127.0.0.1 msg=handshake successful -sender got pong: my-message, 1 -sender got pong: my-message, 2 -sender got pong: my-message, 3 -sender got pong: my-message, 4 -sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer diff --git a/testing/btest/Baseline/broker.remote_event_auto/recv.recv.out b/testing/btest/Baseline/broker.remote_event_auto/recv.recv.out deleted file mode 100644 index 24ee373fe9..0000000000 --- a/testing/btest/Baseline/broker.remote_event_auto/recv.recv.out +++ /dev/null @@ -1,7 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -receiver added peer: endpoint=127.0.0.1 msg=handshake successful -receiver got ping: my-message, 1 -receiver got ping: my-message, 2 -receiver got ping: my-message, 3 -receiver got ping: my-message, 4 -receiver got ping: my-message, 5 diff --git a/testing/btest/Baseline/broker.remote_event_auto/send.send.out b/testing/btest/Baseline/broker.remote_event_auto/send.send.out deleted file mode 100644 index bd2182597e..0000000000 --- a/testing/btest/Baseline/broker.remote_event_auto/send.send.out +++ /dev/null @@ -1,7 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -sender added peer: endpoint=127.0.0.1 msg=handshake successful -sender got pong: my-message, 1 -sender got pong: my-message, 2 -sender got pong: my-message, 3 -sender got pong: my-message, 4 -sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer diff --git a/testing/btest/Baseline/broker.remote_event_auto_ts/recv.recv.out b/testing/btest/Baseline/broker.remote_event_auto_ts/recv.recv.out deleted file mode 100644 index d9ad0dd05e..0000000000 --- a/testing/btest/Baseline/broker.remote_event_auto_ts/recv.recv.out +++ /dev/null @@ -1,11 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -receiver added peer: endpoint=127.0.0.1 msg=handshake successful -receiver got ping: my-message-a intended for 1989-12-12-22:00:00 stamped to 1989-12-12-22:00:00 (is_remote = T) -receiver got ping: my-message-b intended for 1989-12-12-22:15:00 stamped to 1989-12-12-22:15:00 (is_remote = T) -receiver got ping: my-message-c intended for 1989-12-12-22:30:00 stamped to 1989-12-12-22:30:00 (is_remote = T) -receiver got ping: my-message-a intended for 1989-12-12-23:00:00 stamped to 1989-12-12-23:00:00 (is_remote = T) -receiver got ping: my-message-b intended for 1989-12-12-23:15:00 stamped to 1989-12-12-23:15:00 (is_remote = T) -receiver got ping: my-message-c intended for 1989-12-12-23:30:00 stamped to 1989-12-12-23:30:00 (is_remote = T) -receiver got ping: my-message-a intended for 1989-12-13-00:00:00 stamped to 1989-12-13-00:00:00 (is_remote = T) -receiver got ping: my-message-b intended for 1989-12-13-00:15:00 stamped to 1989-12-13-00:15:00 (is_remote = T) -receiver got ping: my-message-c intended for 1989-12-13-00:30:00 stamped to 1989-12-13-00:30:00 (is_remote = T) diff --git a/testing/btest/Baseline/broker.remote_event_auto_ts/send.send.out b/testing/btest/Baseline/broker.remote_event_auto_ts/send.send.out deleted file mode 100644 index 2a0a5c48ee..0000000000 --- a/testing/btest/Baseline/broker.remote_event_auto_ts/send.send.out +++ /dev/null @@ -1,13 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -sender added peer: endpoint=127.0.0.1 msg=handshake successful ->> Run 1 (1989-12-12-22:00:00) ->> Run 2 (1989-12-12-23:00:00) ->> Run 3 (1989-12-13-00:00:00) ->> Run 4 (1989-12-13-01:00:00) ->> Run 5 (1989-12-13-02:00:00) ->> Run 6 (1989-12-13-03:00:00) ->> Run 7 (1989-12-13-04:00:00) ->> Run 8 (1989-12-13-05:00:00) ->> Run 9 (1989-12-13-06:00:00) ->> Run 10 (1989-12-13-07:00:00) -sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer diff --git a/testing/btest/Baseline/broker.web-socket-events-metadata/client.output b/testing/btest/Baseline/broker.web-socket-events-metadata/client.output deleted file mode 100644 index 5fa2aec2b5..0000000000 --- a/testing/btest/Baseline/broker.web-socket-events-metadata/client.output +++ /dev/null @@ -1,4 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -ping args ['my-message', 1] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:14.000'}]}] -ping args ['my-message', 2] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:24.000'}]}] -ping args ['my-message', 3] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:34.000'}]}] diff --git a/testing/btest/Baseline/broker.web-socket-events-metadata/server.output b/testing/btest/Baseline/broker.web-socket-events-metadata/server.output deleted file mode 100644 index 92f0a20dbf..0000000000 --- a/testing/btest/Baseline/broker.web-socket-events-metadata/server.output +++ /dev/null @@ -1,6 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -sender added peer: endpoint=127.0.0.1 msg=handshake successful -sender got pong: my-message, 1 network_time=1681819994.0 current_event_time=1681819995.0 -sender got pong: my-message, 2 network_time=1681820004.0 current_event_time=1681819996.0 -sender got pong: my-message, 3 network_time=1681820014.0 current_event_time=1681819997.0 -sender lost peer: endpoint=127.0.0.1 msg=lost connection to client diff --git a/testing/btest/Baseline/broker.web-socket-events/client.output b/testing/btest/Baseline/broker.web-socket-events/client.output deleted file mode 100644 index 6ecffabd1f..0000000000 --- a/testing/btest/Baseline/broker.web-socket-events/client.output +++ /dev/null @@ -1,4 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -ping ['my-message', 1] -ping ['my-message', 2] -ping ['my-message', 3] diff --git a/testing/btest/Baseline/broker.web-socket-events/server.output b/testing/btest/Baseline/broker.web-socket-events/server.output deleted file mode 100644 index c1b7e176e2..0000000000 --- a/testing/btest/Baseline/broker.web-socket-events/server.output +++ /dev/null @@ -1,6 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -sender added peer: endpoint=127.0.0.1 msg=handshake successful -sender got pong: my-message, 1 -sender got pong: my-message, 2 -sender got pong: my-message, 3 -sender lost peer: endpoint=127.0.0.1 msg=lost connection to client diff --git a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client..stderr b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client..stderr deleted file mode 100644 index 49d861c74c..0000000000 --- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client..stderr +++ /dev/null @@ -1 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. diff --git a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client.out b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client.out deleted file mode 100644 index c2f4ea81db..0000000000 --- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..client.out +++ /dev/null @@ -1,12 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -Connected -Sending ping 0 -topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 1}] -Sending ping 1 -topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 2}] -Sending ping 2 -topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 3}] -Sending ping 3 -topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 4}] -Sending ping 4 -topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 5}] diff --git a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager..stderr b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager..stderr deleted file mode 100644 index 38376fb320..0000000000 --- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager..stderr +++ /dev/null @@ -1,3 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in ../manager.zeek, line 12: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. ((coerce [$listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))] to Cluster::WebSocketServerOptions)) -received termination signal diff --git a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager.out b/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager.out deleted file mode 100644 index ae19b33c56..0000000000 --- a/testing/btest/Baseline/cluster.websocket.one-ipv6-deprecated/..manager.out +++ /dev/null @@ -1,8 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -Cluster::websocket_client_added, [/test/pings, /zeek/wstest/ws1/] -got ping: ping 0, 0 -got ping: ping 1, 1 -got ping: ping 2, 2 -got ping: ping 3, 3 -got ping: ping 4, 4 -Cluster::websocket_client_lost diff --git a/testing/btest/Baseline/core.dns-init/.stderr b/testing/btest/Baseline/core.dns-init/.stderr index 61b1c1f7d3..49d861c74c 100644 --- a/testing/btest/Baseline/core.dns-init/.stderr +++ b/testing/btest/Baseline/core.dns-init/.stderr @@ -1,2 +1 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in <...>/dns-init.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname(). diff --git a/testing/btest/Baseline/core.fake_dns/err b/testing/btest/Baseline/core.fake_dns/err index 6d92a4202f..e3f6131b1d 100644 --- a/testing/btest/Baseline/core.fake_dns/err +++ b/testing/btest/Baseline/core.fake_dns/err @@ -1,5 +1,2 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in <...>/fake_dns.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname(). -warning in <...>/fake_dns.zeek, line 9: Remove in v8.1: DNS lookup of host literal 'bing.com' is deprecated. Replace with blocking_lookup_hostname(). -warning in <...>/fake_dns.zeek, line 10: Remove in v8.1: DNS lookup of host literal 'yahoo.com' is deprecated. Replace with blocking_lookup_hostname(). received termination signal diff --git a/testing/btest/Baseline/core.hostname-literal-resolve/err b/testing/btest/Baseline/core.hostname-literal-resolve/err deleted file mode 100644 index ddfae94618..0000000000 --- a/testing/btest/Baseline/core.hostname-literal-resolve/err +++ /dev/null @@ -1,2 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname(). diff --git a/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only b/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only deleted file mode 100644 index ddfae94618..0000000000 --- a/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only +++ /dev/null @@ -1,2 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname(). diff --git a/testing/btest/Baseline/core.hostname-literal-resolve/out b/testing/btest/Baseline/core.hostname-literal-resolve/out deleted file mode 100644 index 1bb626955e..0000000000 --- a/testing/btest/Baseline/core.hostname-literal-resolve/out +++ /dev/null @@ -1,4 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -dns.example.com, { -9fb0:8c56:531e:72ee:ca2b:4c97:da18:3a6 -} diff --git a/testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only b/testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only deleted file mode 100644 index 49d861c74c..0000000000 --- a/testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only +++ /dev/null @@ -1 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index e62eb8dd19..b1bb951e92 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,5 +1,2 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### NOTE: This file has been sorted with diff-sort. -warning in <...>/detect-protocols.zeek, line 1: deprecated script loaded from command line arguments ("frameworks<...>/detect-protocols.zeek moved to frameworks<...>/detect-protocols.zeek. Please switch to frameworks<...>/detect-protocols.zeek. Remove in 8.1") -warning in <...>/detect-sqli.zeek, line 16: deprecated script loaded from command line arguments "Remove in v8.1: Switch to the improved detect-sql-injection script" -warning in <...>/packet-segment-logging.zeek, line 1: deprecated script loaded from command line arguments ("Please switch to frameworks<...>/packet-segment-logging, which logs to analyzer.log. Remove in 8.1") diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out index 4db669de5d..7765db2bd2 100644 --- a/testing/btest/Baseline/coverage.find-bro-logs/out +++ b/testing/btest/Baseline/coverage.find-bro-logs/out @@ -10,7 +10,6 @@ dce_rpc dhcp dnp3 dns -dpd files ftp http diff --git a/testing/btest/Baseline/language.optional-and-default-field/.stderr b/testing/btest/Baseline/language.optional-and-default-field/.stderr deleted file mode 100644 index e7dd6cd393..0000000000 --- a/testing/btest/Baseline/language.optional-and-default-field/.stderr +++ /dev/null @@ -1,6 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in <...>/optional-and-default-field.zeek, line 10: Remove in v8.1: Using &default and &optional together results in &default behavior -warning in <...>/optional-and-default-field.zeek, line 11: Remove in v8.1: Using &default and &optional together results in &default behavior -warning in <...>/optional-and-default-field.zeek, line 12: Remove in v8.1: Using &default and &optional together results in &default behavior -warning in <...>/optional-and-default-field.zeek, line 13: Remove in v8.1: Using &default and &optional together results in &default behavior -warning in <...>/optional-and-default-field.zeek, line 14: Remove in v8.1: Using &default and &optional together results in &default behavior diff --git a/testing/btest/Baseline/language.optional-and-default-field/.stdout b/testing/btest/Baseline/language.optional-and-default-field/.stdout deleted file mode 100644 index 67b39afcc6..0000000000 --- a/testing/btest/Baseline/language.optional-and-default-field/.stdout +++ /dev/null @@ -1,2 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -[c=5, i=-5, v=[], r0=[], r1=[]] diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 3dafd56f58..d944c123ed 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -102,7 +102,6 @@ 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> @@ -1045,7 +1044,6 @@ 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) @@ -1987,7 +1985,6 @@ 0.000000 | HookCallFunction Option::set_change_handler(Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.binds/output b/testing/btest/Baseline/scripts.base.protocols.dns.binds/output index f35defd7a7..292027ea11 100644 --- a/testing/btest/Baseline/scripts.base.protocols.dns.binds/output +++ b/testing/btest/Baseline/scripts.base.protocols.dns.binds/output @@ -1,17 +1,17 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=32018, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=2196, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=12994, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=23868, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=37611, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=9551, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=48254, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=33130, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=15141, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=41675, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=63711, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=65395, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=31400, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=60289, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=31000, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] -BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=40187, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1] +BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=32018, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=2196, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=12994, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=23868, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=37611, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=9551, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=48254, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=33130, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=15141, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=41675, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=63711, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=65395, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=31400, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=60289, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=31000, removal_flag=0, complete_flag=1, is_query=0] +BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=40187, removal_flag=0, complete_flag=1, is_query=0] diff --git a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-invalid-reply-code.log b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-invalid-reply-code.log deleted file mode 100644 index 4efd80fa0f..0000000000 --- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-invalid-reply-code.log +++ /dev/null @@ -1,11 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path dpd -#open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason -#types time string addr port addr port enum string string -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51354 127.0.0.1 21 tcp FTP non-numeric reply code [99 PASV invalid] -#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-missing-space-after-reply-code.log b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-missing-space-after-reply-code.log deleted file mode 100644 index 00876f2723..0000000000 --- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ftp-missing-space-after-reply-code.log +++ /dev/null @@ -1,11 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path dpd -#open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason -#types time string addr port addr port enum string string -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51346 127.0.0.1 21 tcp FTP invalid reply line [230_no_space] -#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-gtp9_unknown_or_too_short_payload.log b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-gtp9_unknown_or_too_short_payload.log deleted file mode 100644 index 377275b772..0000000000 --- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-gtp9_unknown_or_too_short_payload.log +++ /dev/null @@ -1,11 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path dpd -#open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason -#types time string addr port addr port enum string string -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 173.86.159.28 2152 213.72.147.186 2152 udp GTPV1 Truncated GTPv1 -#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-http-11-request-then-cruft.log b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-http-11-request-then-cruft.log deleted file mode 100644 index 2948f61836..0000000000 --- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-http-11-request-then-cruft.log +++ /dev/null @@ -1,11 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path dpd -#open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason -#types time string addr port addr port enum string string -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.12.5 51792 192.0.78.212 80 tcp HTTP not a http request line -#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ntlm-empty-av-sequence.log b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ntlm-empty-av-sequence.log deleted file mode 100644 index 1e90dc2f24..0000000000 --- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.deprecated-dpd-log/dpd-ntlm-empty-av-sequence.log +++ /dev/null @@ -1,11 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path dpd -#open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason -#types time string addr port addr port enum string string -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.173 1068 192.168.0.2 4997 tcp NTLM NTLM AV Pair loop underflow -#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.dpd.packet-segment-logging/dpd.log b/testing/btest/Baseline/scripts.policy.frameworks.dpd.packet-segment-logging/dpd.log deleted file mode 100644 index fbf4eb80c7..0000000000 --- a/testing/btest/Baseline/scripts.policy.frameworks.dpd.packet-segment-logging/dpd.log +++ /dev/null @@ -1,11 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path dpd -#open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason packet_segment -#types time string addr port addr port enum string string string -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:470:1f05:17a6:d69a:20ff:fefd:6b88 24316 2001:6a8:a40::21 21 tcp FTP non-numeric reply code [SSH-2.0-mod_sftp/0.9.7] \xd4\x9a \xfdk\x88\x00\x80\xc8\xb9\xc2\x06\x86\xdd`\x00\x00\x00\x00t\x067 \x01\x06\xa8\x0a@\x00\x00\x00\x00\x00\x00\x00\x00\x00! \x01\x04p\x1f\x05\x17\xa6\xd6\x9a \xff\xfe\xfdk\x88\x00\x15^\xfc\x1f]\xed\x1b\xa9\x9f`\xf1P\x18\x00\x09~n\x00\x00SSH-2.0-mod_sftp/0.9.7\x0d\x0a\x00\x00\x00D\x08\x01\x00\x00\x00\x0c\x00\x00\x00)Maximum connections for host/user reached\x00\x00\x00\x05en-USI\xf8\xb9C\xae\xcf`\xc4 -#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/http.log.cut b/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/http.log.cut deleted file mode 100644 index 345a4837e7..0000000000 --- a/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/http.log.cut +++ /dev/null @@ -1,5 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -uid method host uri tags -ClEkJM2Vm5giqnMf4h GET 192.168.111.154 /dvwa/vulnerabilities/sqli/?id=1'+OR+'1'='1&Submit=Submit HTTP::URI_SQLI -C4J4Th3PJpwUYZZ6gc GET 192.168.111.154 /dvwa/vulnerabilities/sqli/?id=1'+UNION+SELECT+NULL,+version()+#&Submit=Submit HTTP::URI_SQLI -CtPZjS20MLrsMUOJi2 GET 192.168.111.154 /dvwa/vulnerabilities/sqli/?id=2'+OR+'2'='2&Submit=Submit HTTP::URI_SQLI diff --git a/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/output b/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/output deleted file mode 100644 index 35fe40cf2f..0000000000 --- a/testing/btest/Baseline/scripts.policy.protocols.http.sql-injection-plus-dvwa/output +++ /dev/null @@ -1,4 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -ClEkJM2Vm5giqnMf4h, [orig_h=192.168.111.148, orig_p=53796/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a} -C4J4Th3PJpwUYZZ6gc, [orig_h=192.168.111.148, orig_p=57524/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a} -CtPZjS20MLrsMUOJi2, [orig_h=192.168.111.148, orig_p=40112/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a} diff --git a/testing/btest/bifs/record_type_to_vector.zeek b/testing/btest/bifs/record_type_to_vector.zeek deleted file mode 100644 index 3b45af835b..0000000000 --- a/testing/btest/bifs/record_type_to_vector.zeek +++ /dev/null @@ -1,13 +0,0 @@ -# -# @TEST-EXEC: zeek -b %INPUT >out -# @TEST-EXEC: btest-diff out - -type myrecord: record { - ct: count; - str1: string; -}; - -event zeek_init() - { - print record_type_to_vector("myrecord"); - } diff --git a/testing/btest/broker/event-group-interaction.zeek b/testing/btest/broker/event-group-interaction.zeek deleted file mode 100644 index 0e64d5c494..0000000000 --- a/testing/btest/broker/event-group-interaction.zeek +++ /dev/null @@ -1,119 +0,0 @@ -# @TEST-DOC: Disabling an unrelated event group caused auto-publish to break because the remote event had no bodies and got disabled. This is a regression test it's not being done again. -# -# Remove in v8.1 when auto_publish() is removed. -# -# @TEST-GROUP: broker -# -# @TEST-PORT: BROKER_PORT -# -# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" -# -# @TEST-EXEC: btest-bg-wait 10 -# @TEST-EXEC: btest-diff recv/recv.out -# @TEST-EXEC: btest-diff send/send.out - -# @TEST-START-FILE send.zeek - -global event_count = 0; - -global ping: event(msg: string, c: count); - -event zeek_init() - { - Broker::subscribe("zeek/event/my_topic"); - Broker::auto_publish("zeek/event/my_topic", ping); - Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -function send_event() - { - event ping("my-message", ++event_count); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg); - send_event(); - } - -event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg); - terminate(); - } - -event pong(msg: string, n: count) &is_used - { - print fmt("sender got pong: %s, %s", msg, n); - send_event(); - } - -module TestDumpEvents; - -event pong(msg: string, n: count) &is_used - { - print fmt("ERROR: This should not be visible: %s, %s", msg, n); - } - -event zeek_init() - { - disable_module_events("TestDumpEvents"); - } - -# @TEST-END-FILE - - -# @TEST-START-FILE recv.zeek - -redef exit_only_after_terminate = T; - -const events_to_recv = 5; - -global pong: event(msg: string, c: count); - -event zeek_init() - { - Broker::subscribe("zeek/event/my_topic"); - Broker::auto_publish("zeek/event/my_topic", pong); - Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("receiver added peer: endpoint=%s msg=%s", - endpoint$network$address, msg); - } - -event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("receiver lost peer: endpoint=%s msg=%s", - endpoint$network$address, msg); - } - -event ping(msg: string, n: count) &is_used - { - print fmt("receiver got ping: %s, %s", msg, n); - - if ( n == events_to_recv ) - { - terminate(); - return; - } - - event pong(msg, n); - } - -module TestDumpEvents; - -event ping(msg: string, n: count) &is_used - { - print fmt("ERROR: This should not be visible: %s, %s", msg, n); - } - -event zeek_init() - { - disable_module_events("TestDumpEvents"); - } - -# @TEST-END-FILE diff --git a/testing/btest/broker/remote_event_auto.zeek b/testing/btest/broker/remote_event_auto.zeek deleted file mode 100644 index 25225bcc59..0000000000 --- a/testing/btest/broker/remote_event_auto.zeek +++ /dev/null @@ -1,98 +0,0 @@ -# Remove in v8.1 when auto_publish() is gone. -# -# @TEST-GROUP: broker -# -# @TEST-PORT: BROKER_PORT -# -# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out" -# -# @TEST-EXEC: btest-bg-wait 45 -# @TEST-EXEC: btest-diff recv/recv.out -# @TEST-EXEC: btest-diff send/send.out - -# @TEST-START-FILE send.zeek - -redef exit_only_after_terminate = T; - -global event_count = 0; - -global ping: event(msg: string, c: count); - -event zeek_init() - { - Broker::subscribe("zeek/event/my_topic"); - Broker::auto_publish("zeek/event/my_topic", ping); - Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -function send_event() - { - event ping("my-message", ++event_count); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg); - send_event(); - } - -event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg); - terminate(); - } - -event pong(msg: string, n: count) - { - print fmt("sender got pong: %s, %s", msg, n); - send_event(); - } - -# @TEST-END-FILE - - -# @TEST-START-FILE recv.zeek - -redef exit_only_after_terminate = T; - -const events_to_recv = 5; - -global handler: event(msg: string, c: count); -global auto_handler: event(msg: string, c: count); - -global pong: event(msg: string, c: count); - -event zeek_init() - { - Broker::subscribe("zeek/event/my_topic"); - Broker::auto_publish("zeek/event/my_topic", pong); - Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("receiver added peer: endpoint=%s msg=%s", - endpoint$network$address, msg); - } - -event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("receiver lost peer: endpoint=%s msg=%s", - endpoint$network$address, msg); - } - -event ping(msg: string, n: count) - { - print fmt("receiver got ping: %s, %s", msg, n); - - if ( n == events_to_recv ) - { - terminate(); - return; - } - - event pong(msg, n); - } - -# @TEST-END-FILE diff --git a/testing/btest/broker/remote_event_auto_ts.zeek b/testing/btest/broker/remote_event_auto_ts.zeek deleted file mode 100644 index 42050ae458..0000000000 --- a/testing/btest/broker/remote_event_auto_ts.zeek +++ /dev/null @@ -1,89 +0,0 @@ -# Remove in v8.1 when auto_publish() is gone. -# -# Not compatible with -O C++ testing since includes two distinct scripts. -# @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1" -# -# @TEST-GROUP: broker -# -# @TEST-PORT: BROKER_PORT -# -# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out" -# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/ticks-dns-1hr.pcap ../send.zeek >send.out" -# -# @TEST-EXEC: btest-bg-wait 45 -# @TEST-EXEC: btest-diff recv/recv.out -# @TEST-EXEC: btest-diff send/send.out - -# @TEST-START-FILE send.zeek - -redef exit_only_after_terminate = T; -redef EventMetadata::add_network_timestamp = T; - -global runs = 0; -global ping: event(msg: string, intended_ts: time); - -event zeek_init() - { - suspend_processing(); - Broker::subscribe("zeek/event/my_topic"); - Broker::auto_publish("zeek/event/my_topic", ping); - Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender added peer: endpoint=%s msg=%s", - endpoint$network$address, msg); - continue_processing(); - } - -event new_connection(c: connection) - { - print fmt(">> Run %s (%D)", ++runs, network_time()); - - event ping("my-message-a", network_time()); - schedule 30 mins { ping("my-message-c", network_time() + 30 mins) }; - schedule 15 mins { ping("my-message-b", network_time() + 15 mins) }; - } - -event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender lost peer: endpoint=%s msg=%s", - endpoint$network$address, msg); - terminate(); - } - -# @TEST-END-FILE - - -# @TEST-START-FILE recv.zeek - -redef exit_only_after_terminate = T; -redef EventMetadata::add_network_timestamp = T; - -global msg_count = 0; - -event zeek_init() - { - Broker::subscribe("zeek/event/my_topic"); - Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("receiver added peer: endpoint=%s msg=%s", endpoint$network$address, msg); - } - -event ping(msg: string, intended_ts: time) &is_used - { - if ( ++msg_count >= 10 ) - { - terminate(); - return; - } - - print fmt("receiver got ping: %s intended for %D stamped to %D (is_remote = %s)", - msg, intended_ts, current_event_time(), is_remote_event()); - } - -# @TEST-END-FILE diff --git a/testing/btest/broker/web-socket-events-metadata.zeek b/testing/btest/broker/web-socket-events-metadata.zeek deleted file mode 100644 index 5581e12a0d..0000000000 --- a/testing/btest/broker/web-socket-events-metadata.zeek +++ /dev/null @@ -1,153 +0,0 @@ -# @TEST-GROUP: broker -# -# This test requires the websockets module, available via -# "pip install websockets". -# @TEST-REQUIRES: python3 -c 'import websockets' -# -# @TEST-PORT: BROKER_PORT -# -# @TEST-EXEC: btest-bg-run server "zeek -b %INPUT >output" -# @TEST-EXEC: btest-bg-run client "python3 ../client.py >output" -# -# @TEST-EXEC: btest-bg-wait 5 -# @TEST-EXEC: btest-diff client/output -# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff server/output - -redef allow_network_time_forward = F; -redef exit_only_after_terminate = T; -redef Broker::disable_ssl = T; -redef EventMetadata::add_network_timestamp = T; - -global event_count = 0; - -global ping: event(msg: string, c: count); - -event zeek_init() - { - # Tue 18 Apr 2023 12:13:14 PM UTC - set_network_time(double_to_time(1681819994.0)); - Broker::subscribe("/zeek/event/my_topic"); - Broker::listen_websocket("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -event send_event() - { - ++event_count; - local e = Broker::make_event(ping, "my-message", event_count); - Broker::publish("/zeek/event/my_topic", e); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg); - event send_event(); - } - -event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg); - terminate(); - } - -event pong(msg: string, n: count) &is_used - { - print fmt("sender got pong: %s, %s network_time=%s current_event_time=%s", - msg, n, network_time(), current_event_time()); - set_network_time(network_time() + 10sec); - - # pong is a remote event and a Broker::publish() would take - # current_event_time() as the network time for Broker::publish(), - # prevent this by queuing a new send_event(). - event send_event(); - } - - -# @TEST-START-FILE client.py -import asyncio, datetime, websockets, os, time, json, sys - -ws_port = os.environ['BROKER_PORT'].split('/')[0] -ws_url = 'ws://localhost:%s/v1/messages/json' % ws_port -topic = '"/zeek/event/my_topic"' - -def broker_value(type, val): - return { - '@data-type': type, - 'data': val - } - -async def do_run(): - # Try up to 30 times. - connected = False - for i in range(30): - try: - ws = await websockets.connect(ws_url) - connected = True - - # send filter and wait for ack - await ws.send('[%s]' % topic) - ack_json = await ws.recv() - ack = json.loads(ack_json) - if not 'type' in ack or ack['type'] != 'ack': - print('*** unexpected ACK from server:') - print(ack_json) - sys.exit() - except Exception as e: - if not connected: - print('failed to connect to %s, try again (%s)' % (ws_url, e), file=sys.stderr) - await asyncio.sleep(1) - continue - else: - print('exception: %s' % e, file=sys.stderr) - sys.exit() - - for round in range(3): - # wait for ping - msg = await ws.recv() - msg = json.loads(msg) - if not 'type' in msg or msg['type'] != 'data-message': - print("unexpected type", msg) - continue - ping = msg['data'][2]['data'] - if len(ping) < 3: - print("no metadata on event") - continue - - name = ping[0]['data'] - args = [x['data'] for x in ping[1]['data']] - metadata = ping[2]['data'] - print(name, "args", args, "metadata", metadata) - - # send pong - dt = datetime.datetime.utcfromtimestamp(1681819994 + args[1]) - ts_str = dt.isoformat('T', 'milliseconds') - pong = [ - broker_value('string', 'pong'), - broker_value('vector', [ - broker_value('string', args[0]), - broker_value('count', args[1]), - ]), - broker_value('vector', [ - broker_value('vector', [ - broker_value('count', 1), # network_timestamp - broker_value('timestamp', ts_str), - ]), - ]), - ] - - ev = [broker_value('count', 1), broker_value('count', 1), broker_value('vector', pong)] - msg = { - 'type': 'data-message', - 'topic': '/zeek/event/my_topic', - '@data-type': 'vector', 'data': ev - } - - msg = json.dumps(msg) - await ws.send(msg) - - await ws.close() - sys.exit() - -loop = asyncio.get_event_loop() -loop.run_until_complete(do_run()) - -# @TEST-END-FILE diff --git a/testing/btest/broker/web-socket-events.zeek b/testing/btest/broker/web-socket-events.zeek deleted file mode 100644 index ca59759ca3..0000000000 --- a/testing/btest/broker/web-socket-events.zeek +++ /dev/null @@ -1,128 +0,0 @@ -# @TEST-GROUP: broker -# -# This test requires the websockets module, available via -# "pip install websockets". -# @TEST-REQUIRES: python3 -c 'import websockets' -# -# @TEST-PORT: BROKER_PORT -# -# @TEST-EXEC: btest-bg-run server "zeek -b %INPUT >output" -# @TEST-EXEC: btest-bg-run client "python3 ../client.py >output" -# -# @TEST-EXEC: btest-bg-wait 45 -# @TEST-EXEC: btest-diff client/output -# @TEST-EXEC: btest-diff server/output - -redef exit_only_after_terminate = T; -redef Broker::disable_ssl = T; - -global event_count = 0; - -global ping: event(msg: string, c: count); - -event zeek_init() - { - Broker::subscribe("/zeek/event/my_topic"); - Broker::listen_websocket("127.0.0.1", to_port(getenv("BROKER_PORT"))); - } - -function send_event() - { - ++event_count; - local e = Broker::make_event(ping, "my-message", event_count); - Broker::publish("/zeek/event/my_topic", e); - } - -event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg); - send_event(); - } - -event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) - { - print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg); - terminate(); - } - -event pong(msg: string, n: count) &is_used - { - print fmt("sender got pong: %s, %s", msg, n); - send_event(); - } - - -# @TEST-START-FILE client.py -import asyncio, websockets, os, time, json, sys - -ws_port = os.environ['BROKER_PORT'].split('/')[0] -ws_url = 'ws://localhost:%s/v1/messages/json' % ws_port -topic = '"/zeek/event/my_topic"' - -def broker_value(type, val): - return { - '@data-type': type, - 'data': val - } - -async def do_run(): - # Try up to 30 times. - connected = False - for i in range(30): - try: - ws = await websockets.connect(ws_url) - connected = True - - # send filter and wait for ack - await ws.send('[%s]' % topic) - ack_json = await ws.recv() - ack = json.loads(ack_json) - if not 'type' in ack or ack['type'] != 'ack': - print('*** unexpected ACK from server:') - print(ack_json) - sys.exit() - except Exception as e: - if not connected: - print('failed to connect to %s, try again (%s)' % (ws_url, e), file=sys.stderr) - await asyncio.sleep(1) - continue - else: - print('exception: %s' % e, file=sys.stderr) - sys.exit() - - for round in range(3): - # wait for ping - msg = await ws.recv() - msg = json.loads(msg) - if not 'type' in msg or msg['type'] != 'data-message': - continue - - ping = msg['data'][2]['data'] - name = ping[0]['data'] - args = [x['data'] for x in ping[1]['data']] - print(name, args) - - # send pong - pong = [broker_value('string', 'pong'), - broker_value('vector', [ - broker_value('string', args[0]), - broker_value('count', args[1]) - ])] - - ev = [broker_value('count', 1), broker_value('count', 1), broker_value('vector', pong)] - msg = { - 'type': 'data-message', - 'topic': '/zeek/event/my_topic', - '@data-type': 'vector', 'data': ev - } - - msg = json.dumps(msg) - await ws.send(msg) - - await ws.close() - sys.exit() - -loop = asyncio.get_event_loop() -loop.run_until_complete(do_run()) - -# @TEST-END-FILE diff --git a/testing/btest/cluster/websocket/one-ipv6-deprecated.zeek b/testing/btest/cluster/websocket/one-ipv6-deprecated.zeek deleted file mode 100644 index 70f91ff092..0000000000 --- a/testing/btest/cluster/websocket/one-ipv6-deprecated.zeek +++ /dev/null @@ -1,85 +0,0 @@ -# @TEST-DOC: Use listen_host to listen on an IPv6 address, otherwise same as one-ipv6.zeek -# -# @TEST-REQUIRES: have-zeromq -# @TEST-REQUIRES: python3 -c 'import websockets.sync' -# @TEST-REQUIRES: can-listen-tcp 6 ::1 -# -# @TEST-GROUP: cluster-zeromq -# -# @TEST-PORT: XPUB_PORT -# @TEST-PORT: XSUB_PORT -# @TEST-PORT: LOG_PULL_PORT -# @TEST-PORT: WEBSOCKET_PORT -# -# @TEST-EXEC: cp $FILES/zeromq/cluster-layout-simple.zeek cluster-layout.zeek -# @TEST-EXEC: cp $FILES/zeromq/test-bootstrap.zeek zeromq-test-bootstrap.zeek -# @TEST-EXEC: cp $FILES/ws/wstest.py . -# -# @TEST-EXEC: zeek -b --parse-only manager.zeek -# @TEST-EXEC: python3 -m py_compile client.py -# -# @TEST-EXEC: btest-bg-run manager "ZEEKPATH=$ZEEKPATH:.. && CLUSTER_NODE=manager zeek -b ../manager.zeek >out" -# @TEST-EXEC: btest-bg-run client "python3 ../client.py >out" -# -# @TEST-EXEC: btest-bg-wait 30 -# @TEST-EXEC: btest-diff ./manager/out -# @TEST-EXEC: btest-diff ./manager/.stderr -# @TEST-EXEC: btest-diff ./client/out -# @TEST-EXEC: btest-diff ./client/.stderr - -# @TEST-START-FILE manager.zeek -@load ./zeromq-test-bootstrap -redef exit_only_after_terminate = T; - -global ping_count = 0; - -global ping: event(msg: string, c: count) &is_used; -global pong: event(msg: string, c: count) &is_used; - -event zeek_init() - { - Cluster::subscribe("/test/pings/"); - Cluster::listen_websocket([$listen_host="::1", $listen_port=to_port(getenv("WEBSOCKET_PORT"))]); - } - -event ping(msg: string, n: count) &is_used - { - ++ping_count; - print fmt("got ping: %s, %s", msg, n); - local e = Cluster::make_event(pong, "my-message", ping_count); - Cluster::publish("/test/pings", e); - } - -event Cluster::websocket_client_added(info: Cluster::EndpointInfo, subscriptions: string_vec) - { - print "Cluster::websocket_client_added", subscriptions; - } - -event Cluster::websocket_client_lost(info: Cluster::EndpointInfo, code: count, reason: string) - { - print "Cluster::websocket_client_lost"; - terminate(); - } -# @TEST-END-FILE - - -# @TEST-START-FILE client.py -# @TEST-START-FILE client.py -import wstest - -def run(ws_url): - with wstest.connect("ws1", ws_url) as tc: - print("Connected") - tc.hello_v1(["/test/pings"]) - - for i in range(5): - print("Sending ping", i) - tc.send_json(wstest.build_event_v1("/test/pings/", "ping", [f"ping {i}", i])) - pong = tc.recv_json() - assert pong["@data-type"] == "vector" - ev = pong["data"][2]["data"] - print("topic", pong["topic"], "event name", ev[0]["data"], "args", ev[1]["data"]) - -if __name__ == "__main__": - wstest.main(run, wstest.WS6_URL_V1) -# @TEST-END-FILE diff --git a/testing/btest/core/dns-init.zeek b/testing/btest/core/dns-init.zeek index 893a54f025..7e4292cd7e 100644 --- a/testing/btest/core/dns-init.zeek +++ b/testing/btest/core/dns-init.zeek @@ -1,11 +1,11 @@ -# We once had a bug where DNS lookups at init time lead to an immediate crash. +# We once had a bug where DNS lookups at init time lead to an immediate crash. # # @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: btest-diff .stdout const foo: set[addr] = { - google.com + blocking_lookup_hostname("google.com") }; print foo; diff --git a/testing/btest/core/fake_dns.zeek b/testing/btest/core/fake_dns.zeek index b9d47cdd2e..ae4ed2e8ed 100644 --- a/testing/btest/core/fake_dns.zeek +++ b/testing/btest/core/fake_dns.zeek @@ -5,9 +5,9 @@ redef exit_only_after_terminate = T; global addrs: set[addr] = { - google.com, - bing.com, - yahoo.com + blocking_lookup_hostname("google.com"), + blocking_lookup_hostname("bing.com"), + blocking_lookup_hostname("yahoo.com") }; global c: count = 0; diff --git a/testing/btest/core/hostname-literal-resolve.zeek b/testing/btest/core/hostname-literal-resolve.zeek deleted file mode 100644 index 1c0182306c..0000000000 --- a/testing/btest/core/hostname-literal-resolve.zeek +++ /dev/null @@ -1,11 +0,0 @@ -# @TEST-DOC: Testing deprecated hostname literal resolutions -# -# @TEST-EXEC: zeek --parse-only -b %INPUT 2>err.parse-only >out.parse-only -# @TEST-EXEC: zeek -b %INPUT 2>err >out -# -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err.parse-only -# @TEST-EXEC: btest-diff out.parse-only -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err -# @TEST-EXEC: btest-diff out - -print "dns.example.com", dns.example.com; diff --git a/testing/btest/language/optional-and-default-field.zeek b/testing/btest/language/optional-and-default-field.zeek deleted file mode 100644 index 5379b21ce2..0000000000 --- a/testing/btest/language/optional-and-default-field.zeek +++ /dev/null @@ -1,18 +0,0 @@ -# @TEST-DOC: Warn on record fields that have both, &optional and &default -# -# @TEST-EXEC: zeek -b %INPUT -# @TEST-EXEC: btest-diff .stdout -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr - -type R: record { }; - -type X: record { - c: count &optional &default=5; - i: int &default=-5 &optional; - v: vector of string &optional &default=vector(); - r0: R &optional &default=R(); - r1: R &default=R() &optional; -}; - -global x = X(); -print x; diff --git a/testing/btest/plugins/func-hook-plugin/src/Plugin.cc b/testing/btest/plugins/func-hook-plugin/src/Plugin.cc index 6ad6ec2251..0ab6a00f46 100644 --- a/testing/btest/plugins/func-hook-plugin/src/Plugin.cc +++ b/testing/btest/plugins/func-hook-plugin/src/Plugin.cc @@ -48,7 +48,7 @@ std::pair Plugin::HookFunctionCall(const zeek::Func* func, z zeek::plugin::HookArgument(args).Describe(&d); fprintf(stderr, "%.6f %-15s %s\n", zeek::run_state::network_time, "| HookFunctionCall", d.Description()); - if ( zeek::util::streq(func->Name(), "foo") ) { + if ( func->GetName() == "foo" ) { auto& vl = *args; vl[0] = zeek::val_mgr->Count(42); } diff --git a/testing/btest/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek b/testing/btest/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek deleted file mode 100644 index 9784dccd1a..0000000000 --- a/testing/btest/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek +++ /dev/null @@ -1,18 +0,0 @@ -# @TEST-DOC: Test the deprecated dpd log with tests from before its removal. -# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-missing-space-after-reply-code.pcap %INPUT -# @TEST-EXEC: mv dpd.log dpd-ftp-missing-space-after-reply-code.log -# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-invalid-reply-code.pcap %INPUT -# @TEST-EXEC: mv dpd.log dpd-ftp-invalid-reply-code.log -# @TEST-EXEC: zeek -r $TRACES/http/http-11-request-then-cruft.pcap %INPUT -# @TEST-EXEC: mv dpd.log dpd-http-11-request-then-cruft.log -# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap %INPUT -# @TEST-EXEC: mv dpd.log dpd-gtp9_unknown_or_too_short_payload.log -# @TEST-EXEC: zeek -r $TRACES/dce-rpc/ntlm-empty-av-sequence.pcap %INPUT -# @TEST-EXEC: mv dpd.log dpd-ntlm-empty-av-sequence.log -# @TEST-EXEC: btest-diff dpd-ftp-missing-space-after-reply-code.log -# @TEST-EXEC: btest-diff dpd-ftp-invalid-reply-code.log -# @TEST-EXEC: btest-diff dpd-http-11-request-then-cruft.log -# @TEST-EXEC: btest-diff dpd-gtp9_unknown_or_too_short_payload.log -# @TEST-EXEC: btest-diff dpd-ntlm-empty-av-sequence.log - -@load frameworks/analyzer/deprecated-dpd-log.zeek diff --git a/testing/btest/scripts/policy/frameworks/dpd/packet-segment-logging.zeek b/testing/btest/scripts/policy/frameworks/dpd/packet-segment-logging.zeek deleted file mode 100644 index f5e2366c30..0000000000 --- a/testing/btest/scripts/policy/frameworks/dpd/packet-segment-logging.zeek +++ /dev/null @@ -1,16 +0,0 @@ -# @TEST-DOC: IPv6 connection from external ipv6.pcap triggering FTP analyzer violation. Check dpd.log contains the right packet_segment -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6-violation.trace %INPUT -# @TEST-EXEC: btest-diff dpd.log - -@load frameworks/dpd/packet-segment-logging - -event analyzer_violation(c: connection, atype: AllAnalyzers::Tag, aid: count, reason: string) - { - print "analyzer_violation", c$id, atype, aid, reason; - } - -event analyzer_violation_info(tag: AllAnalyzers::Tag, info: AnalyzerViolationInfo) - { - print "reason", info$reason; - print "data", fmt("%s", info$data); - } diff --git a/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek b/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek deleted file mode 100644 index c5b90f8bc0..0000000000 --- a/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek +++ /dev/null @@ -1,14 +0,0 @@ -# @TEST-EXEC: zeek -C -r $TRACES/http/cooper-grill-dvwa.pcapng -b %INPUT >output -# @TEST-EXEC: btest-diff output -# @TEST-EXEC: zeek-cut -m uid method host uri tags < http.log > http.log.cut -# @TEST-EXEC: btest-diff http.log.cut - -@load base/protocols/http -# Remove in v8.1: Remove this test when detect-sqli is gone sql-injection-plus-dvwa2.zeek tests detect-sql-injection. -@load protocols/http/detect-sqli - -event connection_state_remove(c: connection) - { - if ( c?$http ) - print c$uid, c$id, cat(c$http$tags); - } diff --git a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek index 9e6f708260..eb54895b7f 100644 --- a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek +++ b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output -@load protocols/http/detect-sqli +@load protocols/http/detect-sql-injection event zeek_init() { @@ -14,7 +14,6 @@ event zeek_init() add positive_matches["/index.asp?ID='+139+'0"]; add positive_matches["/index.php?blah=123'/*blooblah*/;select * from something;--"]; add positive_matches["/index.cfm?ID=3%' and '%'='"]; - add positive_matches["/index.php?mac=\" OR whatever LIKE \"%"]; add positive_matches["/index.cfm?ID=3;declare @d int;--"]; add positive_matches["/index.cfm?subjID=12;create table t_jiaozhu(jiaozhu varchar(200))"]; add positive_matches["/index.cfm?subjID=12%' and(char(94)+user+char(94))>0 and '%'='"]; @@ -96,6 +95,7 @@ event zeek_init() add negative_matches["/A-B-C-D/inc/foobar.php?img=1179681280a b c d arf union.jpg"]; # These are still being matched accidentally. + #add positive_matches["/index.php?mac=\" OR whatever LIKE \"%"]; #add negative_matches["/api/datasources/proxy/1/query?db=telegraf&q=SELECT mean(\"0.5\") AS \"0.5\", mean(\"0.9\") AS \"0.9\", mean(\"0.99\") AS \"0.99\" FROM \"boomd_indexer_write_size_bytes\" WHERE (\"type\" = 'key' AND \"space\" =~ /^(corelight|wrccdc)$/) AND time >= 1561410802000ms and time <= 1561416568000ms GROUP BY time(1s);SELECT derivative(sum(\"sum\"), 1s) FROM \"boomd_indexer_write_size_bytes\" WHERE (\"type\" = 'key' AND \"space\" =~ /^(corelight|wrccdc)$/) AND time >= 1561410802000ms and time <= 1561416568000ms GROUP BY time(1s)&epoch=ms"]; #add negative_matches["/test,+soviet+union&searchscope=7&SORT=DZ/test,+soviet+union&foobar=7"]; #add negative_matches["/search?hl=en&q=fee union western"]; diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test index 6556621f56..1a632c9ad8 100644 --- a/testing/btest/scripts/site/local-compat.test +++ b/testing/btest/scripts/site/local-compat.test @@ -95,7 +95,7 @@ redef digest_salt = "Please change this value."; @load protocols/ssh/interesting-hostnames # Detect SQL injection attacks. -@load protocols/http/detect-sqli +@load protocols/http/detect-sql-injection #### Network File Handling ####