From 95f000738bc8f04559b0f3d8ba98ae369a9c640c Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 12:40:09 -0400 Subject: [PATCH 001/120] ElasticSearch log writer implementation test 1 - writes out JSON to file instead of sending it over HTTP for now. --- src/logging/Manager.cc | 9 + src/logging/writers/ElasticSearch.cc | 242 +++++++++++++++++++++++++++ src/logging/writers/ElasticSearch.h | 67 ++++++++ 3 files changed, 318 insertions(+) create mode 100644 src/logging/writers/ElasticSearch.cc create mode 100644 src/logging/writers/ElasticSearch.h diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index baf832e6a9..d338ac97f8 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -17,6 +17,10 @@ #include "writers/Ascii.h" #include "writers/None.h" +#ifdef USE_ELASTICSEARCH +#include "writers/ElasticSearch.h" +#endif + #ifdef USE_DATASERIES #include "writers/DataSeries.h" #endif @@ -35,6 +39,11 @@ struct WriterDefinition { WriterDefinition log_writers[] = { { BifEnum::Log::WRITER_NONE, "None", 0, writer::None::Instantiate }, { BifEnum::Log::WRITER_ASCII, "Ascii", 0, writer::Ascii::Instantiate }, + +#ifdef USE_ELASTICSEARCH + { BifEnum::Log::WRITER_ASCII, "ElasticSearch", 0, writer::ElasticSearch::Instantiate }, +#endif + #ifdef USE_DATASERIES { BifEnum::Log::WRITER_DATASERIES, "DataSeries", 0, writer::DataSeries::Instantiate }, #endif diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc new file mode 100644 index 0000000000..eb83f26542 --- /dev/null +++ b/src/logging/writers/ElasticSearch.cc @@ -0,0 +1,242 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "config.h" + +#ifdef USE_ELASTICSEARCH + +#include +#include + +#include "util.h" + +#include "NetVar.h" +#include "threading/SerialTypes.h" + +#include "ElasticSearch.h" + +using namespace logging; +using namespace writer; +using threading::Value; +using threading::Field; + +#define MAX_EVENT_SIZE 1024 + +ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) + { + cluster_name_len = BifConst::LogElasticSearch::cluster_name->Len(); + cluster_name = new char[cluster_name_len]; + memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len); + + server_host_len = BifConst::LogElasticSearch::server_host->Len(); + server_host = new char[server_host_len]; + memcpy(server_host, BifConst::LogElasticSearch::server_host->Bytes(), server_host_len); + + index_name_len = BifConst::LogElasticSearch::index_name->Len(); + index_name = new char[index_name_len]; + memcpy(index_name, BifConst::LogElasticSearch::index_name->Bytes(), index_name_len); + + type_prefix_len = BifConst::LogElasticSearch::type_prefix->Len(); + type_prefix = new char[type_prefix_len]; + memcpy(type_prefix, BifConst::LogElasticSearch::type_prefix->Bytes(), type_prefix_len); + + server_port = BifConst::LogElasticSearch::server_port; + batch_size = BifConst::LogElasticSearch::batch_size; + + buffer = safe_malloc(MAX_EVENT_SIZE * batch_size); + current_offset = 0; + buffer[current_offset] = "\0"; + counter = 0; + } + +ElasticSearch::~ElasticSearch() + { + delete [] cluster_name; + delete [] server_host; + delete [] index_name; + delete [] type_prefix; + delete [] buffer; + } + +bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fields) + { + //TODO: Determine what, if anything, needs to be done here. + return true; + } + +bool ElasticSearch::DoFlush() + { + //TODO: Send flush command to ElasticSearch + return true; + } + +bool ElasticSearch::DoFinish() + { + return WriterBackend::DoFinish(); + } + +char* ElasticSearch::FormatField(const char* field_name, const char* field_value) +{ + char* result = new char[MAX_EVENT_SIZE]; + strcpy(result, "\""); + strcpy(result, field_name); + strcpy(result, "\":\""); + strcpy(result, field_value); + strcpy(result, "\""); + return result; + +} + +bool ElasticSearch::BatchIndex() +{ + file = fopen("/tmp/batch.test", 'w'); + fwrite(buffer, current_offset, 1, file); + fclose(file); + file = 0; +} + +char* ElasticSearch::AddFieldToBuffer(Value* val, const Field* field) + { + if ( ! val->present ) + { + return ""; + } + + switch ( val->type ) { + + case TYPE_BOOL: + return FormatField(field->name, val->val.int_val ? "T" : "F"); + + case TYPE_INT: + return FormatField(field->name, val->val.int_val); + + case TYPE_COUNT: + case TYPE_COUNTER: + return FormatField(field->name, val->val.uint_val); + + case TYPE_PORT: + return FormatField(field->name, val->val.port_val.port); + + case TYPE_SUBNET: + return FormatField(field->name, Render(val->val.subnet_val)); + + case TYPE_ADDR: + return FormatField(field->name, Render(val->val.addr_val)); + + case TYPE_INTERVAL: + case TYPE_TIME: + case TYPE_DOUBLE: + return FormatField(field->name, val->val.double_val); + + case TYPE_ENUM: + case TYPE_STRING: + case TYPE_FILE: + case TYPE_FUNC: + { + int size = val->val.string_val->size(); + const char* data = val->val.string_val->data(); + + if ( ! size ) + return ""; + return FormatField(field->name, val->val.string_val->data()); + } + + case TYPE_TABLE: + { + if ( ! val->val.set_val.size ) + return ""; + + char* tmp = new char[MAX_EVENT_SIZE]; + strcpy(tmp, "{"); + for ( int j = 0; j < val->val.set_val.size; j++ ) + { + char* result = AddFieldToBuffer(val->val.set_val.vals[j], field); + bool resultSeen = false; + if ( result ){ + if ( resultSeen ) + strcpy(tmp, ","); + strcpy(tmp, result); + } + } + return FormatField(field->name, tmp); + } + + case TYPE_VECTOR: + { + if ( ! val->val.vector_val.size ) + return ""; + + char* tmp = new char[MAX_EVENT_SIZE]; + strcpy(tmp, "{"); + for ( int j = 0; j < val->val.vector_val.size; j++ ) + { + char* result = AddFieldToBuffer(val->val.vector_val.vals[j], field); + bool resultSeen = false; + if ( result ){ + if ( resultSeen ) + strcpy(tmp, ","); + strcpy(tmp, result); + } + } + return FormatField(field->name, tmp); + } + + default: + return ""; + } + + } + +bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, + Value** vals) + { + // Our action line looks like: + // {"index":"$index_name","type":"$type_prefix$path"}\n{ + + bool resultSeen = false; + + for ( int i = 0; i < num_fields; i++ ) + { + char* result = DoWriteOne(vals[i], fields[i]); + if ( result ) { + if ( ! resultSeen ) { + strcpy(buffer[current_offset], "{\"index\":\""); + strcat(buffer[current_offset], index_name); + strcat(buffer[current_offset], "\",\"type\":\""); + strcat(buffer[current_offset], type_prefix); + strcat(buffer[current_offset], Path()); + strcat(buffer[current_offset], "\"}\n{"); + current_offset = strlen(buffer); + resultSeen = true; + } + else { + strcat(buffer[current_offset], ","); + current_offset += 1; + } + strcat(buffer[current_offset], result); + current_offset += strlen(result); + } + } + + if ( resultSeen ) { + strcat(buffer[current_offset], "}\n"); + current_offset += 2; + counter += 1; + if ( counter >= batch_size ) + BatchIndex(); + } + return true; + } + +bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating) + { + //TODO: Determine what, if anything, needs to be done here. + return true; + } + +bool ElasticSearch::DoSetBuf(bool enabled) + { + // Nothing to do. + return true; + } + +#endif diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h new file mode 100644 index 0000000000..870290a6e0 --- /dev/null +++ b/src/logging/writers/ElasticSearch.h @@ -0,0 +1,67 @@ +// See the file "COPYING" in the main distribution directory for copyright. +// +// Log writer for writing to an ElasticSearch database + +#ifndef LOGGING_WRITER_ELASTICSEARCH_H +#define LOGGING_WRITER_ELASTICSEARCH_H + +#include "../WriterBackend.h" + +namespace logging { namespace writer { + +class ElasticSearch : public WriterBackend { +public: + ElasticSearch(WriterFrontend* frontend); + ~ElasticSearch(); + + static WriterBackend* Instantiate(WriterFrontend* frontend) + { return new ElasticSearch(frontend); } + static string LogExt(); + +protected: + // Overidden from WriterBackend. + + virtual bool DoInit(string path, int num_fields, + const threading::Field* const * fields); + + virtual bool DoWrite(int num_fields, const threading::Field* const* fields, + threading::Value** vals); + virtual bool DoSetBuf(bool enabled); + virtual bool DoRotate(string rotated_path, double open, + double close, bool terminating); + virtual bool DoFlush(); + virtual bool DoFinish(); + +private: + char* AddFieldToBuffer(threading::Value* val, const threading::Field* field); + char* FormatField(const char* field_name, const char* field_value); + bool BatchIndex(); + + char* buffer; + int current_offset; + int counter; + + // From scripts + char* cluster_name; + int cluster_name_len; + + char* server_host; + int server_host_len; + + uint64 server_port; + + char* index_name; + int index_name_len; + + char* type_prefix; + int type_prefix_len; + + uint64 batch_size; + +}; + +} +} + + +#endif From 7bee0b0d8e91d1b8c09934c671ebb7cd9607cdca Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 22:07:20 -0400 Subject: [PATCH 002/120] Added sending messages to ElasticSearch over HTTP. --- CMakeLists.txt | 10 + config.h.in | 3 + configure | 5 + scripts/base/frameworks/logging/__load__.bro | 1 + .../logging/writers/elasticsearch.bro | 25 ++ src/CMakeLists.txt | 1 + src/logging.bif | 11 + src/logging/Manager.cc | 6 +- src/logging/writers/ElasticSearch.cc | 317 +++++++++++------- src/logging/writers/ElasticSearch.h | 13 +- src/types.bif | 1 + 11 files changed, 266 insertions(+), 127 deletions(-) create mode 100644 scripts/base/frameworks/logging/writers/elasticsearch.bro diff --git a/CMakeLists.txt b/CMakeLists.txt index 28b702ab01..404cdfeeb5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -122,6 +122,14 @@ if (LINTEL_FOUND AND DATASERIES_FOUND AND LIBXML2_FOUND) list(APPEND OPTLIBS ${LibXML2_LIBRARIES}) endif() +set(USE_LIBCURL false) +find_package(CURL) +if (CURL_FOUND) + set(USE_LIBCURL true) + include_directories(BEFORE ${CURL_INCLUDE_DIR}) + list(APPEND OPTLIBS ${CURL_LIBRARIES}) +endif() + if (ENABLE_PERFTOOLS_DEBUG) # Just a no op to prevent CMake from complaining about manually-specified # ENABLE_PERFTOOLS_DEBUG not being used if google perftools weren't found @@ -209,11 +217,13 @@ message( "\nBroccoli: ${INSTALL_BROCCOLI}" "\nBroctl: ${INSTALL_BROCTL}" "\nAux. Tools: ${INSTALL_AUX_TOOLS}" + "\nElasticSearch: ${INSTALL_ELASTICSEARCH}" "\n" "\nGeoIP: ${USE_GEOIP}" "\nGoogle perftools: ${USE_PERFTOOLS}" "\n debugging: ${USE_PERFTOOLS_DEBUG}" "\nDataSeries: ${USE_DATASERIES}" + "\nlibCURL: ${USE_LIBCURL}" "\n" "\n================================================================\n" ) diff --git a/config.h.in b/config.h.in index c2cb3ec1dc..66121cefbf 100644 --- a/config.h.in +++ b/config.h.in @@ -117,6 +117,9 @@ /* Use the DataSeries writer. */ #cmakedefine USE_DATASERIES +/* Build the ElasticSearch writer. */ +#cmakedefine INSTALL_ELASTICSEARCH + /* Version number of package */ #define VERSION "@VERSION@" diff --git a/configure b/configure index 3258d4abfc..7ea5613a6d 100755 --- a/configure +++ b/configure @@ -35,6 +35,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --disable-auxtools don't build or install auxiliary tools --disable-python don't try to build python bindings for broccoli --disable-ruby don't try to build ruby bindings for broccoli + --enable-elasticsearch build the elasticsearch writer Required Packages in Non-Standard Locations: --with-openssl=PATH path to OpenSSL install root @@ -98,6 +99,7 @@ append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro append_cache_entry BRO_ETC_INSTALL_DIR PATH $prefix/etc append_cache_entry ENABLE_DEBUG BOOL false append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false +append_cache_entry INSTALL_ELASTICSEARCH BOOL false append_cache_entry BinPAC_SKIP_INSTALL BOOL true append_cache_entry BUILD_SHARED_LIBS BOOL true append_cache_entry INSTALL_AUX_TOOLS BOOL true @@ -156,6 +158,9 @@ while [ $# -ne 0 ]; do --disable-auxtools) append_cache_entry INSTALL_AUX_TOOLS BOOL false ;; + --enable-elasticsearch) + append_cache_entry INSTALL_ELASTICSEARCH BOOL true + ;; --disable-python) append_cache_entry DISABLE_PYTHON_BINDINGS BOOL true ;; diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.bro index 17e03e2ef7..7dafc45397 100644 --- a/scripts/base/frameworks/logging/__load__.bro +++ b/scripts/base/frameworks/logging/__load__.bro @@ -2,3 +2,4 @@ @load ./postprocessors @load ./writers/ascii @load ./writers/dataseries +@load ./writers/elasticsearch \ No newline at end of file diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro new file mode 100644 index 0000000000..82dbcc43d4 --- /dev/null +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -0,0 +1,25 @@ +module LogElasticSearch; + +export { + ## Name of the ES cluster + const cluster_name = "elasticsearch" &redef; + + ## ES Server + const server_host = "127.0.0.1" &redef; + + ## ES Port + const server_port = 9200 &redef; + + ## Name of the ES index + const index_name = "bro-logs" &redef; + + ## The ES type prefix comes before the name of the related log. + ## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc. + const type_prefix = "" &redef; + + ## The batch size is the number of messages that will be queued up before + ## they are sent to be bulk indexed. + ## Note: this is mainly a memory usage parameter. + const batch_size = 10000 &redef; +} + diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 6a68d1e7c5..fbbb01fd22 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -419,6 +419,7 @@ set(bro_SRCS logging/WriterFrontend.cc logging/writers/Ascii.cc logging/writers/DataSeries.cc + logging/writers/ElasticSearch.cc logging/writers/None.cc input/Manager.cc diff --git a/src/logging.bif b/src/logging.bif index efc6ed0b4b..308ea78b7a 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -81,3 +81,14 @@ const extent_size: count; const dump_schema: bool; const use_integer_for_time: bool; const num_threads: count; + +# Options for the ElasticSearch writer. + +module LogElasticSearch; + +const cluster_name: string; +const server_host: string; +const server_port: count; +const index_name: string; +const type_prefix: string; +const batch_size: count; diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index d338ac97f8..ddfed0f70f 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -17,7 +17,7 @@ #include "writers/Ascii.h" #include "writers/None.h" -#ifdef USE_ELASTICSEARCH +#ifdef INSTALL_ELASTICSEARCH #include "writers/ElasticSearch.h" #endif @@ -40,8 +40,8 @@ WriterDefinition log_writers[] = { { BifEnum::Log::WRITER_NONE, "None", 0, writer::None::Instantiate }, { BifEnum::Log::WRITER_ASCII, "Ascii", 0, writer::Ascii::Instantiate }, -#ifdef USE_ELASTICSEARCH - { BifEnum::Log::WRITER_ASCII, "ElasticSearch", 0, writer::ElasticSearch::Instantiate }, +#ifdef INSTALL_ELASTICSEARCH + { BifEnum::Log::WRITER_ELASTICSEARCH, "ElasticSearch", 0, writer::ElasticSearch::Instantiate }, #endif #ifdef USE_DATASERIES diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index eb83f26542..61f3734f87 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -2,7 +2,7 @@ #include "config.h" -#ifdef USE_ELASTICSEARCH +#ifdef INSTALL_ELASTICSEARCH #include #include @@ -12,6 +12,9 @@ #include "NetVar.h" #include "threading/SerialTypes.h" +#include +#include + #include "ElasticSearch.h" using namespace logging; @@ -24,28 +27,35 @@ using threading::Field; ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) { cluster_name_len = BifConst::LogElasticSearch::cluster_name->Len(); - cluster_name = new char[cluster_name_len]; + cluster_name = new char[cluster_name_len + 1]; memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len); + cluster_name[cluster_name_len] = 0; server_host_len = BifConst::LogElasticSearch::server_host->Len(); - server_host = new char[server_host_len]; + server_host = new char[server_host_len + 1]; memcpy(server_host, BifConst::LogElasticSearch::server_host->Bytes(), server_host_len); + server_host[server_host_len] = 0; index_name_len = BifConst::LogElasticSearch::index_name->Len(); - index_name = new char[index_name_len]; + index_name = new char[index_name_len + 1]; memcpy(index_name, BifConst::LogElasticSearch::index_name->Bytes(), index_name_len); + index_name[index_name_len] = 0; type_prefix_len = BifConst::LogElasticSearch::type_prefix->Len(); - type_prefix = new char[type_prefix_len]; + type_prefix = new char[type_prefix_len + 1]; memcpy(type_prefix, BifConst::LogElasticSearch::type_prefix->Bytes(), type_prefix_len); + type_prefix[type_prefix_len] = 0; server_port = BifConst::LogElasticSearch::server_port; batch_size = BifConst::LogElasticSearch::batch_size; - buffer = safe_malloc(MAX_EVENT_SIZE * batch_size); + buffer = (char *)safe_malloc(MAX_EVENT_SIZE * batch_size); current_offset = 0; - buffer[current_offset] = "\0"; + buffer[current_offset] = 0; counter = 0; + + curl_handle = HTTPSetup(); + curl_result = new char[1024]; } ElasticSearch::~ElasticSearch() @@ -74,115 +84,129 @@ bool ElasticSearch::DoFinish() return WriterBackend::DoFinish(); } -char* ElasticSearch::FormatField(const char* field_name, const char* field_value) -{ - char* result = new char[MAX_EVENT_SIZE]; - strcpy(result, "\""); - strcpy(result, field_name); - strcpy(result, "\":\""); - strcpy(result, field_value); - strcpy(result, "\""); - return result; - -} - bool ElasticSearch::BatchIndex() { - file = fopen("/tmp/batch.test", 'w'); - fwrite(buffer, current_offset, 1, file); - fclose(file); - file = 0; + return HTTPSend(); +} + +char* ElasticSearch::FieldToString(Value* val, const Field* field) +{ + char* result = new char[MAX_EVENT_SIZE]; + + switch ( val->type ) { + + // ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int. + case TYPE_BOOL: + case TYPE_INT: + sprintf(result, "%d", (int) val->val.int_val); return result; + + case TYPE_COUNT: + case TYPE_COUNTER: + sprintf(result, "%d", (int) val->val.uint_val); return result; + + case TYPE_PORT: + sprintf(result, "%d", (int) val->val.port_val.port); return result; + + case TYPE_SUBNET: + sprintf(result, "\"%s\"", Render(val->val.subnet_val).c_str()); return result; + + case TYPE_ADDR: + sprintf(result, "\"%s\"", Render(val->val.addr_val).c_str()); return result; + + case TYPE_INTERVAL: + case TYPE_TIME: + sprintf(result, "\"%d\"", (int) (val->val.double_val * 1000)); return result; + case TYPE_DOUBLE: + sprintf(result, "\"%s\"", Render(val->val.double_val).c_str()); return result; + + case TYPE_ENUM: + case TYPE_STRING: + case TYPE_FILE: + case TYPE_FUNC: + { + int size = val->val.string_val->size(); + const char* data = val->val.string_val->data(); + + if ( ! size ) + return 0; + sprintf(result, "\"%s\"", data); return result; + } + + case TYPE_TABLE: + { + char* tmp = new char[MAX_EVENT_SIZE]; + int tmp_offset = 0; + strcpy(tmp, "{"); + tmp_offset = 1; + bool result_seen = false; + for ( int j = 0; j < val->val.set_val.size; j++ ) + { + char* sub_field = FieldToString(val->val.set_val.vals[j], field); + if ( sub_field ){ + + if ( result_seen ){ + strcpy(tmp + tmp_offset, ","); + tmp_offset += 1; + } + else + result_seen = true; + + sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field); + tmp_offset = strlen(tmp); + } + } + strcpy(tmp + tmp_offset, "}"); + tmp_offset += 1; + sprintf(result, "%s", tmp); + return result; + } + + case TYPE_VECTOR: + { + char* tmp = new char[MAX_EVENT_SIZE]; + int tmp_offset = 0; + strcpy(tmp, "{"); + tmp_offset = 1; + bool result_seen = false; + for ( int j = 0; j < val->val.vector_val.size; j++ ) + { + char* sub_field = FieldToString(val->val.vector_val.vals[j], field); + if ( sub_field ){ + + if ( result_seen ){ + strcpy(tmp + tmp_offset, ","); + tmp_offset += 1; + } + else + result_seen = true; + + sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field); + tmp_offset = strlen(tmp); + } + } + strcpy(tmp + tmp_offset, "}"); + tmp_offset += 1; + sprintf(result, "%s", tmp); + return result; + } + + default: + { + return (char *)"{}"; + } + + } + } char* ElasticSearch::AddFieldToBuffer(Value* val, const Field* field) { if ( ! val->present ) - { - return ""; - } - - switch ( val->type ) { - - case TYPE_BOOL: - return FormatField(field->name, val->val.int_val ? "T" : "F"); - - case TYPE_INT: - return FormatField(field->name, val->val.int_val); - - case TYPE_COUNT: - case TYPE_COUNTER: - return FormatField(field->name, val->val.uint_val); - - case TYPE_PORT: - return FormatField(field->name, val->val.port_val.port); - - case TYPE_SUBNET: - return FormatField(field->name, Render(val->val.subnet_val)); - - case TYPE_ADDR: - return FormatField(field->name, Render(val->val.addr_val)); - - case TYPE_INTERVAL: - case TYPE_TIME: - case TYPE_DOUBLE: - return FormatField(field->name, val->val.double_val); - - case TYPE_ENUM: - case TYPE_STRING: - case TYPE_FILE: - case TYPE_FUNC: - { - int size = val->val.string_val->size(); - const char* data = val->val.string_val->data(); - - if ( ! size ) - return ""; - return FormatField(field->name, val->val.string_val->data()); - } - - case TYPE_TABLE: - { - if ( ! val->val.set_val.size ) - return ""; - - char* tmp = new char[MAX_EVENT_SIZE]; - strcpy(tmp, "{"); - for ( int j = 0; j < val->val.set_val.size; j++ ) - { - char* result = AddFieldToBuffer(val->val.set_val.vals[j], field); - bool resultSeen = false; - if ( result ){ - if ( resultSeen ) - strcpy(tmp, ","); - strcpy(tmp, result); - } - } - return FormatField(field->name, tmp); - } - - case TYPE_VECTOR: - { - if ( ! val->val.vector_val.size ) - return ""; - - char* tmp = new char[MAX_EVENT_SIZE]; - strcpy(tmp, "{"); - for ( int j = 0; j < val->val.vector_val.size; j++ ) - { - char* result = AddFieldToBuffer(val->val.vector_val.vals[j], field); - bool resultSeen = false; - if ( result ){ - if ( resultSeen ) - strcpy(tmp, ","); - strcpy(tmp, result); - } - } - return FormatField(field->name, tmp); - } - - default: - return ""; - } + return 0; + + char* result = new char[MAX_EVENT_SIZE]; + sprintf(result, "\"%s\":%s", field->name.c_str(), FieldToString(val, field)); + return result; } @@ -190,39 +214,37 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, Value** vals) { // Our action line looks like: - // {"index":"$index_name","type":"$type_prefix$path"}\n{ + // {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n{ bool resultSeen = false; for ( int i = 0; i < num_fields; i++ ) { - char* result = DoWriteOne(vals[i], fields[i]); + char* result = AddFieldToBuffer(vals[i], fields[i]); if ( result ) { if ( ! resultSeen ) { - strcpy(buffer[current_offset], "{\"index\":\""); - strcat(buffer[current_offset], index_name); - strcat(buffer[current_offset], "\",\"type\":\""); - strcat(buffer[current_offset], type_prefix); - strcat(buffer[current_offset], Path()); - strcat(buffer[current_offset], "\"}\n{"); - current_offset = strlen(buffer); + current_offset += sprintf(buffer + current_offset, "{\"index\":{\"_index\":\"%s\",\"_type\":\"%s%s\"}\n{", index_name, type_prefix, Path().c_str()); resultSeen = true; } else { - strcat(buffer[current_offset], ","); + strcat(buffer, ","); current_offset += 1; } - strcat(buffer[current_offset], result); + strcat(buffer, result); current_offset += strlen(result); } } if ( resultSeen ) { - strcat(buffer[current_offset], "}\n"); + strcat(buffer, "}\n"); current_offset += 2; counter += 1; - if ( counter >= batch_size ) + if ( counter >= batch_size ){ BatchIndex(); + current_offset = 0; + buffer[current_offset] = 0; + counter = 0; + } } return true; } @@ -239,4 +261,55 @@ bool ElasticSearch::DoSetBuf(bool enabled) return true; } +// HTTP Functions start here. + +CURL* ElasticSearch::HTTPSetup() +{ + char URL[2048]; + CURL* handle; + struct curl_slist *headers=NULL; + + handle = curl_easy_init(); + if ( ! handle ) + return handle; + + sprintf(URL, "http://%s:%d/_bulk", server_host, (int) server_port); + curl_easy_setopt(handle, CURLOPT_URL, URL); + + headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8"); + curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); + + curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result. + curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs + + // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to + // just use HTTP 1.0 + curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); + return handle; + +} + +bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata){ + //TODO: Do some verification on the result? + return true; +} + +bool ElasticSearch::HTTPSend(){ + CURLcode return_code; + + curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result); + curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer); + curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, current_offset); + + return_code = curl_easy_perform(curl_handle); + switch(return_code) { + case CURLE_COULDNT_CONNECT: + case CURLE_COULDNT_RESOLVE_HOST: + case CURLE_WRITE_ERROR: + return false; + default: + return true; + } +} + #endif diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h index 870290a6e0..ad3729f6da 100644 --- a/src/logging/writers/ElasticSearch.h +++ b/src/logging/writers/ElasticSearch.h @@ -5,6 +5,7 @@ #ifndef LOGGING_WRITER_ELASTICSEARCH_H #define LOGGING_WRITER_ELASTICSEARCH_H +#include #include "../WriterBackend.h" namespace logging { namespace writer { @@ -34,12 +35,20 @@ protected: private: char* AddFieldToBuffer(threading::Value* val, const threading::Field* field); - char* FormatField(const char* field_name, const char* field_value); + char* FieldToString(threading::Value* val, const threading::Field* field); bool BatchIndex(); + CURL* HTTPSetup(); + bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata); + bool HTTPSend(); + + // Buffers, etc. char* buffer; int current_offset; - int counter; + uint64 counter; + + CURL* curl_handle; + char* curl_result; // From scripts char* cluster_name; diff --git a/src/types.bif b/src/types.bif index 76bac3e0e2..9b387b2c52 100644 --- a/src/types.bif +++ b/src/types.bif @@ -163,6 +163,7 @@ enum Writer %{ WRITER_NONE, WRITER_ASCII, WRITER_DATASERIES, + WRITER_ELASTICSEARCH, %} enum ID %{ From c8e770a499b3b9457bcb9908f574c4a7b4a9ddae Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 22:51:21 -0400 Subject: [PATCH 003/120] Some basic documentation in doc/logging-elasticsearch.rst --- doc/logging-elasticsearch.rst | 97 +++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 doc/logging-elasticsearch.rst diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst new file mode 100644 index 0000000000..a3fb759c85 --- /dev/null +++ b/doc/logging-elasticsearch.rst @@ -0,0 +1,97 @@ + +======================================== +Indexed Logging Output with ElasticSearch +======================================== + +.. rst-class:: opening + + Bro's default ASCII log format is not exactly the most efficient + way for storing and searching large volumes of data. ElasticSearch + is a new and exciting technology for dealing with tons of data. + ElasticSearch is a search engine built on top of Apache's Lucene + project. It scales very well, both for distributed indexing and + distributed searching. + +.. contents:: + +Installing ElasticSearch +------------------------ + +ElasticSearch requires a JRE to run. Please download the latest version +from: . Once extracted, start +ElasticSearch with:: + +# ./bin/elasticsearch + +Compiling Bro with ElasticSearch Support +---------------------------------------- + +First, ensure that you have libcurl installed. Secondly, set the +``--enable-elasticsearch`` option:: + + # ./configure --enable-elasticsearch + [...] + ====================| Bro Build Summary |===================== + [...] + ElasticSearch: true + [...] + libCURL: true + [...] + ================================================================ + +Activating ElasticSearch +------------------------ + +The direct way to use ElasticSearch is to switch *all* log files over to +ElasticSearch. To do that, just add ``redef +Log::default_writer=Log::WRITER_ELASTICSEARCH;`` to your ``local.bro``. +For testing, you can also just pass that on the command line:: + + bro -r trace.pcap Log::default_writer=Log::WRITER_ELASTICSEARCH + +With that, Bro will now write all its output into ElasticSearch. You can +inspect these using ElasticSearch's REST-ful interface. For more +information, see: . + +There is also a rudimentary web interface to ElasticSearch, available at: +. + +You can also switch only individual files over to ElasticSearch by adding +code like this to your ``local.bro``:: + +.. code:: bro + + event bro_init() + { + local f = Log::get_filter(Conn::LOG, "default"); # Get default filter for connection log. + f$writer = Log::WRITER_ELASTICSEARCH; # Change writer type. + Log::add_filter(Conn::LOG, f); # Replace filter with adapted version. + } + +Configuring ElasticSearch +------------------------- + +Bro's ElasticSearch writer comes with a few configuraiton options:: + +- cluster_name:: Currently unused. +- server_host:: Where to send the data. Default localhost. +- server_port:: What port to send the data to. Default 9200. +- index_name:: ElasticSearch indexes are like databases in a standard DB model. +This is the name of the index to which to send the data. Default bro-logs. +- type_prefix:: ElasticSearch types are like tables in a standard DB model. +This is a prefix that gets prepended to Bro log names. +Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. +Default: none. +- batch_size:: How many messages to buffer before sending to ElasticSearch. +This is mainly a memory optimization - changing this doesn't seem to affect +indexing performance that much. Default: 10,000. + +TODO +---- + +Lots. + +- Perform multicast discovery for server. +- Better error detection. +- Dynamic index names. +- Better defaults (don't index loaded-plugins, for instance). From d09fc15b2d376da9bfab3c5b45eff0049589f217 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 22:54:19 -0400 Subject: [PATCH 004/120] Minor documentation formatting change --- doc/logging-elasticsearch.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index a3fb759c85..6c490a8b23 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -59,7 +59,7 @@ There is also a rudimentary web interface to ElasticSearch, available at: You can also switch only individual files over to ElasticSearch by adding code like this to your ``local.bro``:: -.. code:: bro +.. code::bro event bro_init() { From b3216906fe53e807070d6ce8587a7a01f9fea4f1 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 22:56:38 -0400 Subject: [PATCH 005/120] Minor documentation formatting change --- doc/logging-elasticsearch.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index 6c490a8b23..7a16acb0f1 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -77,14 +77,14 @@ Bro's ElasticSearch writer comes with a few configuraiton options:: - server_host:: Where to send the data. Default localhost. - server_port:: What port to send the data to. Default 9200. - index_name:: ElasticSearch indexes are like databases in a standard DB model. -This is the name of the index to which to send the data. Default bro-logs. + This is the name of the index to which to send the data. Default bro-logs. - type_prefix:: ElasticSearch types are like tables in a standard DB model. -This is a prefix that gets prepended to Bro log names. -Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. -Default: none. + This is a prefix that gets prepended to Bro log names. + Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. + Default: none. - batch_size:: How many messages to buffer before sending to ElasticSearch. -This is mainly a memory optimization - changing this doesn't seem to affect -indexing performance that much. Default: 10,000. + This is mainly a memory optimization - changing this doesn't seem to affect + indexing performance that much. Default: 10,000. TODO ---- From 360d7e2eda7e2a4b14f43021e197f6b65b28328e Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 22:59:29 -0400 Subject: [PATCH 006/120] Minor documentation formatting change --- doc/logging-elasticsearch.rst | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index 7a16acb0f1..4229748854 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -73,18 +73,12 @@ Configuring ElasticSearch Bro's ElasticSearch writer comes with a few configuraiton options:: -- cluster_name:: Currently unused. -- server_host:: Where to send the data. Default localhost. -- server_port:: What port to send the data to. Default 9200. -- index_name:: ElasticSearch indexes are like databases in a standard DB model. - This is the name of the index to which to send the data. Default bro-logs. -- type_prefix:: ElasticSearch types are like tables in a standard DB model. - This is a prefix that gets prepended to Bro log names. - Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. - Default: none. -- batch_size:: How many messages to buffer before sending to ElasticSearch. - This is mainly a memory optimization - changing this doesn't seem to affect - indexing performance that much. Default: 10,000. +- cluster_name: Currently unused. +- server_host: Where to send the data. Default localhost. +- server_port: What port to send the data to. Default 9200. +- index_name: ElasticSearch indexes are like databases in a standard DB model. This is the name of the index to which to send the data. Default bro-logs. +- type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. +- batch_size: How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000. TODO ---- From 3d8b86c00a7d5cb4a4dd52ef08e6d06d42ee88a3 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 23:00:10 -0400 Subject: [PATCH 007/120] Minor documentation formatting change --- doc/logging-elasticsearch.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index 4229748854..3b630c4bff 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -76,7 +76,8 @@ Bro's ElasticSearch writer comes with a few configuraiton options:: - cluster_name: Currently unused. - server_host: Where to send the data. Default localhost. - server_port: What port to send the data to. Default 9200. -- index_name: ElasticSearch indexes are like databases in a standard DB model. This is the name of the index to which to send the data. Default bro-logs. +- index_name: ElasticSearch indexes are like databases in a standard DB model. + This is the name of the index to which to send the data. Default bro-logs. - type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. - batch_size: How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000. From bf852b51f5bac6ba6b0dd14e4f6ab5fb73b68195 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 23:01:18 -0400 Subject: [PATCH 008/120] Minor documentation formatting change --- doc/logging-elasticsearch.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index 3b630c4bff..f891212ccd 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -76,8 +76,10 @@ Bro's ElasticSearch writer comes with a few configuraiton options:: - cluster_name: Currently unused. - server_host: Where to send the data. Default localhost. - server_port: What port to send the data to. Default 9200. + - index_name: ElasticSearch indexes are like databases in a standard DB model. This is the name of the index to which to send the data. Default bro-logs. + - type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. - batch_size: How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000. From 5915a2d304fd4d90f799057bfeb7425ee29e95ef Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sun, 3 Jun 2012 23:02:07 -0400 Subject: [PATCH 009/120] Minor documentation formatting change --- doc/logging-elasticsearch.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index f891212ccd..b3cf062de4 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -71,16 +71,19 @@ code like this to your ``local.bro``:: Configuring ElasticSearch ------------------------- -Bro's ElasticSearch writer comes with a few configuraiton options:: +Bro's ElasticSearch writer comes with a few configuration options:: - cluster_name: Currently unused. + - server_host: Where to send the data. Default localhost. + - server_port: What port to send the data to. Default 9200. - index_name: ElasticSearch indexes are like databases in a standard DB model. This is the name of the index to which to send the data. Default bro-logs. - type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. + - batch_size: How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000. TODO From 5db027e39f35c189130628bc03b0417dad951f17 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 5 Jun 2012 17:23:50 -0400 Subject: [PATCH 010/120] Fix timestamp overflow bug. --- src/logging/writers/ElasticSearch.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 61f3734f87..a073ea7e7c 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -115,7 +115,7 @@ char* ElasticSearch::FieldToString(Value* val, const Field* field) case TYPE_INTERVAL: case TYPE_TIME: - sprintf(result, "\"%d\"", (int) (val->val.double_val * 1000)); return result; + sprintf(result, "\"%llu\"", (unsigned long long) (val->val.double_val * 1000)); return result; case TYPE_DOUBLE: sprintf(result, "\"%s\"", Render(val->val.double_val).c_str()); return result; From a3b330dbc6ddb0502a004e37a8977d22395d8ef9 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 5 Jun 2012 17:24:13 -0400 Subject: [PATCH 011/120] Make default index name 'bro'. --- doc/logging-elasticsearch.rst | 2 +- scripts/base/frameworks/logging/writers/elasticsearch.bro | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index b3cf062de4..4fce470d4a 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -80,7 +80,7 @@ Bro's ElasticSearch writer comes with a few configuration options:: - server_port: What port to send the data to. Default 9200. - index_name: ElasticSearch indexes are like databases in a standard DB model. - This is the name of the index to which to send the data. Default bro-logs. + This is the name of the index to which to send the data. Default bro. - type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro index 82dbcc43d4..7f968d0042 100644 --- a/scripts/base/frameworks/logging/writers/elasticsearch.bro +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -11,7 +11,7 @@ export { const server_port = 9200 &redef; ## Name of the ES index - const index_name = "bro-logs" &redef; + const index_name = "bro" &redef; ## The ES type prefix comes before the name of the related log. ## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc. From 894dec006909477bc9bae177fde6a739bdf73173 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 5 Jun 2012 23:01:36 -0400 Subject: [PATCH 012/120] No quotes for times and doubles, since ES won't interpret them as numbers then. --- src/logging/writers/ElasticSearch.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index a073ea7e7c..3a7635a6a2 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -115,9 +115,9 @@ char* ElasticSearch::FieldToString(Value* val, const Field* field) case TYPE_INTERVAL: case TYPE_TIME: - sprintf(result, "\"%llu\"", (unsigned long long) (val->val.double_val * 1000)); return result; + sprintf(result, "%llu", (unsigned long long) (val->val.double_val * 1000)); return result; case TYPE_DOUBLE: - sprintf(result, "\"%s\"", Render(val->val.double_val).c_str()); return result; + sprintf(result, "%s", Render(val->val.double_val).c_str()); return result; case TYPE_ENUM: case TYPE_STRING: From 5e05e548ff0e5b640a448c29d6c64f1c378bdb10 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 5 Jun 2012 23:20:28 -0400 Subject: [PATCH 013/120] Change time printf format to use the more compatible PRIu64. --- src/logging/writers/ElasticSearch.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 3a7635a6a2..1817ce63ef 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -115,7 +115,7 @@ char* ElasticSearch::FieldToString(Value* val, const Field* field) case TYPE_INTERVAL: case TYPE_TIME: - sprintf(result, "%llu", (unsigned long long) (val->val.double_val * 1000)); return result; + sprintf(result, "%"PRIu64"", (uint64) (val->val.double_val * 1000)); return result; case TYPE_DOUBLE: sprintf(result, "%s", Render(val->val.double_val).c_str()); return result; From 22efa452796fff41e3ebf91d0e241f21bb7ae8e7 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Fri, 15 Jun 2012 10:48:22 -0400 Subject: [PATCH 014/120] Merging in latest changes from Bro master. --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- cmake | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/aux/binpac b/aux/binpac index 6f43a8115d..b4094cb75e 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 6f43a8115d8e6483a50957c5d21c5d69270ab3aa +Subproject commit b4094cb75e0a7769123f7db1f5d73f3f9f1c3977 diff --git a/aux/bro-aux b/aux/bro-aux index c6391412e9..2038e3de04 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit c6391412e902e896836450ab98910309b2ca2d9b +Subproject commit 2038e3de042115c3caa706426e16c830c1fd1e9e diff --git a/aux/broccoli b/aux/broccoli index 0d139c09d5..4e17842743 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 0d139c09d5a9c8623ecc2a5f395178f0ddcd7e16 +Subproject commit 4e17842743fef8df6abf0588c7ca86c6937a2b6d diff --git a/aux/broctl b/aux/broctl index 880f3e48d3..892b60edb9 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 880f3e48d33bb28d17184656f858a4a0e2e1574c +Subproject commit 892b60edb967bb456872638f22ba994e84530137 diff --git a/cmake b/cmake index 2a72c5e08e..96f3d92aca 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 2a72c5e08e018cf632033af3920432d5f684e130 +Subproject commit 96f3d92acadbe1ae64f410e974c5ff503903394b From d3bb4617e96a8ec725e8d103b35813ff5d48f58a Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Fri, 15 Jun 2012 11:21:24 -0400 Subject: [PATCH 015/120] Configuration logic - if libcurl is found, enable elasticsearch plugin. --- CMakeLists.txt | 1 + configure | 4 ---- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 404cdfeeb5..4b1cccf8dc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -128,6 +128,7 @@ if (CURL_FOUND) set(USE_LIBCURL true) include_directories(BEFORE ${CURL_INCLUDE_DIR}) list(APPEND OPTLIBS ${CURL_LIBRARIES}) + set(INSTALL_ELASTICSEARCH true) endif() if (ENABLE_PERFTOOLS_DEBUG) diff --git a/configure b/configure index 7ea5613a6d..801fb1e801 100755 --- a/configure +++ b/configure @@ -35,7 +35,6 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --disable-auxtools don't build or install auxiliary tools --disable-python don't try to build python bindings for broccoli --disable-ruby don't try to build ruby bindings for broccoli - --enable-elasticsearch build the elasticsearch writer Required Packages in Non-Standard Locations: --with-openssl=PATH path to OpenSSL install root @@ -158,9 +157,6 @@ while [ $# -ne 0 ]; do --disable-auxtools) append_cache_entry INSTALL_AUX_TOOLS BOOL false ;; - --enable-elasticsearch) - append_cache_entry INSTALL_ELASTICSEARCH BOOL true - ;; --disable-python) append_cache_entry DISABLE_PYTHON_BINDINGS BOOL true ;; From 0bb8b69c95191b7e25296770010b201f67f9cc9c Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 15 Jun 2012 16:30:54 -0400 Subject: [PATCH 016/120] Reworked bulk operation string construction to use ODesc and added json escaping. --- src/logging/writers/ElasticSearch.cc | 410 ++++++++++++--------------- src/logging/writers/ElasticSearch.h | 20 +- 2 files changed, 187 insertions(+), 243 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 1817ce63ef..d8c4bee306 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -8,6 +8,7 @@ #include #include "util.h" +#include "BroString.h" #include "NetVar.h" #include "threading/SerialTypes.h" @@ -22,38 +23,16 @@ using namespace writer; using threading::Value; using threading::Field; -#define MAX_EVENT_SIZE 1024 - ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) { cluster_name_len = BifConst::LogElasticSearch::cluster_name->Len(); cluster_name = new char[cluster_name_len + 1]; memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len); cluster_name[cluster_name_len] = 0; - - server_host_len = BifConst::LogElasticSearch::server_host->Len(); - server_host = new char[server_host_len + 1]; - memcpy(server_host, BifConst::LogElasticSearch::server_host->Bytes(), server_host_len); - server_host[server_host_len] = 0; - - index_name_len = BifConst::LogElasticSearch::index_name->Len(); - index_name = new char[index_name_len + 1]; - memcpy(index_name, BifConst::LogElasticSearch::index_name->Bytes(), index_name_len); - index_name[index_name_len] = 0; - - type_prefix_len = BifConst::LogElasticSearch::type_prefix->Len(); - type_prefix = new char[type_prefix_len + 1]; - memcpy(type_prefix, BifConst::LogElasticSearch::type_prefix->Bytes(), type_prefix_len); - type_prefix[type_prefix_len] = 0; - - server_port = BifConst::LogElasticSearch::server_port; - batch_size = BifConst::LogElasticSearch::batch_size; - - buffer = (char *)safe_malloc(MAX_EVENT_SIZE * batch_size); - current_offset = 0; - buffer[current_offset] = 0; + + buffer.Clear(); counter = 0; - + curl_handle = HTTPSetup(); curl_result = new char[1024]; } @@ -61,21 +40,17 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) ElasticSearch::~ElasticSearch() { delete [] cluster_name; - delete [] server_host; - delete [] index_name; - delete [] type_prefix; - delete [] buffer; } bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fields) { - //TODO: Determine what, if anything, needs to be done here. + //TODO: Determine what, if anything, needs to be done here. return true; } bool ElasticSearch::DoFlush() { - //TODO: Send flush command to ElasticSearch + //TODO: Send flush command to ElasticSearch return true; } @@ -84,174 +59,155 @@ bool ElasticSearch::DoFinish() return WriterBackend::DoFinish(); } -bool ElasticSearch::BatchIndex() -{ - return HTTPSend(); -} - -char* ElasticSearch::FieldToString(Value* val, const Field* field) -{ - char* result = new char[MAX_EVENT_SIZE]; - - switch ( val->type ) { - - // ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int. - case TYPE_BOOL: - case TYPE_INT: - sprintf(result, "%d", (int) val->val.int_val); return result; - - case TYPE_COUNT: - case TYPE_COUNTER: - sprintf(result, "%d", (int) val->val.uint_val); return result; - - case TYPE_PORT: - sprintf(result, "%d", (int) val->val.port_val.port); return result; - - case TYPE_SUBNET: - sprintf(result, "\"%s\"", Render(val->val.subnet_val).c_str()); return result; - - case TYPE_ADDR: - sprintf(result, "\"%s\"", Render(val->val.addr_val).c_str()); return result; - - case TYPE_INTERVAL: - case TYPE_TIME: - sprintf(result, "%"PRIu64"", (uint64) (val->val.double_val * 1000)); return result; - case TYPE_DOUBLE: - sprintf(result, "%s", Render(val->val.double_val).c_str()); return result; - - case TYPE_ENUM: - case TYPE_STRING: - case TYPE_FILE: - case TYPE_FUNC: - { - int size = val->val.string_val->size(); - const char* data = val->val.string_val->data(); - - if ( ! size ) - return 0; - sprintf(result, "\"%s\"", data); return result; - } - - case TYPE_TABLE: - { - char* tmp = new char[MAX_EVENT_SIZE]; - int tmp_offset = 0; - strcpy(tmp, "{"); - tmp_offset = 1; - bool result_seen = false; - for ( int j = 0; j < val->val.set_val.size; j++ ) +bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) { - char* sub_field = FieldToString(val->val.set_val.vals[j], field); - if ( sub_field ){ - - if ( result_seen ){ - strcpy(tmp + tmp_offset, ","); - tmp_offset += 1; - } - else - result_seen = true; - - sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field); - tmp_offset = strlen(tmp); - } + switch ( val->type ) + { + // ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int. + case TYPE_BOOL: + case TYPE_INT: + buffer.Add(val->val.int_val); + break; + + case TYPE_COUNT: + case TYPE_COUNTER: + buffer.Add(val->val.uint_val); + break; + + case TYPE_PORT: + buffer.Add(val->val.port_val.port); + break; + + case TYPE_SUBNET: + buffer.AddRaw("\"", 1); + buffer.Add(Render(val->val.subnet_val)); + buffer.AddRaw("\"", 1); + break; + + case TYPE_ADDR: + buffer.AddRaw("\"", 1); + buffer.Add(Render(val->val.addr_val)); + buffer.AddRaw("\"", 1); + break; + + case TYPE_DOUBLE: + buffer.Add(val->val.double_val); + break; + + case TYPE_INTERVAL: + case TYPE_TIME: + // ElasticSearch uses milliseconds for timestamps + buffer.Add((uint64_t) (val->val.double_val * 1000)); + break; + + case TYPE_ENUM: + case TYPE_STRING: + case TYPE_FILE: + case TYPE_FUNC: + { + buffer.AddRaw("\"", 1); + for ( uint i = 0; i < val->val.string_val->size(); ++i ) + { + char c = val->val.string_val->data()[i]; + // HTML entity encode special characters. + if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' ) + { + buffer.AddRaw("&#", 2); + buffer.Add((uint8_t) c); + buffer.AddRaw(";", 1); + } + else + buffer.AddRaw(&c, 1); + } + buffer.AddRaw("\"", 1); + break; + } + + case TYPE_TABLE: + { + buffer.AddRaw("[", 1); + for ( int j = 0; j < val->val.set_val.size; j++ ) + { + if ( j > 0 ) + buffer.AddRaw(",", 1); + AddFieldValueToBuffer(val->val.set_val.vals[j], field); + } + buffer.AddRaw("]", 1); + break; + } + + case TYPE_VECTOR: + { + buffer.AddRaw("[", 1); + for ( int j = 0; j < val->val.vector_val.size; j++ ) + { + if ( j > 0 ) + buffer.AddRaw(",", 1); + AddFieldValueToBuffer(val->val.vector_val.vals[j], field); + } + buffer.AddRaw("]", 1); + break; + } + + default: + return false; + } + return true; } - strcpy(tmp + tmp_offset, "}"); - tmp_offset += 1; - sprintf(result, "%s", tmp); - return result; - } - - case TYPE_VECTOR: - { - char* tmp = new char[MAX_EVENT_SIZE]; - int tmp_offset = 0; - strcpy(tmp, "{"); - tmp_offset = 1; - bool result_seen = false; - for ( int j = 0; j < val->val.vector_val.size; j++ ) + +bool ElasticSearch::AddFieldToBuffer(Value* val, const Field* field) { - char* sub_field = FieldToString(val->val.vector_val.vals[j], field); - if ( sub_field ){ - - if ( result_seen ){ - strcpy(tmp + tmp_offset, ","); - tmp_offset += 1; - } - else - result_seen = true; - - sprintf(tmp + tmp_offset, "\"%s\":%s", field->name.c_str(), sub_field); - tmp_offset = strlen(tmp); - } - } - strcpy(tmp + tmp_offset, "}"); - tmp_offset += 1; - sprintf(result, "%s", tmp); - return result; - } - - default: - { - return (char *)"{}"; - } - - } - -} - -char* ElasticSearch::AddFieldToBuffer(Value* val, const Field* field) - { - if ( ! val->present ) - return 0; + if ( ! val->present ) + return false; - char* result = new char[MAX_EVENT_SIZE]; - sprintf(result, "\"%s\":%s", field->name.c_str(), FieldToString(val, field)); - return result; - + buffer.AddRaw("\"", 1); + buffer.Add(field->name); + buffer.AddRaw("\":", 2); + AddFieldValueToBuffer(val, field); + return true; } bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, Value** vals) { - // Our action line looks like: - // {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n{ - - bool resultSeen = false; - - for ( int i = 0; i < num_fields; i++ ) + // Our action line looks like: + // {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n + if ( counter == 0 ) { - char* result = AddFieldToBuffer(vals[i], fields[i]); - if ( result ) { - if ( ! resultSeen ) { - current_offset += sprintf(buffer + current_offset, "{\"index\":{\"_index\":\"%s\",\"_type\":\"%s%s\"}\n{", index_name, type_prefix, Path().c_str()); - resultSeen = true; - } - else { - strcat(buffer, ","); - current_offset += 1; - } - strcat(buffer, result); - current_offset += strlen(result); + buffer.AddRaw("{\"index\":{\"_index\":\"", 20); + buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(), + BifConst::LogElasticSearch::index_name->Len()); + buffer.AddRaw("\",\"_type\":\"", 11); + buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(), + BifConst::LogElasticSearch::type_prefix->Len()); + buffer.Add(Path()); + buffer.AddRaw("\"}\n", 3); + } + + for ( int i = 0; i < num_fields; i++ ) + { + if ( i == 0 ) + buffer.AddRaw("{", 1); + else if ( buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present ) + buffer.AddRaw(",", 1); + AddFieldToBuffer(vals[i], fields[i]); + } + + buffer.AddRaw("}\n", 2); + + counter++; + if ( counter >= BifConst::LogElasticSearch::batch_size ) + { + HTTPSend(); + buffer.Clear(); + counter = 0; } - } - - if ( resultSeen ) { - strcat(buffer, "}\n"); - current_offset += 2; - counter += 1; - if ( counter >= batch_size ){ - BatchIndex(); - current_offset = 0; - buffer[current_offset] = 0; - counter = 0; - } - } return true; } bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating) { - //TODO: Determine what, if anything, needs to be done here. + //TODO: Determine what, if anything, needs to be done here. return true; } @@ -264,52 +220,54 @@ bool ElasticSearch::DoSetBuf(bool enabled) // HTTP Functions start here. CURL* ElasticSearch::HTTPSetup() -{ - char URL[2048]; - CURL* handle; - struct curl_slist *headers=NULL; - - handle = curl_easy_init(); - if ( ! handle ) - return handle; - - sprintf(URL, "http://%s:%d/_bulk", server_host, (int) server_port); - curl_easy_setopt(handle, CURLOPT_URL, URL); + { + const char *URL = fmt("http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(), + (int) BifConst::LogElasticSearch::server_port);; + CURL* handle; + struct curl_slist *headers=NULL; + + handle = curl_easy_init(); + if ( ! handle ) + return handle; + + //sprintf(URL, "http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(), (int) BifConst::LogElasticSearch::server_port); + curl_easy_setopt(handle, CURLOPT_URL, URL); + + headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8"); + curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); + + curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result. + curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs + + // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to + // just use HTTP 1.0 + curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); + return handle; + } - headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8"); - curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); - - curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result. - curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs - - // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to - // just use HTTP 1.0 - curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); - return handle; - -} - -bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata){ - //TODO: Do some verification on the result? - return true; -} +bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata) + { + //TODO: Do some verification on the result? + return true; + } bool ElasticSearch::HTTPSend(){ - CURLcode return_code; - - curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result); - curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer); - curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, current_offset); - - return_code = curl_easy_perform(curl_handle); - switch(return_code) { - case CURLE_COULDNT_CONNECT: - case CURLE_COULDNT_RESOLVE_HOST: - case CURLE_WRITE_ERROR: - return false; - default: - return true; - } + CURLcode return_code; + + curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result); + curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes()); + curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len()); + + return_code = curl_easy_perform(curl_handle); + switch(return_code) { + case CURLE_COULDNT_CONNECT: + case CURLE_COULDNT_RESOLVE_HOST: + case CURLE_WRITE_ERROR: + return false; + + default: + return true; + } } #endif diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h index ad3729f6da..21e9bdfe08 100644 --- a/src/logging/writers/ElasticSearch.h +++ b/src/logging/writers/ElasticSearch.h @@ -34,17 +34,15 @@ protected: virtual bool DoFinish(); private: - char* AddFieldToBuffer(threading::Value* val, const threading::Field* field); - char* FieldToString(threading::Value* val, const threading::Field* field); - bool BatchIndex(); + bool AddFieldToBuffer(threading::Value* val, const threading::Field* field); + bool AddFieldValueToBuffer(threading::Value* val, const threading::Field* field); CURL* HTTPSetup(); bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata); bool HTTPSend(); // Buffers, etc. - char* buffer; - int current_offset; + ODesc buffer; uint64 counter; CURL* curl_handle; @@ -54,19 +52,7 @@ private: char* cluster_name; int cluster_name_len; - char* server_host; - int server_host_len; - - uint64 server_port; - - char* index_name; - int index_name_len; - - char* type_prefix; - int type_prefix_len; - uint64 batch_size; - }; } From a4df914ab7cab585abb1b456a048a5ae5e0f5e65 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 15 Jun 2012 20:53:09 -0400 Subject: [PATCH 017/120] Reduce the batch size to 1000 and add a maximum time interval for batches. --- .../logging/writers/elasticsearch.bro | 7 ++- src/logging.bif | 1 + src/logging/writers/ElasticSearch.cc | 53 +++++++++++++------ src/logging/writers/ElasticSearch.h | 9 ++-- 4 files changed, 50 insertions(+), 20 deletions(-) diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro index 7f968d0042..e2d14a68e3 100644 --- a/scripts/base/frameworks/logging/writers/elasticsearch.bro +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -20,6 +20,11 @@ export { ## The batch size is the number of messages that will be queued up before ## they are sent to be bulk indexed. ## Note: this is mainly a memory usage parameter. - const batch_size = 10000 &redef; + const batch_size = 1000 &redef; + + ## The maximum amount of wall-clock time that is allowed to pass without + ## finishing a bulk log send. This represents the maximum delay you + ## would like to have with your logs before they show up in ElasticSearch. + const max_batch_interval = 1min &redef; } diff --git a/src/logging.bif b/src/logging.bif index 308ea78b7a..5434ac3705 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -92,3 +92,4 @@ const server_port: count; const index_name: string; const type_prefix: string; const batch_size: count; +const max_batch_interval: interval; diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index d8c4bee306..ed1c046143 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -32,6 +32,7 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) buffer.Clear(); counter = 0; + last_send = current_time(); curl_handle = HTTPSetup(); curl_result = new char[1024]; @@ -58,12 +59,21 @@ bool ElasticSearch::DoFinish() { return WriterBackend::DoFinish(); } + +bool ElasticSearch::BatchIndex() + { + HTTPSend(); + buffer.Clear(); + counter = 0; + last_send = current_time(); + return true; + } bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) { switch ( val->type ) { - // ElasticSearch defines bools as: 0 == false, everything else == true. So we treat it as an int. + // ES treats 0 as false and any other value as true so bool types go here. case TYPE_BOOL: case TYPE_INT: buffer.Add(val->val.int_val); @@ -197,11 +207,8 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, counter++; if ( counter >= BifConst::LogElasticSearch::batch_size ) - { - HTTPSend(); - buffer.Clear(); - counter = 0; - } + BatchIndex(); + return true; } @@ -217,6 +224,18 @@ bool ElasticSearch::DoSetBuf(bool enabled) return true; } +bool ElasticSearch::DoHeartbeat(double network_time, double current_time) + { + if ( last_send > 0 && + current_time-last_send > BifConst::LogElasticSearch::max_batch_interval ) + { + BatchIndex(); + } + + return true; + } + + // HTTP Functions start here. CURL* ElasticSearch::HTTPSetup() @@ -251,7 +270,8 @@ bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata) return true; } -bool ElasticSearch::HTTPSend(){ +bool ElasticSearch::HTTPSend() + { CURLcode return_code; curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result); @@ -259,15 +279,16 @@ bool ElasticSearch::HTTPSend(){ curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len()); return_code = curl_easy_perform(curl_handle); - switch(return_code) { - case CURLE_COULDNT_CONNECT: - case CURLE_COULDNT_RESOLVE_HOST: - case CURLE_WRITE_ERROR: - return false; - - default: - return true; + switch ( return_code ) + { + case CURLE_COULDNT_CONNECT: + case CURLE_COULDNT_RESOLVE_HOST: + case CURLE_WRITE_ERROR: + return false; + + default: + return true; + } } -} #endif diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h index 21e9bdfe08..a366dd7020 100644 --- a/src/logging/writers/ElasticSearch.h +++ b/src/logging/writers/ElasticSearch.h @@ -32,10 +32,12 @@ protected: double close, bool terminating); virtual bool DoFlush(); virtual bool DoFinish(); + virtual bool DoHeartbeat(double network_time, double current_time); private: bool AddFieldToBuffer(threading::Value* val, const threading::Field* field); bool AddFieldValueToBuffer(threading::Value* val, const threading::Field* field); + bool BatchIndex(); CURL* HTTPSetup(); bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata); @@ -44,14 +46,15 @@ private: // Buffers, etc. ODesc buffer; uint64 counter; - + double last_send; + CURL* curl_handle; char* curl_result; - + // From scripts char* cluster_name; int cluster_name_len; - + uint64 batch_size; }; From ca5eb5382ab9d67ce340e64b1692ef681c3167da Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 15 Jun 2012 21:06:06 -0400 Subject: [PATCH 018/120] Flush logs to ES daemon as Bro is shutting down. --- src/logging/writers/ElasticSearch.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index ed1c046143..5e1efa504e 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -51,12 +51,12 @@ bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fie bool ElasticSearch::DoFlush() { - //TODO: Send flush command to ElasticSearch return true; } bool ElasticSearch::DoFinish() { + BatchIndex(); return WriterBackend::DoFinish(); } @@ -120,7 +120,7 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) { char c = val->val.string_val->data()[i]; // HTML entity encode special characters. - if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' ) + if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' || c == '&' ) { buffer.AddRaw("&#", 2); buffer.Add((uint8_t) c); From 8334dceadb748a93effda4828db2439554fb532f Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 15 Jun 2012 22:19:51 -0400 Subject: [PATCH 019/120] Changed the escaping method. --- src/logging/writers/ElasticSearch.cc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 5e1efa504e..a2019df9fe 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -122,9 +122,13 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) // HTML entity encode special characters. if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' || c == '&' ) { - buffer.AddRaw("&#", 2); - buffer.Add((uint8_t) c); - buffer.AddRaw(";", 1); + static const char hex_chars[] = "0123456789abcdef"; + buffer.AddRaw("\\u00", 4); + buffer.AddRaw(&hex_chars[(c & 0xf0) >> 4], 1); + buffer.AddRaw(&hex_chars[c & 0x0f], 1); + //buffer.AddRaw("&#//", 2); + //buffer.Add((uint8_t) c); + //buffer.AddRaw(";", 1); } else buffer.AddRaw(&c, 1); From b1561437e9d3bd8dfcf3fded3ff7ceca274d70e4 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sat, 16 Jun 2012 00:35:40 -0400 Subject: [PATCH 020/120] Forgot to call the parent method for DoHeartBeat. --- src/logging/writers/ElasticSearch.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index a2019df9fe..46282404a6 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -236,7 +236,7 @@ bool ElasticSearch::DoHeartbeat(double network_time, double current_time) BatchIndex(); } - return true; + return WriterBackend::DoHeartbeat(network_time, current_time); } From cd8169dda3150918a29eca21ca1fd7e7dcfc6ed2 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sat, 16 Jun 2012 22:22:40 -0400 Subject: [PATCH 021/120] Bug fix and feature. - Fixed bug with how data is sent to elasticsearch. - Added a feature to only allow data of a certain size to be buffered before sending to the elasticsearch server. Configured with the LogElasticSearch::max_byte_size variable. --- .../logging/writers/elasticsearch.bro | 6 +++- src/logging.bif | 3 +- src/logging/writers/ElasticSearch.cc | 29 +++++++++---------- 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro index e2d14a68e3..b262201c85 100644 --- a/scripts/base/frameworks/logging/writers/elasticsearch.bro +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -20,11 +20,15 @@ export { ## The batch size is the number of messages that will be queued up before ## they are sent to be bulk indexed. ## Note: this is mainly a memory usage parameter. - const batch_size = 1000 &redef; + const max_batch_size = 1000 &redef; ## The maximum amount of wall-clock time that is allowed to pass without ## finishing a bulk log send. This represents the maximum delay you ## would like to have with your logs before they show up in ElasticSearch. const max_batch_interval = 1min &redef; + + ## The maximum byte size for a buffered JSON string to send to the bulk + ## insert API. + const max_byte_size = 1024 * 1024 &redef; } diff --git a/src/logging.bif b/src/logging.bif index 5434ac3705..cbae66efdb 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -91,5 +91,6 @@ const server_host: string; const server_port: count; const index_name: string; const type_prefix: string; -const batch_size: count; +const max_batch_size: count; const max_batch_interval: interval; +const max_byte_size: count; diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 46282404a6..fd028e9b68 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -186,31 +186,27 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, { // Our action line looks like: // {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n - if ( counter == 0 ) - { - buffer.AddRaw("{\"index\":{\"_index\":\"", 20); - buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(), - BifConst::LogElasticSearch::index_name->Len()); - buffer.AddRaw("\",\"_type\":\"", 11); - buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(), - BifConst::LogElasticSearch::type_prefix->Len()); - buffer.Add(Path()); - buffer.AddRaw("\"}\n", 3); - } + buffer.AddRaw("{\"index\":{\"_index\":\"", 20); + buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(), + BifConst::LogElasticSearch::index_name->Len()); + buffer.AddRaw("\",\"_type\":\"", 11); + buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(), + BifConst::LogElasticSearch::type_prefix->Len()); + buffer.Add(Path()); + buffer.AddRaw("\"}\n", 3); + buffer.AddRaw("{", 1); for ( int i = 0; i < num_fields; i++ ) { - if ( i == 0 ) - buffer.AddRaw("{", 1); - else if ( buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present ) + if ( i > 0 && buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present ) buffer.AddRaw(",", 1); AddFieldToBuffer(vals[i], fields[i]); } - buffer.AddRaw("}\n", 2); counter++; - if ( counter >= BifConst::LogElasticSearch::batch_size ) + if ( counter >= BifConst::LogElasticSearch::max_batch_size || + uint(buffer.Len()) >= BifConst::LogElasticSearch::max_byte_size ) BatchIndex(); return true; @@ -219,6 +215,7 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating) { //TODO: Determine what, if anything, needs to be done here. + return true; } From 57980c86e62dc4dbbd95efe8cc761f84ac1c2d85 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sun, 17 Jun 2012 21:41:29 -0400 Subject: [PATCH 022/120] Bug fixes. - The curl handle is now cleaned up correctly. - Interval values are now treated as doubles. Treating them as uint64_t was wrong because intervals can be negative. There is also no obvious benefit in elasticsearch to converting the value to milliseconds. --- src/logging/writers/ElasticSearch.cc | 7 +++---- src/logging/writers/ElasticSearch.h | 1 - 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index fd028e9b68..402a2f21ad 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -35,8 +35,7 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) last_send = current_time(); curl_handle = HTTPSetup(); - curl_result = new char[1024]; - } +} ElasticSearch::~ElasticSearch() { @@ -57,6 +56,7 @@ bool ElasticSearch::DoFlush() bool ElasticSearch::DoFinish() { BatchIndex(); + curl_easy_cleanup(curl_handle); return WriterBackend::DoFinish(); } @@ -101,10 +101,10 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) break; case TYPE_DOUBLE: + case TYPE_INTERVAL: buffer.Add(val->val.double_val); break; - case TYPE_INTERVAL: case TYPE_TIME: // ElasticSearch uses milliseconds for timestamps buffer.Add((uint64_t) (val->val.double_val * 1000)); @@ -275,7 +275,6 @@ bool ElasticSearch::HTTPSend() { CURLcode return_code; - curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, curl_result); curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes()); curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len()); diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h index a366dd7020..bd1351214b 100644 --- a/src/logging/writers/ElasticSearch.h +++ b/src/logging/writers/ElasticSearch.h @@ -49,7 +49,6 @@ private: double last_send; CURL* curl_handle; - char* curl_result; // From scripts char* cluster_name; From cb7eac212e33ec60e21886a793e73b346aba0ba1 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sun, 17 Jun 2012 22:55:11 -0400 Subject: [PATCH 023/120] Small updates and a little standardization for config.h.in naming. --- CMakeLists.txt | 11 ++++++----- config.h.in | 7 +++++-- configure | 1 - doc/logging-elasticsearch.rst | 9 ++++----- src/logging/Manager.cc | 4 ++-- src/logging/writers/ElasticSearch.cc | 6 +++--- src/main.cc | 12 ++++++++++++ 7 files changed, 32 insertions(+), 18 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4b1cccf8dc..14cf66ac19 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -122,13 +122,13 @@ if (LINTEL_FOUND AND DATASERIES_FOUND AND LIBXML2_FOUND) list(APPEND OPTLIBS ${LibXML2_LIBRARIES}) endif() -set(USE_LIBCURL false) +set(USE_CURL false) find_package(CURL) if (CURL_FOUND) - set(USE_LIBCURL true) + set(USE_CURL true) include_directories(BEFORE ${CURL_INCLUDE_DIR}) list(APPEND OPTLIBS ${CURL_LIBRARIES}) - set(INSTALL_ELASTICSEARCH true) + set(USE_ELASTICSEARCH true) endif() if (ENABLE_PERFTOOLS_DEBUG) @@ -218,13 +218,14 @@ message( "\nBroccoli: ${INSTALL_BROCCOLI}" "\nBroctl: ${INSTALL_BROCTL}" "\nAux. Tools: ${INSTALL_AUX_TOOLS}" - "\nElasticSearch: ${INSTALL_ELASTICSEARCH}" "\n" "\nGeoIP: ${USE_GEOIP}" "\nGoogle perftools: ${USE_PERFTOOLS}" "\n debugging: ${USE_PERFTOOLS_DEBUG}" + "\ncURL: ${USE_CURL}" + "\n" "\nDataSeries: ${USE_DATASERIES}" - "\nlibCURL: ${USE_LIBCURL}" + "\nElasticSearch: ${USE_ELASTICSEARCH}" "\n" "\n================================================================\n" ) diff --git a/config.h.in b/config.h.in index 66121cefbf..aa286736fd 100644 --- a/config.h.in +++ b/config.h.in @@ -114,11 +114,14 @@ /* Analyze Mobile IPv6 traffic */ #cmakedefine ENABLE_MOBILE_IPV6 +/* Use libCurl. */ +#cmakedefine USE_CURL + /* Use the DataSeries writer. */ #cmakedefine USE_DATASERIES -/* Build the ElasticSearch writer. */ -#cmakedefine INSTALL_ELASTICSEARCH +/* Use the ElasticSearch writer. */ +#cmakedefine USE_ELASTICSEARCH /* Version number of package */ #define VERSION "@VERSION@" diff --git a/configure b/configure index 801fb1e801..3258d4abfc 100755 --- a/configure +++ b/configure @@ -98,7 +98,6 @@ append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $prefix/share/bro append_cache_entry BRO_ETC_INSTALL_DIR PATH $prefix/etc append_cache_entry ENABLE_DEBUG BOOL false append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false -append_cache_entry INSTALL_ELASTICSEARCH BOOL false append_cache_entry BinPAC_SKIP_INSTALL BOOL true append_cache_entry BUILD_SHARED_LIBS BOOL true append_cache_entry INSTALL_AUX_TOOLS BOOL true diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index 4fce470d4a..26b49f3a0b 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -26,16 +26,15 @@ ElasticSearch with:: Compiling Bro with ElasticSearch Support ---------------------------------------- -First, ensure that you have libcurl installed. Secondly, set the -``--enable-elasticsearch`` option:: +First, ensure that you have libcurl installed the run configure.:: - # ./configure --enable-elasticsearch + # ./configure [...] ====================| Bro Build Summary |===================== [...] - ElasticSearch: true + cURL: true [...] - libCURL: true + ElasticSearch: true [...] ================================================================ diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 5c1203fd91..5562b3b867 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -17,7 +17,7 @@ #include "writers/Ascii.h" #include "writers/None.h" -#ifdef INSTALL_ELASTICSEARCH +#ifdef USE_ELASTICSEARCH #include "writers/ElasticSearch.h" #endif @@ -40,7 +40,7 @@ WriterDefinition log_writers[] = { { BifEnum::Log::WRITER_NONE, "None", 0, writer::None::Instantiate }, { BifEnum::Log::WRITER_ASCII, "Ascii", 0, writer::Ascii::Instantiate }, -#ifdef INSTALL_ELASTICSEARCH +#ifdef USE_ELASTICSEARCH { BifEnum::Log::WRITER_ELASTICSEARCH, "ElasticSearch", 0, writer::ElasticSearch::Instantiate }, #endif diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 402a2f21ad..494c48f286 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -2,7 +2,7 @@ #include "config.h" -#ifdef INSTALL_ELASTICSEARCH +#ifdef USE_ELASTICSEARCH #include #include @@ -261,7 +261,7 @@ CURL* ElasticSearch::HTTPSetup() // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to // just use HTTP 1.0 - curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); + //curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); return handle; } @@ -275,8 +275,8 @@ bool ElasticSearch::HTTPSend() { CURLcode return_code; + curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, buffer.Len()); curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes()); - curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE, buffer.Len()); return_code = curl_easy_perform(curl_handle); switch ( return_code ) diff --git a/src/main.cc b/src/main.cc index b1d0a4d723..04aa83b832 100644 --- a/src/main.cc +++ b/src/main.cc @@ -12,6 +12,10 @@ #include #endif +#ifdef USE_CURL +#include +#endif + #ifdef USE_IDMEF extern "C" { #include @@ -716,6 +720,10 @@ int main(int argc, char** argv) SSL_library_init(); SSL_load_error_strings(); +#ifdef USE_CURL + curl_global_init(CURL_GLOBAL_ALL); +#endif + // FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't // seed the PRNG. We should do this here (but at least Linux, FreeBSD // and Solaris provide /dev/urandom). @@ -1066,6 +1074,10 @@ int main(int argc, char** argv) done_with_network(); net_delete(); +#ifdef USE_CURL + curl_global_cleanup(); +#endif + terminate_bro(); // Close files after net_delete(), because net_delete() From 52ceee8c869ac04d0bbf74ec8296ef983e182742 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 18 Jun 2012 01:31:52 -0400 Subject: [PATCH 024/120] Fixed a bug with messed up time value passing to elasticsearch. --- src/logging/writers/ElasticSearch.cc | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 494c48f286..75a4e0514f 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -106,9 +106,19 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) break; case TYPE_TIME: - // ElasticSearch uses milliseconds for timestamps - buffer.Add((uint64_t) (val->val.double_val * 1000)); + { + // ElasticSearch uses milliseconds for timestamps and json only + // supports signed ints (uints can be too large). + uint64_t ts = (uint64_t) (val->val.double_val * 1000); + if ( ts >= INT64_MAX ) + { + Error(Fmt("time value too large: %" PRIu64, ts)); + buffer.AddRaw("null", 4); + } + else + buffer.Add(ts); break; + } case TYPE_ENUM: case TYPE_STRING: @@ -261,7 +271,7 @@ CURL* ElasticSearch::HTTPSetup() // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to // just use HTTP 1.0 - //curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); + curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); return handle; } From 95f4390cb632f2c445ed45a6670b6ad8266e49c5 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 18 Jun 2012 02:03:43 -0400 Subject: [PATCH 025/120] Adding an extra header. --- src/logging/writers/ElasticSearch.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 75a4e0514f..c137505811 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -6,6 +6,7 @@ #include #include +#include #include "util.h" #include "BroString.h" From 7fc96a8c0f012d22f6cba7a38869108c7f9fef4d Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 18 Jun 2012 15:49:00 -0400 Subject: [PATCH 026/120] Adding a define to make the stdint C macros available. --- src/logging/writers/ElasticSearch.cc | 1 - src/util.h | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index c137505811..75a4e0514f 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -6,7 +6,6 @@ #include #include -#include #include "util.h" #include "BroString.h" diff --git a/src/util.h b/src/util.h index 6b237edfd8..559a155626 100644 --- a/src/util.h +++ b/src/util.h @@ -13,6 +13,7 @@ // Expose C99 functionality from inttypes.h, which would otherwise not be // available in C++. #define __STDC_FORMAT_MACROS +#define __STDC_LIMIT_MACROS #include #if __STDC__ From c7338a07311102940a0ddfaf3103ae93b9b26828 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 25 Jun 2012 14:54:15 -0700 Subject: [PATCH 027/120] for bug-searching: set frontend type before starting the thread. This means that the thread type will be output correctly in the error message. return errno string of pthread functions called in thread start --- src/input/Manager.cc | 2 +- src/logging/Manager.cc | 2 +- src/threading/BasicThread.cc | 19 ++++++++++++------- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 63fa59d0bc..9d2333ac9c 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -255,10 +255,10 @@ ReaderBackend* Manager::CreateBackend(ReaderFrontend* frontend, bro_int_t type) assert(ir->factory); + frontend->ty_name = ir->name; ReaderBackend* backend = (*ir->factory)(frontend); assert(backend); - frontend->ty_name = ir->name; return backend; } diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index f0b5cc1748..e916922edc 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -191,10 +191,10 @@ WriterBackend* Manager::CreateBackend(WriterFrontend* frontend, bro_int_t type) assert(ld->factory); + frontend->ty_name = ld->name; WriterBackend* backend = (*ld->factory)(frontend); assert(backend); - frontend->ty_name = ld->name; return backend; } diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index e590b13434..96d0d5efd2 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -80,18 +80,23 @@ const char* BasicThread::Fmt(const char* format, ...) void BasicThread::Start() { + int err; + if ( started ) return; - if ( pthread_mutex_init(&terminate, 0) != 0 ) - reporter->FatalError("Cannot create terminate mutex for thread %s", name.c_str()); + err = pthread_mutex_init(&terminate, 0); + if ( err != 0 ) + reporter->FatalError("Cannot create terminate mutex for thread %s:%s", name.c_str(), strerror(err)); // We use this like a binary semaphore and acquire it immediately. - if ( pthread_mutex_lock(&terminate) != 0 ) - reporter->FatalError("Cannot aquire terminate mutex for thread %s", name.c_str()); - - if ( pthread_create(&pthread, 0, BasicThread::launcher, this) != 0 ) - reporter->FatalError("Cannot create thread %s", name.c_str()); + err = pthread_mutex_lock(&terminate); + if ( err != 0 ) + reporter->FatalError("Cannot aquire terminate mutex for thread %s:%s", name.c_str(), strerror(err)); + + err = pthread_create(&pthread, 0, BasicThread::launcher, this); + if ( err != 0 ) + reporter->FatalError("Cannot create thread %s:%s", name.c_str(), strerror(err)); DBG_LOG(DBG_THREADING, "Started thread %s", name.c_str()); From 5ab2545ff3da7b210e368b81fff87c12614d6ab8 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 26 Jun 2012 11:03:15 -0500 Subject: [PATCH 028/120] Fix typos in NEWS for Bro 2.1 beta --- NEWS | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index ec00ae921a..4377049813 100644 --- a/NEWS +++ b/NEWS @@ -38,14 +38,14 @@ New Functionality - Bro now decapsulates tunnels via its new tunnel framework located in scripts/base/frameworks/tunnels. It currently supports Teredo, AYIYA, IP-in-IP (both IPv4 and IPv6), and SOCKS. For all these, it - logs the outher tunnel connections in both conn.log and tunnel.log, + logs the outer tunnel connections in both conn.log and tunnel.log, and then proceeds to analyze the inner payload as if it were not tunneled, including also logging that session in conn.log. For SOCKS, it generates a new socks.log in addition with more information. - Bro now features a flexible input framework that allows users to - integrate external information in real-time into Bro while it + integrate external information in real-time into Bro while it's processing network traffic. The most direct use-case at the moment is reading data from ASCII files into Bro tables, with updates picked up automatically when the file changes during runtime. See @@ -57,7 +57,7 @@ New Functionality - Bro's default ASCII log format is not exactly the most efficient way for storing and searching large volumes of data. An an alternative, - Bro nows comes with experimental support for DataSeries output, an + Bro now comes with experimental support for DataSeries output, an efficient binary format for recording structured bulk data. DataSeries is developed and maintained at HP Labs. See doc/logging-dataseries for more information. @@ -66,7 +66,7 @@ New Functionality Changed Functionality ~~~~~~~~~~~~~~~~~~~~~ -The following summarized the most important differences in existing +The following summarizes the most important differences in existing functionality. Note that this list is not complete, see CHANGES for the full set. @@ -100,7 +100,7 @@ the full set. a bunch of Bro threads. - We renamed the configure option --enable-perftools to - --enable-perftool-debug to indicate that the switch is only relevant + --enable-perftools-debug to indicate that the switch is only relevant for debugging the heap. - Bro's ICMP analyzer now handles both IPv4 and IPv6 messages with a @@ -110,8 +110,8 @@ the full set. - Log postprocessor scripts get an additional argument indicating the type of the log writer in use (e.g., "ascii"). -- BroControl's make-archive-name scripts also receives the writer - type, but as it's 2nd(!) argument. If you're using a custom version +- BroControl's make-archive-name script also receives the writer + type, but as its 2nd(!) argument. If you're using a custom version of that script, you need to adapt it. See the shipped version for details. From 94f0bf215783b7b529a7960da6bb463e4fe8c0cf Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 26 Jun 2012 14:55:36 -0500 Subject: [PATCH 029/120] Fix typos in event documentation Fix typos previously committed (but apparently overwritten later), and fix typos for new events. --- src/event.bif | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/src/event.bif b/src/event.bif index a924bf4888..705c66aa6b 100644 --- a/src/event.bif +++ b/src/event.bif @@ -157,7 +157,7 @@ event new_connection%(c: connection%); ## e: The new encapsulation. event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); -## Generated when reassembly starts for a TCP connection. The event is raised +## Generated when reassembly starts for a TCP connection. This event is raised ## at the moment when Bro's TCP analyzer enables stream reassembly for a ## connection. ## @@ -522,7 +522,7 @@ event esp_packet%(p: pkt_hdr%); ## .. bro:see:: new_packet tcp_packet ipv6_ext_headers event mobile_ipv6_message%(p: pkt_hdr%); -## Genereated for any IPv6 packet encapsulated in a Teredo tunnel. +## Generated for any IPv6 packet encapsulated in a Teredo tunnel. ## See :rfc:`4380` for more information about the Teredo protocol. ## ## outer: The Teredo tunnel connection. @@ -532,10 +532,10 @@ event mobile_ipv6_message%(p: pkt_hdr%); ## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_packet%(outer: connection, inner: teredo_hdr%); -## Genereated for IPv6 packets encapsulated in a Teredo tunnel that +## Generated for IPv6 packets encapsulated in a Teredo tunnel that ## use the Teredo authentication encapsulation method. ## See :rfc:`4380` for more information about the Teredo protocol. ## @@ -546,10 +546,10 @@ event teredo_packet%(outer: connection, inner: teredo_hdr%); ## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_authentication%(outer: connection, inner: teredo_hdr%); -## Genereated for IPv6 packets encapsulated in a Teredo tunnel that +## Generated for IPv6 packets encapsulated in a Teredo tunnel that ## use the Teredo origin indication encapsulation method. ## See :rfc:`4380` for more information about the Teredo protocol. ## @@ -560,10 +560,10 @@ event teredo_authentication%(outer: connection, inner: teredo_hdr%); ## .. bro:see:: teredo_packet teredo_authentication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_origin_indication%(outer: connection, inner: teredo_hdr%); -## Genereated for Teredo bubble packets. That is, IPv6 packets encapsulated +## Generated for Teredo bubble packets. That is, IPv6 packets encapsulated ## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`. ## See :rfc:`4380` for more information about the Teredo protocol. ## @@ -574,15 +574,15 @@ event teredo_origin_indication%(outer: connection, inner: teredo_hdr%); ## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_bubble%(outer: connection, inner: teredo_hdr%); -## Generated for every packet that has non-empty transport-layer payload. This is a -## very low-level and expensive event that should be avoided when at all possible. -## It's usually infeasible to handle when processing even medium volumes of -## traffic in real-time. It's even worse than :bro:id:`new_packet`. That said, if -## you work from a trace and want to do some packet-level analysis, it may come in -## handy. +## Generated for every packet that has a non-empty transport-layer payload. +## This is a very low-level and expensive event that should be avoided when +## at all possible. It's usually infeasible to handle when processing even +## medium volumes of traffic in real-time. It's even worse than +## :bro:id:`new_packet`. That said, if you work from a trace and want to +## do some packet-level analysis, it may come in handy. ## ## c: The connection the packet is part of. ## @@ -6216,13 +6216,12 @@ event signature_match%(state: signature_state, msg: string, data: string%); ## ## request_type: The type of the request. ## -## dstaddr: Address that the tunneled traffic should be sent to. -## -## dstname: DNS name of the host that the tunneled traffic should be sent to. +## sa: Address that the tunneled traffic should be sent to. ## ## p: The destination port for the proxied traffic. ## -## user: Username given for the SOCKS connection. This is not yet implemented for SOCKSv5. +## user: Username given for the SOCKS connection. This is not yet implemented +## for SOCKSv5. event socks_request%(c: connection, version: count, request_type: count, sa: SOCKS::Address, p: port, user: string%); ## Generated when a SOCKS reply is analyzed. @@ -6233,9 +6232,7 @@ event socks_request%(c: connection, version: count, request_type: count, sa: SOC ## ## reply: The status reply from the server. ## -## dstaddr: The address that the server sent the traffic to. -## -## dstname: The name the server sent the traffic to. Only applicable for SOCKSv5. +## sa: The address that the server sent the traffic to. ## ## p: The destination port for the proxied traffic. event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%); From 9ae9b2aa4dca3c7fe1c4cb310dac8563caa36700 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 26 Jun 2012 16:59:56 -0500 Subject: [PATCH 030/120] Extract ICMPv6 NDP options and include in ICMP events (addresses #833). This adds a new parameter of type "icmp6_nd_options" to the ICMPv6 neighbor discovery events (icmp_redirect, icmp_router_solicitation, icmp_router_advertisement, icmp_neighbor_solicitation, icmp_neighbor_advertisement) which includes data extracted from all neighbor discovery options (RFC 4861) that are present in the ICMPv6 message. --- scripts/base/init-bare.bro | 55 +++++ src/ICMP.cc | 197 +++++++++++++++--- src/ICMP.h | 5 +- src/event.bif | 20 +- .../Baseline/core.icmp.icmp6-events/output | 5 + .../core.icmp.icmp6-nd-options/output | 28 +++ .../btest/Traces/icmp/icmp6-nd-options.pcap | Bin 0 -> 2144 bytes .../Traces/icmp/icmp6-redirect-hdr-opt.pcap | Bin 0 -> 198 bytes testing/btest/core/icmp/icmp6-events.test | 15 +- testing/btest/core/icmp/icmp6-nd-options.test | 35 ++++ 10 files changed, 321 insertions(+), 39 deletions(-) create mode 100644 testing/btest/Baseline/core.icmp.icmp6-nd-options/output create mode 100644 testing/btest/Traces/icmp/icmp6-nd-options.pcap create mode 100644 testing/btest/Traces/icmp/icmp6-redirect-hdr-opt.pcap create mode 100644 testing/btest/core/icmp/icmp6-nd-options.test diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 3a323ad7fe..ec75c76beb 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -115,6 +115,61 @@ type icmp_context: record { DF: bool; ##< True if the packets *don't fragment* flag is set. }; +## Values extracted from a Prefix Information option in an ICMPv6 neighbor +## discovery message as specified by :rfc:`4861`. +## +## .. bro:see:: icmp6_nd_option +type icmp6_nd_prefix_info: record { + ## Number of leading bits of the *prefix* that are valid. + prefix_len: count; + ## Flag indicating the prefix can be used for on-link determination. + L_flag: bool; + ## Autonomous address-configuration flag. + A_flag: bool; + ## Length of time in seconds that the prefix is valid for purpose of + ## on-link determination (0xffffffff represents infinity). + valid_lifetime: interval; + ## Length of time in seconds that the addresses generated from the prefix + ## via stateless address autoconfiguration remain preferred + ## (0xffffffff represents infinity). + preferred_lifetime: interval; + ## An IP address or prefix of an IP address. Use the *prefix_len* field + ## to convert this into a :bro:type:`subnet`. + prefix: addr; +}; + +## Options extracted from ICMPv6 neighbor discovery messages as specified +## by :rfc:`4861`. +## +## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## icmp_neighbor_advertisement icmp_neighbor_solicitation icmp_redirect +## icmp6_nd_options +type icmp6_nd_option: record { + ## 8-bit identifier of the type of option. + otype: count; + ## 8-bit integer representing the length of the option (including the type + ## and length fields) in units of 8 octets. + len: count; + ## Source Link-Layer Address (Type 1) or Target Link-Layer Address (Type 2). + ## Byte ordering of this is dependent on the actual link-layer. + link_address: string &optional; + ## Prefix Information (Type 3). + prefix: icmp6_nd_prefix_info &optional; + ## Redirected header (Type 4). This field contains the context of the + ## original, redirected packet. + redirect: icmp_context &optional; + ## Recommended MTU for the link (Type 5). + mtu: count &optional; + ## The raw data of the option (everything after type & length fields), + ## useful for unknown option types or when the full option payload is + ## truncated in the captured packet. In those cases, option fields + ## won't be pre-extracted into the fields above. + payload: string &optional; +}; + +## A type alias for a vector of ICMPv6 neighbor discovery message options. +type icmp6_nd_options: vector of icmp6_nd_option; + # A DNS mapping between IP address and hostname resolved by Bro's internal # resolver. # diff --git a/src/ICMP.cc b/src/ICMP.cc index b8ddb8a292..5531d6ee45 100644 --- a/src/ICMP.cc +++ b/src/ICMP.cc @@ -169,8 +169,10 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c NeighborSolicit(t, icmpp, len, caplen, data, ip_hdr); break; case ND_ROUTER_SOLICIT: + RouterSolicit(t, icmpp, len, caplen, data, ip_hdr); + break; case ICMP6_ROUTER_RENUMBERING: - Router(t, icmpp, len, caplen, data, ip_hdr); + ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); break; #if 0 @@ -515,10 +517,12 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_router_advertisement; - uint32 reachable, retrans; + uint32 reachable = 0, retrans = 0; - memcpy(&reachable, data, sizeof(reachable)); - memcpy(&retrans, data + sizeof(reachable), sizeof(retrans)); + if ( caplen >= (int)sizeof(reachable) ) + memcpy(&reachable, data, sizeof(reachable)); + if ( caplen >= (int)sizeof(reachable) + (int)sizeof(retrans) ) + memcpy(&retrans, data + sizeof(reachable), sizeof(retrans)); val_list* vl = new val_list; vl->append(BuildConnVal()); @@ -534,6 +538,9 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, vl->append(new IntervalVal((double)ntohl(reachable), Milliseconds)); vl->append(new IntervalVal((double)ntohl(retrans), Milliseconds)); + int opt_offset = sizeof(reachable) + sizeof(retrans); + vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); + ConnectionEvent(f, vl); } @@ -542,9 +549,10 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_advertisement; - in6_addr tgtaddr; + IPAddr tgtaddr; - memcpy(&tgtaddr.s6_addr, data, sizeof(tgtaddr.s6_addr)); + if ( caplen >= (int)sizeof(in6_addr) ) + tgtaddr = IPAddr(*((const in6_addr*)data)); val_list* vl = new val_list; vl->append(BuildConnVal()); @@ -552,7 +560,10 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, vl->append(new Val(icmpp->icmp_num_addrs & 0x80, TYPE_BOOL)); // Router vl->append(new Val(icmpp->icmp_num_addrs & 0x40, TYPE_BOOL)); // Solicited vl->append(new Val(icmpp->icmp_num_addrs & 0x20, TYPE_BOOL)); // Override - vl->append(new AddrVal(IPAddr(tgtaddr))); + vl->append(new AddrVal(tgtaddr)); + + int opt_offset = sizeof(in6_addr); + vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); ConnectionEvent(f, vl); } @@ -562,14 +573,18 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_solicitation; - in6_addr tgtaddr; + IPAddr tgtaddr; - memcpy(&tgtaddr.s6_addr, data, sizeof(tgtaddr.s6_addr)); + if ( caplen >= (int)sizeof(in6_addr) ) + tgtaddr = IPAddr(*((const in6_addr*)data)); val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(IPAddr(tgtaddr))); + vl->append(new AddrVal(tgtaddr)); + + int opt_offset = sizeof(in6_addr); + vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); ConnectionEvent(f, vl); } @@ -579,40 +594,35 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_redirect; - in6_addr tgtaddr, dstaddr; + IPAddr tgtaddr, dstaddr; - memcpy(&tgtaddr.s6_addr, data, sizeof(tgtaddr.s6_addr)); - memcpy(&dstaddr.s6_addr, data + sizeof(tgtaddr.s6_addr), sizeof(dstaddr.s6_addr)); + if ( caplen >= (int)sizeof(in6_addr) ) + tgtaddr = IPAddr(*((const in6_addr*)data)); + if ( caplen >= 2 * (int)sizeof(in6_addr) ) + dstaddr = IPAddr(*((const in6_addr*)(data + sizeof(in6_addr)))); val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); - vl->append(new AddrVal(IPAddr(tgtaddr))); - vl->append(new AddrVal(IPAddr(dstaddr))); + vl->append(new AddrVal(tgtaddr)); + vl->append(new AddrVal(dstaddr)); + + int opt_offset = 2 * sizeof(in6_addr); + vl->append(BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)); ConnectionEvent(f, vl); } -void ICMP_Analyzer::Router(double t, const struct icmp* icmpp, int len, +void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { - EventHandlerPtr f = 0; - - switch ( icmpp->icmp_type ) - { - case ND_ROUTER_SOLICIT: - f = icmp_router_solicitation; - break; - case ICMP6_ROUTER_RENUMBERING: - default: - ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); - return; - } + EventHandlerPtr f = icmp_router_solicitation; val_list* vl = new val_list; vl->append(BuildConnVal()); vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); + vl->append(BuildNDOptionsVal(caplen, data)); ConnectionEvent(f, vl); } @@ -685,6 +695,137 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, } } +VectorVal* ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) + { + static RecordType* icmp6_nd_option_type = 0; + static RecordType* icmp6_nd_prefix_info_type = 0; + if ( ! icmp6_nd_option_type ) + { + icmp6_nd_option_type = internal_type("icmp6_nd_option")->AsRecordType(); + icmp6_nd_prefix_info_type = + internal_type("icmp6_nd_prefix_info")->AsRecordType(); + } + + VectorVal* vv = new VectorVal( + internal_type("icmp6_nd_options")->AsVectorType()); + + while ( caplen > 0 ) + { + // Must have at least type & length to continue parsing options. + if ( caplen < 2 ) + { + Weird("truncated_ICMPv6_ND_options"); + break; + } + + uint8 type = *((const uint8*)data); + uint8 length = *((const uint8*)(data + 1)); + + if ( length == 0 ) + { + Weird("zero_length_ICMPv6_ND_option"); + break; + } + + RecordVal* rv = new RecordVal(icmp6_nd_option_type); + rv->Assign(0, new Val(type, TYPE_COUNT)); + rv->Assign(1, new Val(length, TYPE_COUNT)); + + // adjust length to be in units of bytes, exclude type/length fields + length = length * 8 - 2; + + data += 2; + caplen -= 2; + + bool set_payload_field = false; + // Only parse out known options that are there in full. + switch ( type ) { + case 1: + case 2: + // Source/Target Link-layer Address option + { + if ( caplen >= length ) + { + BroString* link_addr = new BroString(data, length, 0); + rv->Assign(2, new StringVal(link_addr)); + } + else + set_payload_field = true; + } + break; + + case 3: + // Prefix Information option + { + if ( caplen >= 30 ) + { + RecordVal* info = new RecordVal(icmp6_nd_prefix_info_type); + uint8 prefix_len = *((const uint8*)(data)); + bool L_flag = (*((const uint8*)(data + 1)) & 0x80) != 0; + bool A_flag = (*((const uint8*)(data + 1)) & 0x40) != 0; + uint32 valid_life = *((const uint32*)(data + 2)); + uint32 prefer_life = *((const uint32*)(data + 6)); + in6_addr prefix = *((const in6_addr*)(data + 14)); + info->Assign(0, new Val(prefix_len, TYPE_COUNT)); + info->Assign(1, new Val(L_flag, TYPE_BOOL)); + info->Assign(2, new Val(A_flag, TYPE_BOOL)); + info->Assign(3, new IntervalVal((double)ntohl(valid_life), Seconds)); + info->Assign(4, new IntervalVal((double)ntohl(prefer_life), Seconds)); + info->Assign(5, new AddrVal(IPAddr(prefix))); + rv->Assign(3, info); + } + else + set_payload_field = true; + } + break; + + case 4: + // Redirected Header option + { + if ( caplen >= length ) + { + const u_char* hdr = data + 6; + rv->Assign(4, ExtractICMP6Context(length - 6, hdr)); + } + else + set_payload_field = true; + } + break; + + case 5: + // MTU option + { + if ( caplen >= 6 ) + rv->Assign(5, new Val(ntohl(*((const uint32*)(data + 2))), + TYPE_COUNT)); + else + set_payload_field = true; + } + break; + + default: + { + set_payload_field = true; + } + break; + } + + if ( set_payload_field ) + { + BroString* payload = + new BroString(data, min((int)length, caplen), 0); + rv->Assign(6, new StringVal(payload)); + } + + data += length; + caplen -= length; + + vv->Assign(vv->Size(), rv, 0); + } + + return vv; + } + int ICMP4_counterpart(int icmp_type, int icmp_code, bool& is_one_way) { is_one_way = false; diff --git a/src/ICMP.h b/src/ICMP.h index 33773b9762..1e30b7ff54 100644 --- a/src/ICMP.h +++ b/src/ICMP.h @@ -48,7 +48,7 @@ protected: int caplen, const u_char*& data, const IP_Hdr* ip_hdr); void NeighborSolicit(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr); - void Router(double t, const struct icmp* icmpp, int len, + void RouterSolicit(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr); void Describe(ODesc* d) const; @@ -75,6 +75,9 @@ protected: void Context6(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr); + // RFC 4861 Neighbor Discover message options + VectorVal* BuildNDOptionsVal(int caplen, const u_char* data); + RecordVal* icmp_conn_val; int type; int code; diff --git a/src/event.bif b/src/event.bif index a924bf4888..e0d1c2e1c6 100644 --- a/src/event.bif +++ b/src/event.bif @@ -1054,9 +1054,11 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## options: Any Neighbor Discovery options included with message (:rfc:`4861`). +## ## .. bro:see:: icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect -event icmp_router_solicitation%(c: connection, icmp: icmp_conn%); +event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_nd_options%); ## Generated for ICMP *router advertisement* messages. ## @@ -1090,9 +1092,11 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn%); ## ## retrans_timer: How long a host should wait before retransmitting. ## +## options: Any Neighbor Discovery options included with message (:rfc:`4861`). +## ## .. bro:see:: icmp_router_solicitation ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect -event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval%); +event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); ## Generated for ICMP *neighbor solicitation* messages. ## @@ -1107,9 +1111,11 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: ## ## tgt: The IP address of the target of the solicitation. ## +## options: Any Neighbor Discovery options included with message (:rfc:`4861`). +## ## .. bro:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_advertisement icmp_redirect -event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%); +event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options%); ## Generated for ICMP *neighbor advertisement* messages. ## @@ -1131,9 +1137,11 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%); ## tgt: the Target Address in the soliciting message or the address whose ## link-layer address has changed for unsolicited adverts. ## +## options: Any Neighbor Discovery options included with message (:rfc:`4861`). +## ## .. bro:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_redirect -event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt:addr%); +event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); ## Generated for ICMP *redirect* messages. ## @@ -1151,9 +1159,11 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## ## dest: The address of the destination which is redirected to the target. ## +## options: Any Neighbor Discovery options included with message (:rfc:`4861`). +## ## .. bro:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement -event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr%); +event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options%); ## Generated when a TCP connection terminated, passing on statistics about the ## two endpoints. This event is always generated when Bro flushes the internal diff --git a/testing/btest/Baseline/core.icmp.icmp6-events/output b/testing/btest/Baseline/core.icmp.icmp6-events/output index 81075b716a..fdb58e5be1 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-events/output +++ b/testing/btest/Baseline/core.icmp.icmp6-events/output @@ -41,6 +41,7 @@ icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) icmp_redirect (tgt=fe80::cafe, dest=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp] icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, hlim=255, v6=T] + options: [] icmp_router_advertisement cur_hop_limit=13 managed=T @@ -54,15 +55,19 @@ icmp_router_advertisement retrans_timer=1.0 sec 300.0 msecs conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp] icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, hlim=255, v6=T] + options: [] icmp_neighbor_advertisement (tgt=fe80::babe) router=T solicited=F override=T conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp] icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, hlim=255, v6=T] + options: [] icmp_router_solicitation conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp] icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, hlim=255, v6=T] + options: [] icmp_neighbor_solicitation (tgt=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp] icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, hlim=255, v6=T] + options: [] diff --git a/testing/btest/Baseline/core.icmp.icmp6-nd-options/output b/testing/btest/Baseline/core.icmp.icmp6-nd-options/output new file mode 100644 index 0000000000..1a3958f32d --- /dev/null +++ b/testing/btest/Baseline/core.icmp.icmp6-nd-options/output @@ -0,0 +1,28 @@ +icmp_redirect options + [otype=4, len=8, link_address=, prefix=, redirect=[id=[orig_h=fe80::aaaa, orig_p=30000/udp, resp_h=fe80::bbbb, resp_p=13000/udp], len=56, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F], mtu=, payload=] +icmp_neighbor_advertisement options + [otype=2, len=1, link_address=\xc2\0T\xf5\0\0, prefix=, redirect=, mtu=, payload=] + MAC: c20054f50000 +icmp_router_advertisement options + [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=, redirect=, mtu=, payload=] + MAC: c20054f50000 + [otype=5, len=1, link_address=, prefix=, redirect=, mtu=1500, payload=] + [otype=3, len=4, link_address=, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=, mtu=, payload=] +icmp_neighbor_advertisement options + [otype=2, len=1, link_address=\xc2\0T\xf5\0\0, prefix=, redirect=, mtu=, payload=] + MAC: c20054f50000 +icmp_router_advertisement options + [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=, redirect=, mtu=, payload=] + MAC: c20054f50000 + [otype=5, len=1, link_address=, prefix=, redirect=, mtu=1500, payload=] + [otype=3, len=4, link_address=, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=, mtu=, payload=] +icmp_router_advertisement options + [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=, redirect=, mtu=, payload=] + MAC: c20054f50000 + [otype=5, len=1, link_address=, prefix=, redirect=, mtu=1500, payload=] + [otype=3, len=4, link_address=, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=, mtu=, payload=] +icmp_router_advertisement options + [otype=1, len=1, link_address=\xc2\0T\xf5\0\0, prefix=, redirect=, mtu=, payload=] + MAC: c20054f50000 + [otype=5, len=1, link_address=, prefix=, redirect=, mtu=1500, payload=] + [otype=3, len=4, link_address=, prefix=[prefix_len=64, L_flag=T, A_flag=T, valid_lifetime=30.0 days, preferred_lifetime=7.0 days, prefix=2001:db8:0:1::], redirect=, mtu=, payload=] diff --git a/testing/btest/Traces/icmp/icmp6-nd-options.pcap b/testing/btest/Traces/icmp/icmp6-nd-options.pcap new file mode 100644 index 0000000000000000000000000000000000000000..1103d9bf9c853e79ba52b6d3addd9ad609dd2864 GIT binary patch literal 2144 zcmca|c+)~A1{MZ5P+(wS1ah(yHhKKiV?K(g&_9#Diq!sW_AouLe<286NL;y~DzHijer92nR+fChj8Bh++OP%tsD z-eG2OIKZIZ%fP^C)c_JvVC3Baq`HpA)H!`OoK*&cLGyB-`#L07H>M0g+2VTo6DCaYm4OSiWm!cn-?d z81f)nd>(Kz*a7807@WJAP;BAATTX%uWol)p2Ad8ttp#WrQmKpXW5t7JW#Pb;hagu-u4hD!7l8^rln^5nFF^H(c$uIE@+(Tb0p&rq z)B$Zl3Q2TZ2!$k2eLKUR=OEKz`SS1dpC490O<#*@I$815`5oDGSUgPzx_#ell$49^ tc3=ph$1ZvZAVNr51!N1l{1l)q+dP<%;{n|dglqw-N7z!d4Z{|oJOFqZl^g&7 literal 0 HcmV?d00001 diff --git a/testing/btest/Traces/icmp/icmp6-redirect-hdr-opt.pcap b/testing/btest/Traces/icmp/icmp6-redirect-hdr-opt.pcap new file mode 100644 index 0000000000000000000000000000000000000000..d05351910849141fd8f407973a86bd7340bd3406 GIT binary patch literal 198 zcmca|c+)~A1{MYw_+QV!zzF1o>%8)Rw~>iq9*_;f|G@yFs_kw9h>>CS|6c=$0R#8e zqVo5>?__v<3?z#xe(E18f7d=14u}~EAWA^c0abq0DpdaN-K7RbCl~}K^F%-a0Iz>6 AssI20 literal 0 HcmV?d00001 diff --git a/testing/btest/core/icmp/icmp6-events.test b/testing/btest/core/icmp/icmp6-events.test index 052ba91ee6..5263dd6e7f 100644 --- a/testing/btest/core/icmp/icmp6-events.test +++ b/testing/btest/core/icmp/icmp6-events.test @@ -66,11 +66,12 @@ event icmp_parameter_problem(c: connection, icmp: icmp_conn, code: count, contex print " icmp_context: " + fmt("%s", context); } -event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr) +event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options) { print "icmp_redirect (tgt=" + fmt("%s", tgt) + ", dest=" + fmt("%s", dest) + ")"; print " conn_id: " + fmt("%s", c$id); print " icmp_conn: " + fmt("%s", icmp); + print " options: " + fmt("%s", options); } event icmp_error_message(c: connection, icmp: icmp_conn, code: count, context: icmp_context) @@ -81,14 +82,15 @@ event icmp_error_message(c: connection, icmp: icmp_conn, code: count, context: i print " icmp_context: " + fmt("%s", context); } -event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr) +event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_solicitation (tgt=" + fmt("%s", tgt) + ")"; print " conn_id: " + fmt("%s", c$id); print " icmp_conn: " + fmt("%s", icmp); + print " options: " + fmt("%s", options); } -event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr) +event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_advertisement (tgt=" + fmt("%s", tgt) + ")"; print " router=" + fmt("%s", router); @@ -96,16 +98,18 @@ event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, print " override=" + fmt("%s", override); print " conn_id: " + fmt("%s", c$id); print " icmp_conn: " + fmt("%s", icmp); + print " options: " + fmt("%s", options); } -event icmp_router_solicitation(c: connection, icmp: icmp_conn) +event icmp_router_solicitation(c: connection, icmp: icmp_conn, options: icmp6_nd_options) { print "icmp_router_solicitation"; print " conn_id: " + fmt("%s", c$id); print " icmp_conn: " + fmt("%s", icmp); + print " options: " + fmt("%s", options); } -event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval) +event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) { print "icmp_router_advertisement"; print " cur_hop_limit=" + fmt("%s", cur_hop_limit); @@ -120,4 +124,5 @@ event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: c print " retrans_timer=" + fmt("%s", retrans_timer); print " conn_id: " + fmt("%s", c$id); print " icmp_conn: " + fmt("%s", icmp); + print " options: " + fmt("%s", options); } diff --git a/testing/btest/core/icmp/icmp6-nd-options.test b/testing/btest/core/icmp/icmp6-nd-options.test new file mode 100644 index 0000000000..64543852a3 --- /dev/null +++ b/testing/btest/core/icmp/icmp6-nd-options.test @@ -0,0 +1,35 @@ +# These tests all check that ICMP6 events get raised with correct arguments. + +# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1 + +# @TEST-EXEC: btest-diff output + +event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) + { + print "icmp_router_advertisement options"; + for ( o in options ) + { + print fmt(" %s", options[o]); + if ( options[o]$otype == 1 && options[o]?$link_address ) + print fmt(" MAC: %s", + string_to_ascii_hex(options[o]$link_address)); + } + } + +event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) + { + print "icmp_neighbor_advertisement options"; + for ( o in options ) + { + print fmt(" %s", options[o]); + if ( options[o]$otype == 2 && options[o]?$link_address ) print fmt(" MAC: %s", string_to_ascii_hex(options[o]$link_address)); + } + } + +event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options) + { + print "icmp_redirect options"; + for ( o in options ) + print fmt(" %s", options[o]); + } From a651185ff9f93fedb3a82575e5107dd7460475de Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 27 Jun 2012 11:35:32 -0500 Subject: [PATCH 031/120] Fix strict-aliasing warning in RemoteSerializer.cc (fixes #834). --- src/RemoteSerializer.cc | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 838bafb0d6..0db77e2df3 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -4208,32 +4208,37 @@ bool SocketComm::Listen() bool SocketComm::AcceptConnection(int fd) { - sockaddr_storage client; - socklen_t len = sizeof(client); + union { + sockaddr_storage ss; + sockaddr_in s4; + sockaddr_in6 s6; + } client; + socklen_t len = sizeof(client.ss); - int clientfd = accept(fd, (sockaddr*) &client, &len); + int clientfd = accept(fd, (sockaddr*) &client.ss, &len); if ( clientfd < 0 ) { Error(fmt("accept failed, %s %d", strerror(errno), errno)); return false; } - if ( client.ss_family != AF_INET && client.ss_family != AF_INET6 ) + if ( client.ss.ss_family != AF_INET && client.ss.ss_family != AF_INET6 ) { - Error(fmt("accept fail, unknown address family %d", client.ss_family)); + Error(fmt("accept fail, unknown address family %d", + client.ss.ss_family)); close(clientfd); return false; } Peer* peer = new Peer; peer->id = id_counter++; - peer->ip = client.ss_family == AF_INET ? - IPAddr(((sockaddr_in*)&client)->sin_addr) : - IPAddr(((sockaddr_in6*)&client)->sin6_addr); + peer->ip = client.ss.ss_family == AF_INET ? + IPAddr(client.s4.sin_addr) : + IPAddr(client.s6.sin6_addr); - peer->port = client.ss_family == AF_INET ? - ntohs(((sockaddr_in*)&client)->sin_port) : - ntohs(((sockaddr_in6*)&client)->sin6_port); + peer->port = client.ss.ss_family == AF_INET ? + ntohs(client.s4.sin_port) : + ntohs(client.s6.sin6_port); peer->connected = true; peer->ssl = listen_ssl; From 21a0e74d682f0584288c6e631496bb4083e5d33f Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 28 Jun 2012 12:42:32 -0500 Subject: [PATCH 032/120] Drain events before terminating log/thread managers. Using the default scripts, the events from RemoteSerializer::LogStats() were attempting to use the logging framework after logging/threading had been terminated which never worked right and sometimes caused crashes with "fatal error: cannot lock mutex". Also made communication log baseline test pass more reliably. --- src/main.cc | 2 ++ .../send.log | 29 ++++++++++--------- .../communication_log_baseline.bro | 9 ++++-- 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/src/main.cc b/src/main.cc index b1d0a4d723..d94a32df63 100644 --- a/src/main.cc +++ b/src/main.cc @@ -313,6 +313,8 @@ void terminate_bro() if ( remote_serializer ) remote_serializer->LogStats(); + mgr.Drain(); + log_mgr->Terminate(); thread_mgr->Terminate(); diff --git a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log index d3c14c8603..94e0403238 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log +++ b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log @@ -5,17 +5,18 @@ #path communication #fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message #types time string string string addr port string string -1326492291.485390 bro parent - - - info [#1/127.0.0.1:47757] added peer -1326492291.491731 bro child - - - info [#1/127.0.0.1:47757] connected -1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] peer connected -1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] phase: version -1326492291.492740 bro script - - - info connection established -1326492291.492740 bro script - - - info requesting events matching /^?(NOTHING)$?/ -1326492291.492740 bro script - - - info accepting state -1326492291.493800 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake -1326492291.493800 bro parent - - - info warning: no events to request -1326492291.494161 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro -1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that -1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] phase: running -1326492291.494404 bro parent - - - info terminating... -1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] closing connection +1340904724.781527 bro parent - - - info [#1/127.0.0.1:47757] added peer +1340904724.784954 bro child - - - info [#1/127.0.0.1:47757] connected +1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] peer connected +1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] phase: version +1340904724.786168 bro script - - - info connection established +1340904724.786168 bro script - - - info requesting events matching /^?(NOTHING)$?/ +1340904724.786168 bro script - - - info accepting state +1340904724.787645 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake +1340904724.787645 bro parent - - - info warning: no events to request +1340904724.788857 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro +1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that +1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] phase: running +1340904724.829480 bro parent - - - info terminating... +1340904724.832952 bro child - - - info terminating +1340904724.834082 bro parent - - - info [#1/127.0.0.1:47757] closing connection diff --git a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro index 3d80ef7777..4a2ed735ef 100644 --- a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro +++ b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-bg-wait -k 10 # # Don't diff the receiver log just because port is always going to change -# @TEST-EXEC: egrep -v 'pid|socket buffer size' sender/communication.log >send.log +# @TEST-EXEC: egrep -v 'CPU|bytes|pid|socket buffer size' sender/communication.log >send.log # @TEST-EXEC: btest-diff send.log @TEST-START-FILE sender.bro @@ -19,6 +19,10 @@ redef Communication::nodes += { event remote_connection_handshake_done(p: event_peer) { terminate_communication(); + } + +event remote_connection_closed(p: event_peer) + { terminate(); } @@ -30,9 +34,8 @@ event remote_connection_handshake_done(p: event_peer) @load frameworks/communication/listen -event remote_connection_handshake_done(p: event_peer) +event remote_connection_closed(p: event_peer) { - terminate_communication(); terminate(); } From 1bbd63970a9fe5529cc9c6898c510d47ea5472af Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 28 Jun 2012 15:16:33 -0500 Subject: [PATCH 033/120] Small tweak to make test complete quicker. --- testing/btest/scripts/base/frameworks/control/id_value.bro | 1 + 1 file changed, 1 insertion(+) diff --git a/testing/btest/scripts/base/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.bro index c5d1d063f5..ffbb9a10cf 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.bro +++ b/testing/btest/scripts/base/frameworks/control/id_value.bro @@ -22,4 +22,5 @@ redef test_var = "This is the value from the controllee"; event Control::id_value_response(id: string, val: string) { print fmt("Got an id_value_response(%s, %s) event", id, val); + terminate(); } From 41f1544332cddfa9a636c05f41371698a891de63 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 28 Jun 2012 15:48:03 -0500 Subject: [PATCH 034/120] Add front-end name to InitMessage from WriterFrontend to Backend. At the time WriterBackend::Init() happens, it's in a different thread than its frontend member, but tried to access it directly to get its name, that info is now sent in the InitMessage instead. (Problem was observed segfaulting the unit test scripts.base.frameworks.notice.mail-alarms on Ubuntu 12.04). --- src/logging/WriterBackend.cc | 4 ++-- src/logging/WriterBackend.h | 4 +++- src/logging/WriterFrontend.cc | 10 ++++++---- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 23a95279d7..836c390944 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -108,13 +108,13 @@ void WriterBackend::DisableFrontend() SendOut(new DisableMessage(frontend)); } -bool WriterBackend::Init(string arg_path, int arg_num_fields, const Field* const* arg_fields) +bool WriterBackend::Init(string arg_path, int arg_num_fields, const Field* const* arg_fields, string frontend_name) { path = arg_path; num_fields = arg_num_fields; fields = arg_fields; - string name = Fmt("%s/%s", path.c_str(), frontend->Name().c_str()); + string name = Fmt("%s/%s", path.c_str(), frontend_name.c_str()); SetName(name); diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 1269976aee..64cf84630c 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -53,9 +53,11 @@ public: * @param fields An array of size \a num_fields with the log fields. * The methods takes ownership of the array. * + * @param frontend_name The name of the front-end writer implementation. + * * @return False if an error occured. */ - bool Init(string path, int num_fields, const threading::Field* const* fields); + bool Init(string path, int num_fields, const threading::Field* const* fields, string frontend_name); /** * Writes one log entry. diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 33c9c04c63..cd3bd0d563 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -15,16 +15,18 @@ namespace logging { class InitMessage : public threading::InputMessage { public: - InitMessage(WriterBackend* backend, const string path, const int num_fields, const Field* const* fields) + InitMessage(WriterBackend* backend, const string path, const int num_fields, const Field* const* fields, string frontend_name) : threading::InputMessage("Init", backend), - path(path), num_fields(num_fields), fields(fields) { } + path(path), num_fields(num_fields), fields(fields), + frontend_name(frontend_name) { } - virtual bool Process() { return Object()->Init(path, num_fields, fields); } + virtual bool Process() { return Object()->Init(path, num_fields, fields, frontend_name); } private: const string path; const int num_fields; const Field * const* fields; + const string frontend_name; }; class RotateMessage : public threading::InputMessage @@ -164,7 +166,7 @@ void WriterFrontend::Init(string arg_path, int arg_num_fields, const Field* cons initialized = true; if ( backend ) - backend->SendIn(new InitMessage(backend, arg_path, arg_num_fields, arg_fields)); + backend->SendIn(new InitMessage(backend, arg_path, arg_num_fields, arg_fields, Name())); if ( remote ) remote_serializer->SendLogCreateWriter(stream, From 0e48fda6ffa0be4cec2d763305a1394e19b32778 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 29 Jun 2012 12:50:57 -0500 Subject: [PATCH 035/120] Updating input framework unit tests. Generally tried to make them more reliable and execute quicker. They all now load the listen script as a trick to make sure input sources are fully read, but also terminate() at appropriate times so that they don't take more time than needed. They're also all serialized with the 'comm' group so listening on a port doesn't interfere with the communication tests. --- .../scripts.base.frameworks.input.event/out | 119 ++++++--- .../out | 1 + .../scripts.base.frameworks.input.raw/out | 120 ++++++--- .../scripts.base.frameworks.input.repeat/out | 64 ++--- .../out | 240 +++++++++++++----- .../out | 33 ++- .../out | 119 ++++++--- .../event.out | 4 + .../fin.out | 30 +++ .../out | 172 ------------- .../pred1.out | 45 ++++ .../pred2.out | 15 ++ testing/btest/coverage/bare-mode-errors.test | 2 + .../scripts/base/frameworks/input/basic.bro | 26 +- .../base/frameworks/input/emptyvals.bro | 25 +- .../scripts/base/frameworks/input/event.bro | 36 ++- .../base/frameworks/input/executeraw.bro | 16 +- .../frameworks/input/onecolumn-norecord.bro | 25 +- .../frameworks/input/onecolumn-record.bro | 25 +- .../base/frameworks/input/optional.bro | 25 +- .../scripts/base/frameworks/input/port.bro | 39 ++- .../frameworks/input/predicate-stream.bro | 67 +++-- .../base/frameworks/input/predicate.bro | 56 ++-- .../base/frameworks/input/predicatemodify.bro | 37 ++- .../input/predicatemodifyandreread.bro | 30 ++- .../scripts/base/frameworks/input/raw.bro | 34 ++- .../scripts/base/frameworks/input/repeat.bro | 40 ++- .../scripts/base/frameworks/input/reread.bro | 27 +- .../base/frameworks/input/rereadraw.bro | 34 ++- .../scripts/base/frameworks/input/stream.bro | 23 +- .../base/frameworks/input/streamraw.bro | 22 +- .../base/frameworks/input/tableevent.bro | 37 ++- .../base/frameworks/input/twotables.bro | 88 ++++--- 33 files changed, 1045 insertions(+), 631 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out create mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out delete mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.twotables/out create mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out create mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.event/out b/testing/btest/Baseline/scripts.base.frameworks.input.event/out index bb3b6d0a9e..d02cda5e33 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.event/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.event/out @@ -1,69 +1,118 @@ -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 1 T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 2 T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 3 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 4 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 5 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 6 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 7 diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out b/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out index a38f3fce84..61f179780c 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out @@ -4,6 +4,7 @@ print outfile, description; print outfile, tpe; print outfile, s; close(outfile); +terminate(); }] Input::EVENT_NEW 8 ../input.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.raw/out b/testing/btest/Baseline/scripts.base.frameworks.input.raw/out index 55e7610e1e..0d380047fb 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.raw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.raw/out @@ -1,64 +1,120 @@ -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW q3r3057fdf -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdfs\d -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW dfsdf -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdf -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 3rw43wRRERLlL#RWERERERE. diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out b/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out index 71de0d2570..12a8c5f581 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out @@ -1,160 +1,160 @@ input0 -input.log +../input.log { [1] = T } input1 -input.log +../input.log { [1] = T } input2 -input.log +../input.log { [1] = T } input3 -input.log +../input.log { [1] = T } input4 -input.log +../input.log { [1] = T } input5 -input.log +../input.log { [1] = T } input6 -input.log +../input.log { [1] = T } input7 -input.log +../input.log { [1] = T } input8 -input.log +../input.log { [1] = T } input9 -input.log +../input.log { [1] = T } input10 -input.log +../input.log { [1] = T } input11 -input.log +../input.log { [1] = T } input12 -input.log +../input.log { [1] = T } input13 -input.log +../input.log { [1] = T } input14 -input.log +../input.log { [1] = T } input15 -input.log +../input.log { [1] = T } input16 -input.log +../input.log { [1] = T } input17 -input.log +../input.log { [1] = T } input18 -input.log +../input.log { [1] = T } input19 -input.log +../input.log { [1] = T } input20 -input.log +../input.log { [1] = T } input21 -input.log +../input.log { [1] = T } input22 -input.log +../input.log { [1] = T } input23 -input.log +../input.log { [1] = T } input24 -input.log +../input.log { [1] = T } input25 -input.log +../input.log { [1] = T } input26 -input.log +../input.log { [1] = T } input27 -input.log +../input.log { [1] = T } input28 -input.log +../input.log { [1] = T } input29 -input.log +../input.log { [1] = T } input30 -input.log +../input.log { [1] = T } input31 -input.log +../input.log { [1] = T } diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out b/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out index 9d62fdbef4..7c75913bc3 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out @@ -1,128 +1,240 @@ -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW q3r3057fdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdfs\d -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW dfsdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 3rw43wRRERLlL#RWERERERE. -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW q3r3057fdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdfs\d -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW dfsdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW sdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }] Input::EVENT_NEW 3rw43wRRERLlL#RWERERERE. diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out b/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out index 07a3ffdba5..b934e34768 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out @@ -3,11 +3,13 @@ print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] @@ -18,11 +20,13 @@ sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] @@ -33,11 +37,13 @@ DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] @@ -48,11 +54,13 @@ q3r3057fdf print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] @@ -63,11 +71,13 @@ sdfs\d print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] @@ -78,11 +88,13 @@ Input::EVENT_NEW print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] @@ -93,11 +105,13 @@ dfsdf print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] @@ -108,13 +122,16 @@ sdf print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }] Input::EVENT_NEW 3rw43wRRERLlL#RWERERERE. +done diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out b/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out index a1bbb9bbe4..43d000676d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out @@ -1,4 +1,4 @@ -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -8,15 +8,22 @@ [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=] Input::EVENT_NEW [i=1] T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -26,15 +33,22 @@ T [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=] Input::EVENT_NEW [i=2] T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -44,15 +58,22 @@ T [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=] Input::EVENT_NEW [i=3] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -62,15 +83,22 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=] Input::EVENT_NEW [i=4] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -80,15 +108,22 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=] Input::EVENT_NEW [i=5] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -98,15 +133,22 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=] Input::EVENT_NEW [i=6] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -116,10 +158,17 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=] Input::EVENT_NEW [i=7] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out new file mode 100644 index 0000000000..ebf210031f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out @@ -0,0 +1,4 @@ +============EVENT============ +============EVENT============ +============EVENT============ +============EVENT============ diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out new file mode 100644 index 0000000000..b7e1031867 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out @@ -0,0 +1,30 @@ +==========SERVERS============ +==========SERVERS============ +==========SERVERS============ +done +{ +[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]], +[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] +} diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/out deleted file mode 100644 index e9e03add3a..0000000000 --- a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/out +++ /dev/null @@ -1,172 +0,0 @@ -============PREDICATE============ -Input::EVENT_NEW -[i=-42] -[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============PREDICATE 2============ -Input::EVENT_NEW -[i=-43] -[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============EVENT============ -==========SERVERS============ -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} -============EVENT============ -==========SERVERS============ -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} -============PREDICATE============ -Input::EVENT_NEW -[i=-44] -[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============PREDICATE============ -Input::EVENT_REMOVED -[i=-42] -[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============EVENT============ -============EVENT============ -==========SERVERS============ -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} -done -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out new file mode 100644 index 0000000000..84d1465428 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out @@ -0,0 +1,45 @@ +============PREDICATE============ +Input::EVENT_NEW +[i=-42] +[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] +============PREDICATE============ +Input::EVENT_NEW +[i=-44] +[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] +============PREDICATE============ +Input::EVENT_REMOVED +[i=-42] +[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out new file mode 100644 index 0000000000..ef38fa3210 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out @@ -0,0 +1,15 @@ +============PREDICATE 2============ +Input::EVENT_NEW +[i=-43] +[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 9fd18308ce..21e7d4f4a9 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -5,6 +5,8 @@ # Commonly, this test may fail if one forgets to @load some base/ scripts # when writing a new bro scripts. # +# @TEST-SERIALIZE: comm +# # @TEST-EXEC: test -d $DIST/scripts # @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 # @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors diff --git a/testing/btest/scripts/base/frameworks/input/basic.bro b/testing/btest/scripts/base/frameworks/input/basic.bro index 8d4028a12e..df2ab676b8 100644 --- a/testing/btest/scripts/base/frameworks/input/basic.bro +++ b/testing/btest/scripts/base/frameworks/input/basic.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -10,6 +13,11 @@ T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -39,12 +47,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); + Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); Input::remove("ssh"); -} + } -event Input::update_finished(name: string, source:string) { - print servers; -} +event Input::update_finished(name: string, source:string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/emptyvals.bro b/testing/btest/scripts/base/frameworks/input/emptyvals.bro index 77659d13ec..a2a9ba3070 100644 --- a/testing/btest/scripts/base/frameworks/input/emptyvals.bro +++ b/testing/btest/scripts/base/frameworks/input/emptyvals.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -11,6 +14,10 @@ T 1 - 2 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -26,12 +33,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); + Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); Input::remove("ssh"); -} + } -event Input::update_finished(name: string, source:string) { - print servers; -} +event Input::update_finished(name: string, source:string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/event.bro b/testing/btest/scripts/base/frameworks/input/event.bro index dca75334d0..d275cee59c 100644 --- a/testing/btest/scripts/base/frameworks/input/event.bro +++ b/testing/btest/scripts/base/frameworks/input/event.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; module A; @@ -24,15 +31,24 @@ type Val: record { b: bool; }; -event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) { - print description; - print tpe; - print i; - print b; -} +event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) + { + print outfile, description; + print outfile, tpe; + print outfile, i; + print outfile, b; + try = try + 1; + if ( try == 7 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_event([$source="input.log", $name="input", $fields=Val, $ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/executeraw.bro b/testing/btest/scripts/base/frameworks/input/executeraw.bro index 6df28d08ea..222b4256d1 100644 --- a/testing/btest/scripts/base/frameworks/input/executeraw.bro +++ b/testing/btest/scripts/base/frameworks/input/executeraw.bro @@ -1,6 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: btest-bg-wait -k 1 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out # @TEST-EXEC: btest-diff out @@ -23,16 +25,18 @@ type Val: record { s: string; }; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { print outfile, description; print outfile, tpe; print outfile, s; close(outfile); -} + terminate(); + } event bro_init() -{ - outfile = open ("../out.tmp"); + { + outfile = open("../out.tmp"); Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro index d6c81cb2db..9707af7f94 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -10,6 +13,10 @@ T -42 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -25,12 +32,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]); + { + outfile = open("../out"); + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro index ca1e956f35..18349f1515 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -10,6 +13,10 @@ T -42 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -25,12 +32,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ - Input::add_table([$name="input", $source="input.log", $idx=Idx, $val=Val, $destination=servers]); + { + outfile = open("../out"); + Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/optional.bro b/testing/btest/scripts/base/frameworks/input/optional.bro index c354f7c3ab..23e0b1e4d1 100644 --- a/testing/btest/scripts/base/frameworks/input/optional.bro +++ b/testing/btest/scripts/base/frameworks/input/optional.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -32,14 +39,18 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; } ]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/port.bro b/testing/btest/scripts/base/frameworks/input/port.bro index 88e86eb5dc..2f061e9507 100644 --- a/testing/btest/scripts/base/frameworks/input/port.bro +++ b/testing/btest/scripts/base/frameworks/input/port.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -9,6 +12,10 @@ 1.2.3.6 30 unknown @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -24,17 +31,23 @@ type Val: record { global servers: table[addr] of Val = table(); event bro_init() -{ - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]); - print servers[1.2.3.4]; - print servers[1.2.3.5]; - print servers[1.2.3.6]; + { + outfile = open("../out"); + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]); + if ( 1.2.3.4 in servers ) + print outfile, servers[1.2.3.4]; + if ( 1.2.3.5 in servers ) + print outfile, servers[1.2.3.5]; + if ( 1.2.3.6 in servers ) + print outfile, servers[1.2.3.6]; Input::remove("input"); -} - -event Input::update_finished(name: string, source: string) { - print servers[1.2.3.4]; - print servers[1.2.3.5]; - print servers[1.2.3.6]; -} + } +event Input::update_finished(name: string, source: string) + { + print outfile, servers[1.2.3.4]; + print outfile, servers[1.2.3.5]; + print outfile, servers[1.2.3.6]; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/predicate-stream.bro b/testing/btest/scripts/base/frameworks/input/predicate-stream.bro index 20c69131cb..8cf927e346 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate-stream.bro +++ b/testing/btest/scripts/base/frameworks/input/predicate-stream.bro @@ -1,9 +1,13 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out # # only difference from predicate.bro is, that this one uses a stream source. -# the reason is, that the code-paths are quite different, because then the ascii reader uses the put and not the sendevent interface +# the reason is, that the code-paths are quite different, because then the +# ascii reader uses the put and not the sendevent interface @TEST-START-FILE input.log #separator \x09 @@ -19,6 +23,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -34,47 +42,38 @@ type Val: record { global servers: table[int] of Val = table(); global ct: int; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) { +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) + { ct = ct + 1; - if ( ct < 3 ) { + if ( ct < 3 ) return; - } - if ( ct > 3 ) { - print "Too many events"; - return; - } - if ( 1 in servers ) { - print "VALID"; + if ( 1 in servers ) + print outfile, "VALID"; + if ( 2 in servers ) + print outfile, "VALID"; + if ( !(3 in servers) ) + print outfile, "VALID"; + if ( !(4 in servers) ) + print outfile, "VALID"; + if ( !(5 in servers) ) + print outfile, "VALID"; + if ( !(6 in servers) ) + print outfile, "VALID"; + if ( 7 in servers ) + print outfile, "VALID"; + close(outfile); + terminate(); } - if ( 2 in servers ) { - print "VALID"; - } - if ( !(3 in servers) ) { - print "VALID"; - } - if ( !(4 in servers) ) { - print "VALID"; - } - if ( !(5 in servers) ) { - print "VALID"; - } - if ( !(6 in servers) ) { - print "VALID"; - } - if ( 7 in servers ) { - print "VALID"; - } -} event bro_init() -{ + { + outfile = open("../out"); ct = 0; # first read in the old stuff into the table... - Input::add_table([$source="input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line, + Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line, $pred(typ: Input::Event, left: Idx, right: bool) = { return right; } ]); Input::remove("input"); - -} + } diff --git a/testing/btest/scripts/base/frameworks/input/predicate.bro b/testing/btest/scripts/base/frameworks/input/predicate.bro index 278ac7418e..2cda6f5fb9 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate.bro +++ b/testing/btest/scripts/base/frameworks/input/predicate.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -31,34 +38,31 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $pred(typ: Input::Event, left: Idx, right: bool) = { return right; } ]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - if ( 1 in servers ) { - print "VALID"; +event Input::update_finished(name: string, source: string) + { + if ( 1 in servers ) + print outfile, "VALID"; + if ( 2 in servers ) + print outfile, "VALID"; + if ( !(3 in servers) ) + print outfile, "VALID"; + if ( !(4 in servers) ) + print outfile, "VALID"; + if ( !(5 in servers) ) + print outfile, "VALID"; + if ( !(6 in servers) ) + print outfile, "VALID"; + if ( 7 in servers ) + print outfile, "VALID"; + close(outfile); + terminate(); } - if ( 2 in servers ) { - print "VALID"; - } - if ( !(3 in servers) ) { - print "VALID"; - } - if ( !(4 in servers) ) { - print "VALID"; - } - if ( !(5 in servers) ) { - print "VALID"; - } - if ( !(6 in servers) ) { - print "VALID"; - } - if ( 7 in servers ) { - print "VALID"; - } -} diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodify.bro b/testing/btest/scripts/base/frameworks/input/predicatemodify.bro index c3198d8483..1d6a54fe38 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodify.bro +++ b/testing/btest/scripts/base/frameworks/input/predicatemodify.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -11,6 +14,10 @@ 2 T test2 idx2 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -28,23 +35,25 @@ type Val: record { global servers: table[int, string] of Val = table(); event bro_init() -{ - # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, - $pred(typ: Input::Event, left: Idx, right: Val) = { - if ( left$i == 1 ) { - right$s = "testmodified"; - } + { + outfile = open("../out"); - if ( left$i == 2 ) { + # first read in the old stuff into the table... + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, + $pred(typ: Input::Event, left: Idx, right: Val) = { + if ( left$i == 1 ) + right$s = "testmodified"; + if ( left$i == 2 ) left$ss = "idxmodified"; - } return T; } ]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro index 1606ff6a27..9b8758bf3f 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro +++ b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro @@ -1,6 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input2.log input.log # @TEST-EXEC: sleep 2 @@ -9,7 +11,7 @@ # @TEST-EXEC: cp input4.log input.log # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input5.log input.log -# @TEST-EXEC: btest-bg-wait -k 3 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out # @@ -77,31 +79,31 @@ global outfile: file; global try: count; event bro_init() -{ + { try = 0; - outfile = open ("../out"); + outfile = open("../out"); # first read in the old stuff into the table... Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $mode=Input::REREAD, $pred(typ: Input::Event, left: Idx, right: Val) = { - if ( left$i == 1 ) { + if ( left$i == 1 ) right$s = "testmodified"; - } - - if ( left$i == 2 ) { + if ( left$i == 2 ) left$ss = "idxmodified"; - } return T; } ]); -} + } -event Input::update_finished(name: string, source: string) { +event Input::update_finished(name: string, source: string) + { try = try + 1; print outfile, fmt("Update_finished for %s, try %d", name, try); print outfile, servers; - if ( try == 5 ) { - close (outfile); + if ( try == 5 ) + { + close(outfile); Input::remove("input"); + terminate(); + } } -} diff --git a/testing/btest/scripts/base/frameworks/input/raw.bro b/testing/btest/scripts/base/frameworks/input/raw.bro index 8ec6c12a78..cb19213173 100644 --- a/testing/btest/scripts/base/frameworks/input/raw.bro +++ b/testing/btest/scripts/base/frameworks/input/raw.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -13,6 +16,10 @@ sdf 3rw43wRRERLlL#RWERERERE. @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; module A; @@ -20,14 +27,23 @@ type Val: record { s: string; }; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { - print description; - print tpe; - print s; -} +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { + print outfile, description; + print outfile, tpe; + print outfile, s; + try = try + 1; + if ( try == 8 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/repeat.bro b/testing/btest/scripts/base/frameworks/input/repeat.bro index 58ce9a1675..a5a914932c 100644 --- a/testing/btest/scripts/base/frameworks/input/repeat.bro +++ b/testing/btest/scripts/base/frameworks/input/repeat.bro @@ -1,6 +1,9 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out @TEST-START-FILE input.log #separator \x09 @@ -10,6 +13,11 @@ 1 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -27,15 +35,25 @@ global destination: table[int] of Val = table(); const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; event bro_init() -{ - for ( i in one_to_32 ) { - Input::add_table([$source="input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]); + { + try = 0; + outfile = open("../out"); + for ( i in one_to_32 ) + { + Input::add_table([$source="../input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]); Input::remove(fmt("input%d", i)); + } } -} -event Input::update_finished(name: string, source: string) { - print name; - print source; - print destination; -} +event Input::update_finished(name: string, source: string) + { + print outfile, name; + print outfile, source; + print outfile, destination; + try = try + 1; + if ( try == 32 ) + { + close(outfile); + terminate(); + } + } diff --git a/testing/btest/scripts/base/frameworks/input/reread.bro b/testing/btest/scripts/base/frameworks/input/reread.bro index f33b060fe0..2db58fc6b0 100644 --- a/testing/btest/scripts/base/frameworks/input/reread.bro +++ b/testing/btest/scripts/base/frameworks/input/reread.bro @@ -1,6 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input2.log input.log # @TEST-EXEC: sleep 2 @@ -9,7 +11,7 @@ # @TEST-EXEC: cp input4.log input.log # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input5.log input.log -# @TEST-EXEC: btest-bg-wait -k 2 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input1.log @@ -56,6 +58,7 @@ F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh @load frameworks/communication/listen redef InputAscii::empty_field = "EMPTY"; @@ -90,7 +93,8 @@ global outfile: file; global try: count; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) + { print outfile, "============EVENT============"; print outfile, "Description"; print outfile, description; @@ -100,11 +104,11 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r print outfile, left; print outfile, "Right"; print outfile, right; -} + } event bro_init() -{ - outfile = open ("../out"); + { + outfile = open("../out"); try = 0; # first read in the old stuff into the table... Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line, @@ -116,17 +120,20 @@ event bro_init() return T; } ]); -} + } -event Input::update_finished(name: string, source: string) { +event Input::update_finished(name: string, source: string) + { print outfile, "==========SERVERS============"; print outfile, servers; try = try + 1; - if ( try == 5 ) { + if ( try == 5 ) + { print outfile, "done"; close(outfile); Input::remove("input"); + terminate(); + } } -} diff --git a/testing/btest/scripts/base/frameworks/input/rereadraw.bro b/testing/btest/scripts/base/frameworks/input/rereadraw.bro index 33361ad27e..1051351c2b 100644 --- a/testing/btest/scripts/base/frameworks/input/rereadraw.bro +++ b/testing/btest/scripts/base/frameworks/input/rereadraw.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -13,6 +16,10 @@ sdf 3rw43wRRERLlL#RWERERERE. @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; module A; @@ -20,15 +27,24 @@ type Val: record { s: string; }; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { - print description; - print tpe; - print s; -} +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { + print outfile, description; + print outfile, tpe; + print outfile, s; + try = try + 1; + if ( try == 16 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]); Input::force_update("input"); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/stream.bro b/testing/btest/scripts/base/frameworks/input/stream.bro index 571a2273c1..1ecd8a2eb0 100644 --- a/testing/btest/scripts/base/frameworks/input/stream.bro +++ b/testing/btest/scripts/base/frameworks/input/stream.bro @@ -1,11 +1,13 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: sleep 3 # @TEST-EXEC: cat input2.log >> input.log # @TEST-EXEC: sleep 3 # @TEST-EXEC: cat input3.log >> input.log -# @TEST-EXEC: btest-bg-wait -k 3 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input1.log @@ -22,6 +24,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz F -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh @load frameworks/communication/listen redef InputAscii::empty_field = "EMPTY"; @@ -56,7 +59,8 @@ global outfile: file; global try: count; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) + { print outfile, "============EVENT============"; print outfile, tpe; print outfile, left; @@ -66,18 +70,19 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r try = try + 1; - if ( try == 3 ) { + if ( try == 3 ) + { print outfile, "done"; close(outfile); Input::remove("input"); + terminate(); + } } -} event bro_init() -{ - outfile = open ("../out"); + { + outfile = open("../out"); try = 0; # first read in the old stuff into the table... Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]); -} - + } diff --git a/testing/btest/scripts/base/frameworks/input/streamraw.bro b/testing/btest/scripts/base/frameworks/input/streamraw.bro index cc0afd5ae8..a6aba88c5f 100644 --- a/testing/btest/scripts/base/frameworks/input/streamraw.bro +++ b/testing/btest/scripts/base/frameworks/input/streamraw.bro @@ -1,3 +1,5 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log # @TEST-EXEC: btest-bg-run bro bro -b %INPUT @@ -5,7 +7,7 @@ # @TEST-EXEC: cat input2.log >> input.log # @TEST-EXEC: sleep 3 # @TEST-EXEC: cat input3.log >> input.log -# @TEST-EXEC: btest-bg-wait -k 3 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input1.log @@ -36,21 +38,25 @@ type Val: record { global try: count; global outfile: file; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { print outfile, description; print outfile, tpe; print outfile, s; - - if ( try == 3 ) { + + try = try + 1; + if ( try == 8 ) + { print outfile, "done"; close(outfile); Input::remove("input"); + terminate(); + } } -} event bro_init() -{ - outfile = open ("../out"); + { + outfile = open("../out"); try = 0; Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/tableevent.bro b/testing/btest/scripts/base/frameworks/input/tableevent.bro index e40485dd12..723e519237 100644 --- a/testing/btest/scripts/base/frameworks/input/tableevent.bro +++ b/testing/btest/scripts/base/frameworks/input/tableevent.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,11 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; + redef InputAscii::empty_field = "EMPTY"; type Idx: record { @@ -28,15 +36,24 @@ type Val: record { global destination: table[int] of Val = table(); -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) { - print description; - print tpe; - print left; - print right; -} +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) + { + print outfile, description; + print outfile, tpe; + print outfile, left; + print outfile, right; + try = try + 1; + if ( try == 7 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/twotables.bro b/testing/btest/scripts/base/frameworks/input/twotables.bro index 1413275e63..f404416049 100644 --- a/testing/btest/scripts/base/frameworks/input/twotables.bro +++ b/testing/btest/scripts/base/frameworks/input/twotables.bro @@ -1,10 +1,15 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT -# @TEST-EXEC: sleep 2 +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: sleep 5 # @TEST-EXEC: cp input3.log input.log -# @TEST-EXEC: btest-bg-wait -k 2 -# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-bg-wait -k 10 +# @TEST-EXEC: btest-diff event.out +# @TEST-EXEC: btest-diff pred1.out +# @TEST-EXEC: btest-diff pred2.out +# @TEST-EXEC: btest-diff fin.out @TEST-START-FILE input1.log #separator \x09 @@ -28,6 +33,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz F -44 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh @load frameworks/communication/listen redef InputAscii::empty_field = "EMPTY"; @@ -58,59 +64,71 @@ type Val: record { global servers: table[int] of Val = table(); -global outfile: file; +global event_out: file; +global pred1_out: file; +global pred2_out: file; +global fin_out: file; global try: count; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { - print outfile, "============EVENT============"; -# print outfile, "Description"; -# print outfile, description; -# print outfile, "Type"; -# print outfile, tpe; -# print outfile, "Left"; -# print outfile, left; -# print outfile, "Right"; -# print outfile, right; -} +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) + { + print event_out, "============EVENT============"; +# print event_out, "Description"; +# print event_out, description; +# print event_out, "Type"; +# print event_out, tpe; +# print event_out, "Left"; +# print event_out, left; +# print event_out, "Right"; +# print event_out, right; + } event bro_init() -{ - outfile = open ("../out"); + { + event_out = open ("../event.out"); + pred1_out = open ("../pred1.out"); + pred2_out = open ("../pred2.out"); + fin_out = open ("../fin.out"); try = 0; # first read in the old stuff into the table... Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line, $pred(typ: Input::Event, left: Idx, right: Val) = { - print outfile, "============PREDICATE============"; - print outfile, typ; - print outfile, left; - print outfile, right; + print pred1_out, "============PREDICATE============"; + print pred1_out, typ; + print pred1_out, left; + print pred1_out, right; return T; } ]); Input::add_table([$source="../input2.log", $mode=Input::REREAD, $name="ssh2", $idx=Idx, $val=Val, $destination=servers, $ev=line, $pred(typ: Input::Event, left: Idx, right: Val) = { - print outfile, "============PREDICATE 2============"; - print outfile, typ; - print outfile, left; - print outfile, right; + print pred2_out, "============PREDICATE 2============"; + print pred2_out, typ; + print pred2_out, left; + print pred2_out, right; return T; } ]); -} + } -event Input::update_finished(name: string, source: string) { - print outfile, "==========SERVERS============"; - print outfile, servers; +event Input::update_finished(name: string, source: string) + { + print fin_out, "==========SERVERS============"; + #print fin_out, servers; try = try + 1; - if ( try == 3 ) { - print outfile, "done"; - print outfile, servers; - close(outfile); + if ( try == 3 ) + { + print fin_out, "done"; + print fin_out, servers; + close(event_out); + close(pred1_out); + close(pred2_out); + close(fin_out); Input::remove("input"); Input::remove("input2"); terminate(); + } } -} From 34ead91f992cbc40dcb81053343e2ef60a3aff61 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 29 Jun 2012 16:24:31 -0500 Subject: [PATCH 036/120] Fix inconsistencies in random number generation. The srand()/rand() interface was being intermixed with the srandom()/random() one. The later is now used throughout. Changed the srand() and rand() BIFs to work deterministically if Bro was given a seed file (addresses #825). They also now wrap the system's srandom() and random() instead of srand() and rand() as per the above. --- src/bro.bif | 12 ++++++------ src/input/readers/Benchmark.cc | 10 +++++----- src/util.cc | 14 +++++++++++--- src/util.h | 4 ++++ testing/btest/Baseline/bifs.rand/out | 12 ++++++------ testing/btest/Baseline/bifs.rand/out.2 | 6 ++++++ testing/btest/bifs/rand.bro | 9 +++++++-- 7 files changed, 45 insertions(+), 22 deletions(-) create mode 100644 testing/btest/Baseline/bifs.rand/out.2 diff --git a/src/bro.bif b/src/bro.bif index 1feccb8639..a2c6ecd7c8 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -972,12 +972,12 @@ function sha256_hash_finish%(index: any%): string ## ## .. note:: ## -## This function is a wrapper about the function ``rand`` provided by -## the OS. +## This function is a wrapper about the function ``random`` +## provided by the OS. function rand%(max: count%): count %{ int result; - result = bro_uint_t(double(max) * double(rand()) / (RAND_MAX + 1.0)); + result = bro_uint_t(double(max) * double(bro_random()) / (RAND_MAX + 1.0)); return new Val(result, TYPE_COUNT); %} @@ -989,11 +989,11 @@ function rand%(max: count%): count ## ## .. note:: ## -## This function is a wrapper about the function ``srand`` provided -## by the OS. +## This function is a wrapper about the function ``srandom`` +## provided by the OS. function srand%(seed: count%): any %{ - srand(seed); + bro_srandom(seed); return 0; %} diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc index 5e4ef090f7..a55a69dd60 100644 --- a/src/input/readers/Benchmark.cc +++ b/src/input/readers/Benchmark.cc @@ -59,7 +59,7 @@ string Benchmark::RandomString(const int len) "abcdefghijklmnopqrstuvwxyz"; for (int i = 0; i < len; ++i) - s[i] = values[rand() / (RAND_MAX / sizeof(values))]; + s[i] = values[random() / (RAND_MAX / sizeof(values))]; return s; } @@ -134,7 +134,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) break; case TYPE_INT: - val->val.int_val = rand(); + val->val.int_val = random(); break; case TYPE_TIME: @@ -148,11 +148,11 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) case TYPE_COUNT: case TYPE_COUNTER: - val->val.uint_val = rand(); + val->val.uint_val = random(); break; case TYPE_PORT: - val->val.port_val.port = rand() / (RAND_MAX / 60000); + val->val.port_val.port = random() / (RAND_MAX / 60000); val->val.port_val.proto = TRANSPORT_UNKNOWN; break; @@ -175,7 +175,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) // Then - common stuff { // how many entries do we have... - unsigned int length = rand() / (RAND_MAX / 15); + unsigned int length = random() / (RAND_MAX / 15); Value** lvals = new Value* [length]; diff --git a/src/util.cc b/src/util.cc index 798be400d1..85aa18ef0d 100644 --- a/src/util.cc +++ b/src/util.cc @@ -633,12 +633,20 @@ static bool write_random_seeds(const char* write_file, uint32 seed, static bool bro_rand_determistic = false; static unsigned int bro_rand_state = 0; -static void bro_srand(unsigned int seed, bool deterministic) +static void bro_srandom(unsigned int seed, bool deterministic) { bro_rand_state = seed; bro_rand_determistic = deterministic; - srand(seed); + srandom(seed); + } + +void bro_srandom(unsigned int seed) + { + if ( bro_rand_determistic ) + bro_rand_state = seed; + else + srandom(seed); } void init_random_seed(uint32 seed, const char* read_file, const char* write_file) @@ -705,7 +713,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file seeds_done = true; } - bro_srand(seed, seeds_done); + bro_srandom(seed, seeds_done); if ( ! hmac_key_set ) { diff --git a/src/util.h b/src/util.h index 6b237edfd8..9ab8a58760 100644 --- a/src/util.h +++ b/src/util.h @@ -159,6 +159,10 @@ extern bool have_random_seed(); // predictable PRNG. long int bro_random(); +// Calls the system srandom() function with the given seed if not running +// in deterministic mode, else it updates the state of the deterministic PRNG +void bro_srandom(unsigned int seed); + extern uint64 rand64bit(); // Each event source that may generate events gets an internally unique ID. diff --git a/testing/btest/Baseline/bifs.rand/out b/testing/btest/Baseline/bifs.rand/out index 367833f80a..a016eb6f15 100644 --- a/testing/btest/Baseline/bifs.rand/out +++ b/testing/btest/Baseline/bifs.rand/out @@ -1,6 +1,6 @@ -185 -236 -805 -47 -996 -498 +985 +474 +738 +4 +634 +473 diff --git a/testing/btest/Baseline/bifs.rand/out.2 b/testing/btest/Baseline/bifs.rand/out.2 new file mode 100644 index 0000000000..2cd43d985c --- /dev/null +++ b/testing/btest/Baseline/bifs.rand/out.2 @@ -0,0 +1,6 @@ +985 +474 +738 +974 +371 +638 diff --git a/testing/btest/bifs/rand.bro b/testing/btest/bifs/rand.bro index 229645944e..caf3f16031 100644 --- a/testing/btest/bifs/rand.bro +++ b/testing/btest/bifs/rand.bro @@ -1,6 +1,10 @@ # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2 # @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff out.2 + +const do_seed = T &redef; event bro_init() { @@ -12,7 +16,8 @@ event bro_init() print b; print c; - srand(575); + if ( do_seed ) + srand(575); local d = rand(1000); local e = rand(1000); From 7f83f157fcfe9c56ffb4a88065add8b303a99875 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 2 Jul 2012 10:41:02 -0700 Subject: [PATCH 037/120] add mode to readerinfo - no need to have it separately everywhere anymore. Disable remoteserialization of readerinfo - in contrast to the logging framework this is not needed here (I think). --- src/input/Manager.cc | 15 +++++++-------- src/input/ReaderBackend.cc | 11 ++++++++--- src/input/ReaderBackend.h | 26 +++++++++++--------------- src/input/ReaderFrontend.cc | 11 +++++------ src/input/ReaderFrontend.h | 2 +- src/input/readers/Ascii.cc | 12 ++++++------ src/input/readers/Ascii.h | 2 +- src/input/readers/Benchmark.cc | 8 ++++---- src/input/readers/Benchmark.h | 2 +- src/input/readers/Raw.cc | 14 +++++++------- src/input/readers/Raw.h | 2 +- 11 files changed, 52 insertions(+), 53 deletions(-) diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 1f5f17bba8..985e67302a 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -74,8 +74,6 @@ public: ReaderBackend::ReaderInfo info; bool removed; - ReaderMode mode; - StreamType stream_type; // to distinguish between event and table streams EnumVal* type; @@ -305,19 +303,21 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) EnumVal* mode = description->LookupWithDefault(rtype->FieldOffset("mode"))->AsEnumVal(); Val* config = description->LookupWithDefault(rtype->FieldOffset("config")); + + ReaderBackend::ReaderInfo readerinfo; switch ( mode->InternalInt() ) { case 0: - info->mode = MODE_MANUAL; + readerinfo.mode = MODE_MANUAL; break; case 1: - info->mode = MODE_REREAD; + readerinfo.mode = MODE_REREAD; break; case 2: - info->mode = MODE_STREAM; + readerinfo.mode = MODE_STREAM; break; default: @@ -331,7 +331,6 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) info->name = name; info->config = config->AsTableVal(); // ref'd by LookupWithDefault - ReaderBackend::ReaderInfo readerinfo; readerinfo.source = source; Ref(description); @@ -481,7 +480,7 @@ bool Manager::CreateEventStream(RecordVal* fval) assert(stream->reader); - stream->reader->Init(stream->info, stream->mode, stream->num_fields, logf ); + stream->reader->Init(stream->info, stream->num_fields, logf ); readers[stream->reader] = stream; @@ -658,7 +657,7 @@ bool Manager::CreateTableStream(RecordVal* fval) assert(stream->reader); - stream->reader->Init(stream->info, stream->mode, fieldsV.size(), fields ); + stream->reader->Init(stream->info, fieldsV.size(), fields ); readers[stream->reader] = stream; diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc index 6ed70bced0..94120100ab 100644 --- a/src/input/ReaderBackend.cc +++ b/src/input/ReaderBackend.cc @@ -142,6 +142,10 @@ public: using namespace logging; +/* + * I don't think the input framework needs remote serialization. If it doesn't, kill this. If it does add ReaderMode. + + bool ReaderBackend::ReaderInfo::Read(SerializationFormat* fmt) { int size; @@ -184,6 +188,8 @@ bool ReaderBackend::ReaderInfo::Write(SerializationFormat* fmt) const return true; } + */ + ReaderBackend::ReaderBackend(ReaderFrontend* arg_frontend) : MsgThread() { disabled = true; // disabled will be set correcty in init. @@ -226,18 +232,17 @@ void ReaderBackend::SendEntry(Value* *vals) SendOut(new SendEntryMessage(frontend, vals)); } -bool ReaderBackend::Init(const ReaderInfo& arg_info, ReaderMode arg_mode, const int arg_num_fields, +bool ReaderBackend::Init(const ReaderInfo& arg_info, const int arg_num_fields, const threading::Field* const* arg_fields) { info = arg_info; - mode = arg_mode; num_fields = arg_num_fields; fields = arg_fields; SetName("InputReader/"+info.source); // disable if DoInit returns error. - int success = DoInit(arg_info, mode, arg_num_fields, arg_fields); + int success = DoInit(arg_info, arg_num_fields, arg_fields); if ( ! success ) { diff --git a/src/input/ReaderBackend.h b/src/input/ReaderBackend.h index d7d022d5fa..fd7ac769f2 100644 --- a/src/input/ReaderBackend.h +++ b/src/input/ReaderBackend.h @@ -7,8 +7,6 @@ #include "threading/SerialTypes.h" #include "threading/MsgThread.h" -class RemoteSerializer; - namespace input { @@ -87,6 +85,12 @@ public: */ config_map config; + /** + * The opening mode for the input source. + */ + ReaderMode mode; +/* + * I don't think the input framework needs remote serialization. If it doesn't, kill this. If it does add ReaderMode. private: friend class ::RemoteSerializer; @@ -94,16 +98,14 @@ public: // fields. They serialize/deserialize the struct. bool Read(SerializationFormat* fmt); bool Write(SerializationFormat* fmt) const; + + */ }; /** * One-time initialization of the reader to define the input source. * - * @param source A string left to the interpretation of the - * reader implementation; it corresponds to the value configured on - * the script-level for the input stream. - * - * @param mode The opening mode for the input source. + * @param @param info Meta information for the writer. * * @param num_fields Number of fields contained in \a fields. * @@ -115,7 +117,7 @@ public: * * @return False if an error occured. */ - bool Init(const ReaderInfo& info, ReaderMode mode, int num_fields, const threading::Field* const* fields); + bool Init(const ReaderInfo& info, int num_fields, const threading::Field* const* fields); /** * Finishes reading from this input stream in a regular fashion. Must @@ -180,7 +182,7 @@ protected: * provides accessor methods to get them later, and they are passed * in here only for convinience. */ - virtual bool DoInit(const ReaderInfo& info, ReaderMode mode, int arg_num_fields, const threading::Field* const* fields) = 0; + virtual bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) = 0; /** * Reader-specific method implementing input finalization at @@ -209,11 +211,6 @@ protected: */ virtual bool DoUpdate() = 0; - /** - * Returns the reader mode as passed into Init(). - */ - const ReaderMode Mode() const { return mode; } - /** * Method allowing a reader to send a specified Bro event. Vals must * match the values expected by the bro event. @@ -315,7 +312,6 @@ private: ReaderFrontend* frontend; ReaderInfo info; - ReaderMode mode; unsigned int num_fields; const threading::Field* const * fields; // raw mapping diff --git a/src/input/ReaderFrontend.cc b/src/input/ReaderFrontend.cc index f92a8ec80c..2c5d522c2f 100644 --- a/src/input/ReaderFrontend.cc +++ b/src/input/ReaderFrontend.cc @@ -11,19 +11,18 @@ namespace input { class InitMessage : public threading::InputMessage { public: - InitMessage(ReaderBackend* backend, const ReaderBackend::ReaderInfo& info, ReaderMode mode, + InitMessage(ReaderBackend* backend, const ReaderBackend::ReaderInfo& info, const int num_fields, const threading::Field* const* fields) : threading::InputMessage("Init", backend), - info(info), mode(mode), num_fields(num_fields), fields(fields) { } + info(info), num_fields(num_fields), fields(fields) { } virtual bool Process() { - return Object()->Init(info, mode, num_fields, fields); + return Object()->Init(info, num_fields, fields); } private: const ReaderBackend::ReaderInfo info; - const ReaderMode mode; const int num_fields; const threading::Field* const* fields; }; @@ -63,7 +62,7 @@ ReaderFrontend::~ReaderFrontend() { } -void ReaderFrontend::Init(const ReaderBackend::ReaderInfo& arg_info, ReaderMode mode, const int arg_num_fields, +void ReaderFrontend::Init(const ReaderBackend::ReaderInfo& arg_info, const int arg_num_fields, const threading::Field* const* arg_fields) { if ( disabled ) @@ -77,7 +76,7 @@ void ReaderFrontend::Init(const ReaderBackend::ReaderInfo& arg_info, ReaderMode fields = arg_fields; initialized = true; - backend->SendIn(new InitMessage(backend, info, mode, num_fields, fields)); + backend->SendIn(new InitMessage(backend, info, num_fields, fields)); } void ReaderFrontend::Update() diff --git a/src/input/ReaderFrontend.h b/src/input/ReaderFrontend.h index fadf2cddb5..35235ee2bc 100644 --- a/src/input/ReaderFrontend.h +++ b/src/input/ReaderFrontend.h @@ -52,7 +52,7 @@ public: * * This method must only be called from the main thread. */ - void Init(const ReaderBackend::ReaderInfo& info, ReaderMode mode, const int arg_num_fields, const threading::Field* const* fields); + void Init(const ReaderBackend::ReaderInfo& info, const int arg_num_fields, const threading::Field* const* fields); /** * Force an update of the current input source. Actual action depends diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index 9e3ad28f9c..1731bba872 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -83,7 +83,7 @@ void Ascii::DoClose() } } -bool Ascii::DoInit(const ReaderInfo& info, ReaderMode mode, int num_fields, const Field* const* fields) +bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields) { mtime = 0; @@ -362,7 +362,7 @@ Value* Ascii::EntryToVal(string s, FieldMapping field) // read the entire file and send appropriate thingies back to InputMgr bool Ascii::DoUpdate() { - switch ( Mode() ) { + switch ( Info().mode ) { case MODE_REREAD: { // check if the file has changed @@ -389,7 +389,7 @@ bool Ascii::DoUpdate() // - this is not that bad) if ( file && file->is_open() ) { - if ( Mode() == MODE_STREAM ) + if ( Info().mode == MODE_STREAM ) { file->clear(); // remove end of file evil bits if ( !ReadHeader(true) ) @@ -492,13 +492,13 @@ bool Ascii::DoUpdate() //printf("fpos: %d, second.num_fields: %d\n", fpos, (*it).second.num_fields); assert ( fpos == NumFields() ); - if ( Mode() == MODE_STREAM ) + if ( Info().mode == MODE_STREAM ) Put(fields); else SendEntry(fields); } - if ( Mode () != MODE_STREAM ) + if ( Info().mode != MODE_STREAM ) EndCurrentSend(); return true; @@ -508,7 +508,7 @@ bool Ascii::DoHeartbeat(double network_time, double current_time) { ReaderBackend::DoHeartbeat(network_time, current_time); - switch ( Mode() ) { + switch ( Info().mode ) { case MODE_MANUAL: // yay, we do nothing :) break; diff --git a/src/input/readers/Ascii.h b/src/input/readers/Ascii.h index bb7e7a1ce2..e1506cbe82 100644 --- a/src/input/readers/Ascii.h +++ b/src/input/readers/Ascii.h @@ -38,7 +38,7 @@ public: static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Ascii(frontend); } protected: - virtual bool DoInit(const ReaderInfo& info, ReaderMode mode, int arg_num_fields, const threading::Field* const* fields); + virtual bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields); virtual void DoClose(); virtual bool DoUpdate(); virtual bool DoHeartbeat(double network_time, double current_time); diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc index 1b4d39ddf1..d8dcb543f4 100644 --- a/src/input/readers/Benchmark.cc +++ b/src/input/readers/Benchmark.cc @@ -36,7 +36,7 @@ void Benchmark::DoClose() { } -bool Benchmark::DoInit(const ReaderInfo& info, ReaderMode mode, int num_fields, const Field* const* fields) +bool Benchmark::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields) { num_lines = atoi(info.source.c_str()); @@ -83,7 +83,7 @@ bool Benchmark::DoUpdate() for (int j = 0; j < NumFields(); j++ ) field[j] = EntryToVal(Fields()[j]->type, Fields()[j]->subtype); - if ( Mode() == MODE_STREAM ) + if ( Info().mode == MODE_STREAM ) // do not do tracking, spread out elements over the second that we have... Put(field); else @@ -109,7 +109,7 @@ bool Benchmark::DoUpdate() } - if ( Mode() != MODE_STREAM ) + if ( Info().mode != MODE_STREAM ) EndCurrentSend(); return true; @@ -227,7 +227,7 @@ bool Benchmark::DoHeartbeat(double network_time, double current_time) num_lines += add; heartbeatstarttime = CurrTime(); - switch ( Mode() ) { + switch ( Info().mode ) { case MODE_MANUAL: // yay, we do nothing :) break; diff --git a/src/input/readers/Benchmark.h b/src/input/readers/Benchmark.h index 0f940873e4..bab564b12a 100644 --- a/src/input/readers/Benchmark.h +++ b/src/input/readers/Benchmark.h @@ -18,7 +18,7 @@ public: static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Benchmark(frontend); } protected: - virtual bool DoInit(const ReaderInfo& info, ReaderMode mode, int arg_num_fields, const threading::Field* const* fields); + virtual bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields); virtual void DoClose(); virtual bool DoUpdate(); virtual bool DoHeartbeat(double network_time, double current_time); diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index 2fb7e92c40..d4a761a931 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -66,7 +66,7 @@ bool Raw::OpenInput() // This is defined in input/fdstream.h in = new boost::fdistream(fileno(file)); - if ( execute && Mode() == MODE_STREAM ) + if ( execute && Info().mode == MODE_STREAM ) fcntl(fileno(file), F_SETFL, O_NONBLOCK); return true; @@ -100,7 +100,7 @@ bool Raw::CloseInput() return true; } -bool Raw::DoInit(const ReaderInfo& info, ReaderMode mode, int num_fields, const Field* const* fields) +bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields) { fname = info.source; mtime = 0; @@ -135,10 +135,10 @@ bool Raw::DoInit(const ReaderInfo& info, ReaderMode mode, int num_fields, const execute = true; fname = info.source.substr(0, fname.length() - 1); - if ( (mode != MODE_MANUAL) ) + if ( (info.mode != MODE_MANUAL) ) { Error(Fmt("Unsupported read mode %d for source %s in execution mode", - mode, fname.c_str())); + info.mode, fname.c_str())); return false; } @@ -187,7 +187,7 @@ bool Raw::DoUpdate() else { - switch ( Mode() ) { + switch ( Info().mode ) { case MODE_REREAD: { // check if the file has changed @@ -210,7 +210,7 @@ bool Raw::DoUpdate() case MODE_MANUAL: case MODE_STREAM: - if ( Mode() == MODE_STREAM && file != NULL && in != NULL ) + if ( Info().mode == MODE_STREAM && file != NULL && in != NULL ) { //fpurge(file); in->clear(); // remove end of file evil bits @@ -254,7 +254,7 @@ bool Raw::DoHeartbeat(double network_time, double current_time) { ReaderBackend::DoHeartbeat(network_time, current_time); - switch ( Mode() ) { + switch ( Info().mode ) { case MODE_MANUAL: // yay, we do nothing :) break; diff --git a/src/input/readers/Raw.h b/src/input/readers/Raw.h index 7d1351e728..48912b70a7 100644 --- a/src/input/readers/Raw.h +++ b/src/input/readers/Raw.h @@ -22,7 +22,7 @@ public: static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Raw(frontend); } protected: - virtual bool DoInit(const ReaderInfo& info, ReaderMode mode, int arg_num_fields, const threading::Field* const* fields); + virtual bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields); virtual void DoClose(); virtual bool DoUpdate(); virtual bool DoHeartbeat(double network_time, double current_time); From f65e3f5b9f55c3009ec81b2b9636074887f551d0 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 2 Jul 2012 11:07:50 -0700 Subject: [PATCH 038/120] fix small bug - now configuration actually is passed. --- src/input/Manager.cc | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 985e67302a..7b356fc05e 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -304,20 +304,18 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) EnumVal* mode = description->LookupWithDefault(rtype->FieldOffset("mode"))->AsEnumVal(); Val* config = description->LookupWithDefault(rtype->FieldOffset("config")); - ReaderBackend::ReaderInfo readerinfo; - switch ( mode->InternalInt() ) { case 0: - readerinfo.mode = MODE_MANUAL; + info->info.mode = MODE_MANUAL; break; case 1: - readerinfo.mode = MODE_REREAD; + info->info.mode = MODE_REREAD; break; case 2: - readerinfo.mode = MODE_STREAM; + info->info.mode = MODE_STREAM; break; default: @@ -331,7 +329,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) info->name = name; info->config = config->AsTableVal(); // ref'd by LookupWithDefault - readerinfo.source = source; + info->info.source = source; Ref(description); info->description = description; @@ -353,9 +351,6 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) } - info->info = readerinfo; - - DBG_LOG(DBG_INPUT, "Successfully created new input stream %s", name.c_str()); From ef3da87b3f798b0beceb7212868d4ea28698a462 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 2 Jul 2012 16:02:21 -0700 Subject: [PATCH 039/120] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 880f3e48d3..27c6e97619 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 880f3e48d33bb28d17184656f858a4a0e2e1574c +Subproject commit 27c6e97619ddfd4edc987de7c081f92dbfc58148 From ff73f3a0408f9549cd4acb61e8d2a6f641d66937 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 2 Jul 2012 16:11:42 -0700 Subject: [PATCH 040/120] Fixing merge relicts. --- src/input/ReaderFrontend.h | 2 +- src/logging/WriterFrontend.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/input/ReaderFrontend.h b/src/input/ReaderFrontend.h index 4467c3f608..93e416e65b 100644 --- a/src/input/ReaderFrontend.h +++ b/src/input/ReaderFrontend.h @@ -128,7 +128,7 @@ protected: /** * Sets the name of the backend's type. */ - void SetTypeName(const string& name) const { ty_name = name; } + void SetTypeName(const string& name) { ty_name = name; } private: ReaderBackend* backend; // The backend we have instanatiated. diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 9d57892ca3..4f98356a44 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -21,7 +21,7 @@ public: info(info), num_fields(num_fields), fields(fields), frontend_name(frontend_name) { } - virtual bool Process() { return Object()->Init(info, num_fields, fields); } + virtual bool Process() { return Object()->Init(info, num_fields, fields, frontend_name); } private: WriterBackend::WriterInfo info; From e64822f2f9aea83d27bf78233582544f5b7504c7 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 2 Jul 2012 16:12:09 -0700 Subject: [PATCH 041/120] Updating NEWS. --- NEWS | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 4377049813..d9410e1c7c 100644 --- a/NEWS +++ b/NEWS @@ -3,8 +3,9 @@ Release Notes ============= This document summarizes the most important changes in the current Bro -release. For a complete list of changes, see the ``CHANGES`` file. - +release. For a complete list of changes, see the ``CHANGES`` file +(note that submodules, such as BroControl and Broccoli, come with +their own CHANGES.) Bro 2.1 Beta ------------ @@ -62,6 +63,21 @@ New Functionality DataSeries is developed and maintained at HP Labs. See doc/logging-dataseries for more information. +- BroControl now has built-in support for host-based load-balancing + when using either PF_RING, Myricom cards, or individual interfaces. + Instead of adding a separate worker entry in node.cfg for each Bro + worker process on each worker host, it is now possible to just + specify the number of worker processes on each host and BroControl + configures everything correctly (including any neccessary enviroment + variables for the balancers). + + This change adds three new keywords to the node.cfg file (to be used + with worker entries): lb_procs (specifies number of workers on a + host), lb_method (specifies what type of load balancing to use: + pf_ring, myricom, or interfaces), and lb_interfaces (used only with + "lb_method=interfaces" to specify which interfaces to load-balance + on). + Changed Functionality ~~~~~~~~~~~~~~~~~~~~~ From 5ede1418fc9c0623bef73a34ce111843225eaadb Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 2 Jul 2012 16:12:21 -0700 Subject: [PATCH 042/120] Updating baselines. --- .../coverage.bare-load-baseline/canonified_loaded_scripts.log | 1 + .../coverage.default-load-baseline/canonified_loaded_scripts.log | 1 + 2 files changed, 2 insertions(+) diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index a7b369e337..0f12ce4ead 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -20,6 +20,7 @@ scripts/base/init-bare.bro scripts/base/frameworks/logging/./postprocessors/./sftp.bro scripts/base/frameworks/logging/./writers/ascii.bro scripts/base/frameworks/logging/./writers/dataseries.bro + scripts/base/frameworks/logging/./writers/none.bro scripts/base/frameworks/input/__load__.bro scripts/base/frameworks/input/./main.bro build/src/base/input.bif.bro diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 9414e9bd41..f1f9791fc3 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -20,6 +20,7 @@ scripts/base/init-bare.bro scripts/base/frameworks/logging/./postprocessors/./sftp.bro scripts/base/frameworks/logging/./writers/ascii.bro scripts/base/frameworks/logging/./writers/dataseries.bro + scripts/base/frameworks/logging/./writers/none.bro scripts/base/frameworks/input/__load__.bro scripts/base/frameworks/input/./main.bro build/src/base/input.bif.bro From b3155b7b4bdc163e112709cb3937165e6b62d3d6 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 2 Jul 2012 16:14:24 -0700 Subject: [PATCH 043/120] Moving make target update-doc-sources from top-level Makefile to btest Makefile. --- Makefile | 3 --- doc/scripts/DocSourcesList.cmake | 1 + testing/btest/Makefile | 3 +++ testing/btest/coverage/doc.test | 6 ++---- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 8633c736a4..455fa6ed88 100644 --- a/Makefile +++ b/Makefile @@ -41,9 +41,6 @@ broxygen: configured broxygenclean: configured $(MAKE) -C $(BUILD) $@ -update-doc-sources: - ./doc/scripts/genDocSourcesList.sh ./doc/scripts/DocSourcesList.cmake - dist: @rm -rf $(VERSION_FULL) $(VERSION_FULL).tgz @rm -rf $(VERSION_MIN) $(VERSION_MIN).tgz diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake index 650982f9bb..c5eb3d724b 100644 --- a/doc/scripts/DocSourcesList.cmake +++ b/doc/scripts/DocSourcesList.cmake @@ -42,6 +42,7 @@ rest_target(${psd} base/frameworks/logging/postprocessors/scp.bro) rest_target(${psd} base/frameworks/logging/postprocessors/sftp.bro) rest_target(${psd} base/frameworks/logging/writers/ascii.bro) rest_target(${psd} base/frameworks/logging/writers/dataseries.bro) +rest_target(${psd} base/frameworks/logging/writers/none.bro) rest_target(${psd} base/frameworks/metrics/cluster.bro) rest_target(${psd} base/frameworks/metrics/main.bro) rest_target(${psd} base/frameworks/metrics/non-cluster.bro) diff --git a/testing/btest/Makefile b/testing/btest/Makefile index 257146daa0..93ccc8d5ec 100644 --- a/testing/btest/Makefile +++ b/testing/btest/Makefile @@ -21,4 +21,7 @@ cleanup: @rm -f $(DIAG) @rm -f .tmp/script-coverage* +update-doc-sources: + ../../doc/scripts/genDocSourcesList.sh ../../doc/scripts/DocSourcesList.cmake + .PHONY: all btest-verbose brief btest-brief coverage cleanup diff --git a/testing/btest/coverage/doc.test b/testing/btest/coverage/doc.test index d99122575d..074e397d88 100644 --- a/testing/btest/coverage/doc.test +++ b/testing/btest/coverage/doc.test @@ -1,10 +1,8 @@ # This tests that we're generating bro script documentation for all the # available bro scripts. If this fails, then the genDocSources.sh needs # to be run to produce a new DocSourcesList.cmake or genDocSources.sh needs -# to be updated to blacklist undesired scripts. To update, run the -# top-level Makefile: -# -# make update-doc-sources +# to be updated to blacklist undesired scripts. To update, run +# "make update-doc-sources" # # @TEST-EXEC: $DIST/doc/scripts/genDocSourcesList.sh # @TEST-EXEC: cmp $DIST/doc/scripts/DocSourcesList.cmake ./DocSourcesList.cmake From 3fcece44cb79660e602289e6df7b6e6d8f751644 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 2 Jul 2012 16:36:09 -0700 Subject: [PATCH 044/120] Tiny bugfix for returning writer name. --- src/logging/WriterFrontend.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 4f98356a44..21bde0d43c 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -137,7 +137,7 @@ WriterFrontend::~WriterFrontend() string WriterFrontend::Name() const { - if ( info.path.size() ) + if ( ! info.path.size() ) return ty_name; return ty_name + "/" + info.path; From d26a96bd470e8c58c5377ffecb9771519d83b594 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 2 Jul 2012 16:57:16 -0700 Subject: [PATCH 045/120] Bugfix. Using a custom rotate function was broken. --- src/logging/Manager.cc | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 23b6f070a1..8cefd1b2ec 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -993,12 +993,9 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer // return it. return w->second->writer; - WriterFrontend* writer_obj = new WriterFrontend(id, writer, local, remote); - assert(writer_obj); - WriterInfo* winfo = new WriterInfo; winfo->type = writer->Ref()->AsEnumVal(); - winfo->writer = writer_obj; + winfo->writer = 0; winfo->open_time = network_time; winfo->rotation_timer = 0; winfo->interval = 0; @@ -1015,7 +1012,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer { Filter* f = *it; if ( f->writer->AsEnum() == writer->AsEnum() && - f->path == winfo->writer->info.path ) + f->path == info.path ) { found_filter_match = true; winfo->interval = f->interval; @@ -1031,8 +1028,6 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer winfo->interval = id->ID_Val()->AsInterval(); } - InstallRotationTimer(winfo); - stream->writers.insert( Stream::WriterMap::value_type(Stream::WriterPathPair(writer->AsEnum(), info.path), winfo)); @@ -1045,9 +1040,12 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer winfo->info.rotation_interval = winfo->interval; winfo->info.rotation_base = parse_rotate_base_time(base_time); - writer_obj->Init(winfo->info, num_fields, fields); + winfo->writer = new WriterFrontend(id, writer, local, remote); + winfo->writer->Init(winfo->info, num_fields, fields); - return writer_obj; + InstallRotationTimer(winfo); + + return winfo->writer; } void Manager::DeleteVals(int num_fields, threading::Value** vals) From 8dc1e418761ce95964cfb66d6dc6128ce6ce2d90 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 3 Jul 2012 18:20:52 -0500 Subject: [PATCH 046/120] Fix minor typos in dataseries documentation --- doc/logging-dataseries.rst | 18 +++++++++--------- doc/logging.rst | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst index 554600f055..139a13f813 100644 --- a/doc/logging-dataseries.rst +++ b/doc/logging-dataseries.rst @@ -21,7 +21,7 @@ To use DataSeries, its libraries must be available at compile-time, along with the supporting *Lintel* package. Generally, both are distributed on `HP Labs' web site `_. Currently, however, you need -to use recent developments versions for both packages, which you can +to use recent development versions for both packages, which you can download from github like this:: git clone http://github.com/dataseries/Lintel @@ -76,7 +76,7 @@ tools, which its installation process installs into ``/bin``. For example, to convert a file back into an ASCII representation:: $ ds2txt conn.log - [... We skip a bunch of meta data here ...] + [... We skip a bunch of metadata here ...] ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes 1300475167.096535 CRCC5OdDlXe 141.142.220.202 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 73 0 0 1300475167.097012 o7XBsfvo3U1 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0.000000 0 0 S0 F 0 D 1 199 0 0 @@ -86,13 +86,13 @@ For example, to convert a file back into an ASCII representation:: 1300475168.854837 k6T92WxgNAh 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F 0 Dd 1 66 1 211 [...] -(``--skip-all`` suppresses the meta data.) +(``--skip-all`` suppresses the metadata.) Note that the ASCII conversion is *not* equivalent to Bro's default output format. You can also switch only individual files over to DataSeries by adding -code like this to your ``local.bro``:: +code like this to your ``local.bro``: .. code:: bro @@ -109,7 +109,7 @@ Bro's DataSeries writer comes with a few tuning options, see Working with DataSeries ======================= -Here are few examples of using DataSeries command line tools to work +Here are a few examples of using DataSeries command line tools to work with the output files. * Printing CSV:: @@ -147,7 +147,7 @@ with the output files. * Calculate some statistics: - Mean/stdev/min/max over a column:: + Mean/stddev/min/max over a column:: $ dsstatgroupby '*' basic duration from conn.ds # Begin DSStatGroupByModule @@ -158,7 +158,7 @@ with the output files. Quantiles of total connection volume:: - > dsstatgroupby '*' quantile 'orig_bytes + resp_bytes' from conn.ds + $ dsstatgroupby '*' quantile 'orig_bytes + resp_bytes' from conn.ds [...] 2159 data points, mean 24616 +- 343295 [0,1.26615e+07] quantiles about every 216 data points: @@ -166,7 +166,7 @@ with the output files. tails: 90%: 1469, 95%: 7302, 99%: 242629, 99.5%: 1226262 [...] -The ``man`` pages for these tool show further options, and their +The ``man`` pages for these tools show further options, and their ``-h`` option gives some more information (either can be a bit cryptic unfortunately though). @@ -175,7 +175,7 @@ Deficiencies Due to limitations of the DataSeries format, one cannot inspect its files before they have been fully written. In other words, when using -DataSeries, it's currently it's not possible to inspect the live log +DataSeries, it's currently not possible to inspect the live log files inside the spool directory before they are rotated to their final location. It seems that this could be fixed with some effort, and we will work with DataSeries development team on that if the diff --git a/doc/logging.rst b/doc/logging.rst index 384996c28a..cc6cb1e54d 100644 --- a/doc/logging.rst +++ b/doc/logging.rst @@ -377,7 +377,7 @@ uncommon to need to delete that data before the end of the connection. Other Writers ------------- -Bro support the following output formats other than ASCII: +Bro supports the following output formats other than ASCII: .. toctree:: :maxdepth: 1 From cee78f8f5d7cc2f21e28deb93cc2d7c49d3db58d Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 5 Jul 2012 12:59:19 -0500 Subject: [PATCH 047/120] Fix minor typos in input framework doc Also simplified the opening paragraph, and reformatted input text to fit on 80-column display for better readability. --- doc/input.rst | 308 +++++++++++++++++++++++++++----------------------- 1 file changed, 167 insertions(+), 141 deletions(-) diff --git a/doc/input.rst b/doc/input.rst index 7d62d485b9..6a089c0635 100644 --- a/doc/input.rst +++ b/doc/input.rst @@ -4,19 +4,13 @@ Loading Data into Bro with the Input Framework .. rst-class:: opening - Bro now features a flexible input frameworks that allows users + Bro now features a flexible input framework that allows users to import data into Bro. Data is either read into Bro tables or converted to events which can then be handled by scripts. - -The input framework is merged into the git master and we -will give a short summary on how to use it. -The input framework is automatically compiled and installed -together with Bro. The interface to it is exposed via the -scripting layer. - -This document gives the most common examples. For more complex -scenarios it is worthwhile to take a look at the unit tests in -``testing/btest/scripts/base/frameworks/input/``. + This document gives an overview of how to use the input framework + with some examples. For more complex scenarios it is + worthwhile to take a look at the unit tests in + ``testing/btest/scripts/base/frameworks/input/``. .. contents:: @@ -66,11 +60,12 @@ The two records are defined as: reason: string; }; -ote that the names of the fields in the record definitions have to correspond to -the column names listed in the '#fields' line of the log file, in this case 'ip', -'timestamp', and 'reason'. +Note that the names of the fields in the record definitions have to correspond +to the column names listed in the '#fields' line of the log file, in this +case 'ip', 'timestamp', and 'reason'. -The log file is read into the table with a simple call of the add_table function: +The log file is read into the table with a simple call of the ``add_table`` +function: .. code:: bro @@ -80,7 +75,7 @@ The log file is read into the table with a simple call of the add_table function Input::remove("blacklist"); With these three lines we first create an empty table that should contain the -blacklist data and then instruct the Input framework to open an input stream +blacklist data and then instruct the input framework to open an input stream named ``blacklist`` to read the data into the table. The third line removes the input stream again, because we do not need it any more after the data has been read. @@ -91,20 +86,20 @@ This thread opens the input data file, converts the data into a Bro format and sends it back to the main Bro thread. Because of this, the data is not immediately accessible. Depending on the -size of the data source it might take from a few milliseconds up to a few seconds -until all data is present in the table. Please note that this means that when Bro -is running without an input source or on very short captured files, it might terminate -before the data is present in the system (because Bro already handled all packets -before the import thread finished). +size of the data source it might take from a few milliseconds up to a few +seconds until all data is present in the table. Please note that this means +that when Bro is running without an input source or on very short captured +files, it might terminate before the data is present in the system (because +Bro already handled all packets before the import thread finished). -Subsequent calls to an input source are queued until the previous action has been -completed. Because of this, it is, for example, possible to call ``add_table`` and -``remove`` in two subsequent lines: the ``remove`` action will remain queued until -the first read has been completed. +Subsequent calls to an input source are queued until the previous action has +been completed. Because of this, it is, for example, possible to call +``add_table`` and ``remove`` in two subsequent lines: the ``remove`` action +will remain queued until the first read has been completed. -Once the input framework finishes reading from a data source, it fires the ``update_finished`` -event. Once this event has been received all data from the input file is available -in the table. +Once the input framework finishes reading from a data source, it fires +the ``update_finished`` event. Once this event has been received all data +from the input file is available in the table. .. code:: bro @@ -113,10 +108,10 @@ in the table. print blacklist; } -The table can also already be used while the data is still being read - it just might -not contain all lines in the input file when the event has not yet fired. After it has -been populated it can be used like any other Bro table and blacklist entries easily be -tested: +The table can also already be used while the data is still being read - it +just might not contain all lines in the input file when the event has not +yet fired. After it has been populated it can be used like any other Bro +table and blacklist entries can easily be tested: .. code:: bro @@ -128,13 +123,14 @@ Re-reading and streaming data ----------------------------- For many data sources, like for many blacklists, the source data is continually -changing. For this cases, the Bro input framework supports several ways to +changing. For these cases, the Bro input framework supports several ways to deal with changing data files. -The first, very basic method is an explicit refresh of an input stream. When an input -stream is open, the function ``force_update`` can be called. This will trigger -a complete refresh of the table; any changed elements from the file will be updated. -After the update is finished the ``update_finished`` event will be raised. +The first, very basic method is an explicit refresh of an input stream. When +an input stream is open, the function ``force_update`` can be called. This +will trigger a complete refresh of the table; any changed elements from the +file will be updated. After the update is finished the ``update_finished`` +event will be raised. In our example the call would look like: @@ -142,25 +138,26 @@ In our example the call would look like: Input::force_update("blacklist"); -The input framework also supports two automatic refresh mode. The first mode +The input framework also supports two automatic refresh modes. The first mode continually checks if a file has been changed. If the file has been changed, it -is re-read and the data in the Bro table is updated to reflect the current state. -Each time a change has been detected and all the new data has been read into the -table, the ``update_finished`` event is raised. +is re-read and the data in the Bro table is updated to reflect the current +state. Each time a change has been detected and all the new data has been +read into the table, the ``update_finished`` event is raised. -The second mode is a streaming mode. This mode assumes that the source data file -is an append-only file to which new data is continually appended. Bro continually -checks for new data at the end of the file and will add the new data to the table. -If newer lines in the file have the same index as previous lines, they will overwrite -the values in the output table. -Because of the nature of streaming reads (data is continually added to the table), +The second mode is a streaming mode. This mode assumes that the source data +file is an append-only file to which new data is continually appended. Bro +continually checks for new data at the end of the file and will add the new +data to the table. If newer lines in the file have the same index as previous +lines, they will overwrite the values in the output table. Because of the +nature of streaming reads (data is continually added to the table), the ``update_finished`` event is never raised when using streaming reads. -The reading mode can be selected by setting the ``mode`` option of the add_table call. -Valid values are ``MANUAL`` (the default), ``REREAD`` and ``STREAM``. +The reading mode can be selected by setting the ``mode`` option of the +add_table call. Valid values are ``MANUAL`` (the default), ``REREAD`` +and ``STREAM``. -Hence, when using adding ``$mode=Input::REREAD`` to the previous example, the blacklists -table will always reflect the state of the blacklist input file. +Hence, when adding ``$mode=Input::REREAD`` to the previous example, the +blacklist table will always reflect the state of the blacklist input file. .. code:: bro @@ -169,11 +166,11 @@ table will always reflect the state of the blacklist input file. Receiving change events ----------------------- -When re-reading files, it might be interesting to know exactly which lines in the source -files have changed. +When re-reading files, it might be interesting to know exactly which lines in +the source files have changed. -For this reason, the input framework can raise an event each time when a data item is added to, -removed from or changed in a table. +For this reason, the input framework can raise an event each time when a data +item is added to, removed from or changed in a table. The event definition looks like this: @@ -189,34 +186,42 @@ The event has to be specified in ``$ev`` in the ``add_table`` call: Input::add_table([$source="blacklist.file", $name="blacklist", $idx=Idx, $val=Val, $destination=blacklist, $mode=Input::REREAD, $ev=entry]); -The ``description`` field of the event contains the arguments that were originally supplied to the add_table call. -Hence, the name of the stream can, for example, be accessed with ``description$name``. ``tpe`` is an enum containing -the type of the change that occurred. +The ``description`` field of the event contains the arguments that were +originally supplied to the add_table call. Hence, the name of the stream can, +for example, be accessed with ``description$name``. ``tpe`` is an enum +containing the type of the change that occurred. -It will contain ``Input::EVENT_NEW``, when a line that was not previously been -present in the table has been added. In this case ``left`` contains the Index of the added table entry and ``right`` contains -the values of the added entry. +If a line that was not previously present in the table has been added, +then ``tpe`` will contain ``Input::EVENT_NEW``. In this case ``left`` contains +the index of the added table entry and ``right`` contains the values of the +added entry. -If a table entry that already was present is altered during the re-reading or streaming read of a file, ``tpe`` will contain -``Input::EVENT_CHANGED``. In this case ``left`` contains the Index of the changed table entry and ``right`` contains the -values of the entry before the change. The reason for this is, that the table already has been updated when the event is -raised. The current value in the table can be ascertained by looking up the current table value. Hence it is possible to compare -the new and the old value of the table. +If a table entry that already was present is altered during the re-reading or +streaming read of a file, ``tpe`` will contain ``Input::EVENT_CHANGED``. In +this case ``left`` contains the index of the changed table entry and ``right`` +contains the values of the entry before the change. The reason for this is +that the table already has been updated when the event is raised. The current +value in the table can be ascertained by looking up the current table value. +Hence it is possible to compare the new and the old values of the table. -``tpe`` contains ``Input::REMOVED``, when a table element is removed because it was no longer present during a re-read. -In this case ``left`` contains the index and ``right`` the values of the removed element. +If a table element is removed because it was no longer present during a +re-read, then ``tpe`` will contain ``Input::REMOVED``. In this case ``left`` +contains the index and ``right`` the values of the removed element. Filtering data during import ---------------------------- -The input framework also allows a user to filter the data during the import. To this end, predicate functions are used. A predicate -function is called before a new element is added/changed/removed from a table. The predicate can either accept or veto -the change by returning true for an accepted change and false for an rejected change. Furthermore, it can alter the data +The input framework also allows a user to filter the data during the import. +To this end, predicate functions are used. A predicate function is called +before a new element is added/changed/removed from a table. The predicate +can either accept or veto the change by returning true for an accepted +change and false for a rejected change. Furthermore, it can alter the data before it is written to the table. -The following example filter will reject to add entries to the table when they were generated over a month ago. It -will accept all changes and all removals of values that are already present in the table. +The following example filter will reject to add entries to the table when +they were generated over a month ago. It will accept all changes and all +removals of values that are already present in the table. .. code:: bro @@ -228,34 +233,43 @@ will accept all changes and all removals of values that are already present in t return ( ( current_time() - right$timestamp ) < (30 day) ); }]); -To change elements while they are being imported, the predicate function can manipulate ``left`` and ``right``. Note -that predicate functions are called before the change is committed to the table. Hence, when a table element is changed ( ``tpe`` -is ``INPUT::EVENT_CHANGED`` ), ``left`` and ``right`` contain the new values, but the destination (``blacklist`` in our example) -still contains the old values. This allows predicate functions to examine the changes between the old and the new version before -deciding if they should be allowed. +To change elements while they are being imported, the predicate function can +manipulate ``left`` and ``right``. Note that predicate functions are called +before the change is committed to the table. Hence, when a table element is +changed (``tpe`` is ``INPUT::EVENT_CHANGED``), ``left`` and ``right`` +contain the new values, but the destination (``blacklist`` in our example) +still contains the old values. This allows predicate functions to examine +the changes between the old and the new version before deciding if they +should be allowed. Different readers ----------------- -The input framework supports different kinds of readers for different kinds of source data files. At the moment, the default -reader reads ASCII files formatted in the Bro log-file-format (tab-separated values). At the moment, Bro comes with two -other readers. The ``RAW`` reader reads a file that is split by a specified record separator (usually newline). The contents -are returned line-by-line as strings; it can, for example, be used to read configuration files and the like and is probably +The input framework supports different kinds of readers for different kinds +of source data files. At the moment, the default reader reads ASCII files +formatted in the Bro log file format (tab-separated values). At the moment, +Bro comes with two other readers. The ``RAW`` reader reads a file that is +split by a specified record separator (usually newline). The contents are +returned line-by-line as strings; it can, for example, be used to read +configuration files and the like and is probably only useful in the event mode and not for reading data to tables. -Another included reader is the ``BENCHMARK`` reader, which is being used to optimize the speed of the input framework. It -can generate arbitrary amounts of semi-random data in all Bro data types supported by the input framework. +Another included reader is the ``BENCHMARK`` reader, which is being used +to optimize the speed of the input framework. It can generate arbitrary +amounts of semi-random data in all Bro data types supported by the input +framework. -In the future, the input framework will get support for new data sources like, for example, different databases. +In the future, the input framework will get support for new data sources +like, for example, different databases. Add_table options ----------------- -This section lists all possible options that can be used for the add_table function and gives -a short explanation of their use. Most of the options already have been discussed in the -previous sections. +This section lists all possible options that can be used for the add_table +function and gives a short explanation of their use. Most of the options +already have been discussed in the previous sections. -The possible fields that can be set for an table stream are: +The possible fields that can be set for a table stream are: ``source`` A mandatory string identifying the source of the data. @@ -266,51 +280,57 @@ The possible fields that can be set for an table stream are: to manipulate it further. ``idx`` - Record type that defines the index of the table + Record type that defines the index of the table. ``val`` - Record type that defines the values of the table + Record type that defines the values of the table. - ``reader`` + ``reader`` The reader used for this stream. Default is ``READER_ASCII``. ``mode`` - The mode in which the stream is opened. Possible values are ``MANUAL``, ``REREAD`` and ``STREAM``. - Default is ``MANUAL``. - ``MANUAL`` means, that the files is not updated after it has been read. Changes to the file will not - be reflected in the data Bro knows. - ``REREAD`` means that the whole file is read again each time a change is found. This should be used for - files that are mapped to a table where individual lines can change. - ``STREAM`` means that the data from the file is streamed. Events / table entries will be generated as new - data is added to the file. + The mode in which the stream is opened. Possible values are + ``MANUAL``, ``REREAD`` and ``STREAM``. Default is ``MANUAL``. + ``MANUAL`` means that the file is not updated after it has + been read. Changes to the file will not be reflected in the + data Bro knows. ``REREAD`` means that the whole file is read + again each time a change is found. This should be used for + files that are mapped to a table where individual lines can + change. ``STREAM`` means that the data from the file is + streamed. Events / table entries will be generated as new + data is appended to the file. ``destination`` - The destination table + The destination table. ``ev`` - Optional event that is raised, when values are added to, changed in or deleted from the table. - Events are passed an Input::Event description as the first argument, the index record as the second argument - and the values as the third argument. + Optional event that is raised, when values are added to, + changed in, or deleted from the table. Events are passed an + Input::Event description as the first argument, the index + record as the second argument and the values as the third + argument. ``pred`` - Optional predicate, that can prevent entries from being added to the table and events from being sent. + Optional predicate, that can prevent entries from being added + to the table and events from being sent. ``want_record`` - Boolean value, that defines if the event wants to receive the fields inside of - a single record value, or individually (default). - This can be used, if ``val`` is a record containing only one type. In this case, - if ``want_record`` is set to false, the table will contain elements of the type + Boolean value, that defines if the event wants to receive the + fields inside of a single record value, or individually + (default). This can be used if ``val`` is a record + containing only one type. In this case, if ``want_record`` is + set to false, the table will contain elements of the type contained in ``val``. -Reading data to events +Reading Data to Events ====================== -The second supported mode of the input framework is reading data to Bro events instead -of reading them to a table using event streams. +The second supported mode of the input framework is reading data to Bro +events instead of reading them to a table using event streams. -Event streams work very similarly to table streams that were already discussed in much -detail. To read the blacklist of the previous example into an event stream, the following -Bro code could be used: +Event streams work very similarly to table streams that were already +discussed in much detail. To read the blacklist of the previous example +into an event stream, the following Bro code could be used: .. code:: bro @@ -329,14 +349,15 @@ Bro code could be used: } -The main difference in the declaration of the event stream is, that an event stream needs no -separate index and value declarations -- instead, all source data types are provided in a single -record definition. +The main difference in the declaration of the event stream is, that an event +stream needs no separate index and value declarations -- instead, all source +data types are provided in a single record definition. -Apart from this, event streams work exactly the same as table streams and support most of the options -that are also supported for table streams. +Apart from this, event streams work exactly the same as table streams and +support most of the options that are also supported for table streams. -The options that can be set for when creating an event stream with ``add_event`` are: +The options that can be set when creating an event stream with +``add_event`` are: ``source`` A mandatory string identifying the source of the data. @@ -347,35 +368,40 @@ The options that can be set for when creating an event stream with ``add_event`` to remove it. ``fields`` - Name of a record type containing the fields, which should be retrieved from - the input stream. + Name of a record type containing the fields, which should be + retrieved from the input stream. ``ev`` - The event which is fired, after a line has been read from the input source. - The first argument that is passed to the event is an Input::Event structure, - followed by the data, either inside of a record (if ``want_record is set``) or as - individual fields. - The Input::Event structure can contain information, if the received line is ``NEW``, has - been ``CHANGED`` or ``DELETED``. Singe the ASCII reader cannot track this information - for event filters, the value is always ``NEW`` at the moment. + The event which is fired, after a line has been read from the + input source. The first argument that is passed to the event + is an Input::Event structure, followed by the data, either + inside of a record (if ``want_record is set``) or as + individual fields. The Input::Event structure can contain + information, if the received line is ``NEW``, has been + ``CHANGED`` or ``DELETED``. Since the ASCII reader cannot + track this information for event filters, the value is + always ``NEW`` at the moment. ``mode`` - The mode in which the stream is opened. Possible values are ``MANUAL``, ``REREAD`` and ``STREAM``. - Default is ``MANUAL``. - ``MANUAL`` means, that the files is not updated after it has been read. Changes to the file will not - be reflected in the data Bro knows. - ``REREAD`` means that the whole file is read again each time a change is found. This should be used for - files that are mapped to a table where individual lines can change. - ``STREAM`` means that the data from the file is streamed. Events / table entries will be generated as new - data is added to the file. + The mode in which the stream is opened. Possible values are + ``MANUAL``, ``REREAD`` and ``STREAM``. Default is ``MANUAL``. + ``MANUAL`` means that the file is not updated after it has + been read. Changes to the file will not be reflected in the + data Bro knows. ``REREAD`` means that the whole file is read + again each time a change is found. This should be used for + files that are mapped to a table where individual lines can + change. ``STREAM`` means that the data from the file is + streamed. Events / table entries will be generated as new + data is appended to the file. ``reader`` The reader used for this stream. Default is ``READER_ASCII``. ``want_record`` - Boolean value, that defines if the event wants to receive the fields inside of - a single record value, or individually (default). If this is set to true, the - event will receive a single record of the type provided in ``fields``. + Boolean value, that defines if the event wants to receive the + fields inside of a single record value, or individually + (default). If this is set to true, the event will receive a + single record of the type provided in ``fields``. From 11bc88e41a3138808f9c0d11341c561a88e7503b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 5 Jul 2012 12:33:57 -0700 Subject: [PATCH 048/120] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 27c6e97619..2c0407e1f2 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 27c6e97619ddfd4edc987de7c081f92dbfc58148 +Subproject commit 2c0407e1f2ec2012a615de9fcc1d85d46dc5d176 From 658d1d08043f1eb3daf0911f832b20f4cdf01f4b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 5 Jul 2012 12:57:56 -0700 Subject: [PATCH 049/120] Updating submodule(s). [nomail] --- CHANGES | 4 ++-- VERSION | 2 +- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/btest | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index f513eeeec1..ba39388080 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,8 @@ -2.0-746 | 2012-07-05 12:28:54 -0700 +2.1-beta | 2012-07-05 12:57:56 -0700 * Fix typos in input framework doc. (Daniel Thayer) - + * Fix typos in DataSeries documentation. (Daniel Thayer) * Bugfix making custom rotate functions work again. (Robin Sommer) diff --git a/VERSION b/VERSION index fa1ad2daa8..0fb956a360 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-746 +2.1-beta diff --git a/aux/binpac b/aux/binpac index 6f43a8115d..4ad8d15b63 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 6f43a8115d8e6483a50957c5d21c5d69270ab3aa +Subproject commit 4ad8d15b6395925c9875c9d2912a6cc3b4918e0a diff --git a/aux/bro-aux b/aux/bro-aux index c6391412e9..c691c01e9c 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit c6391412e902e896836450ab98910309b2ca2d9b +Subproject commit c691c01e9cefae5a79bcd4b0f84ca387c8c587a7 diff --git a/aux/broccoli b/aux/broccoli index f1b0a395ab..d52337aeed 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit f1b0a395ab32388d8375ab72ec263b6029833f96 +Subproject commit d52337aeed44e46c24340b55fc636535aea64e39 diff --git a/aux/broctl b/aux/broctl index 2c0407e1f2..6bfc0bfae0 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 2c0407e1f2ec2012a615de9fcc1d85d46dc5d176 +Subproject commit 6bfc0bfae0406deddf207475582bf7a17f1787af diff --git a/aux/btest b/aux/btest index 5856453712..44441a6c91 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit 585645371256e8ec028cabae24c5f4a2108546d2 +Subproject commit 44441a6c912c7c9f8d4771e042306ec5f44e461d From 818c76243faef2e9daf4e9383803fe7ac4aa042e Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 5 Jul 2012 13:00:35 -0700 Subject: [PATCH 050/120] Updating submodule(s). [nomail] --- CHANGES | 2 +- aux/broccoli | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index ba39388080..15eb46a893 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.1-beta | 2012-07-05 12:57:56 -0700 +2.1-beta | 2012-07-05 13:00:35 -0700 * Fix typos in input framework doc. (Daniel Thayer) diff --git a/aux/broccoli b/aux/broccoli index d52337aeed..bd9d698f70 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit d52337aeed44e46c24340b55fc636535aea64e39 +Subproject commit bd9d698f708908f7258211b534c91467d486983b From 1b8673f4b2622a2aec73ca148aab88bde834eb3b Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 5 Jul 2012 17:58:44 -0500 Subject: [PATCH 051/120] Remove a non-portable test case --- testing/btest/bifs/system.bro | 5 ----- 1 file changed, 5 deletions(-) diff --git a/testing/btest/bifs/system.bro b/testing/btest/bifs/system.bro index b73aed4d79..ab2642319c 100644 --- a/testing/btest/bifs/system.bro +++ b/testing/btest/bifs/system.bro @@ -7,9 +7,4 @@ event bro_init() local a = system("echo thistest > out"); if ( a != 0 ) exit(1); - - local b = system(""); - if ( b == 0 ) - exit(1); - } From 84e91b8b8d18e310c0f61372a19434c19dfdd709 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 9 Jul 2012 16:38:05 -0400 Subject: [PATCH 052/120] Bringing elasticsearch branch up to date with master. --- scripts/base/frameworks/logging/__load__.bro | 3 +- .../logging/writers/elasticsearch.bro | 2 +- src/logging.bif | 2 +- src/logging/writers/ElasticSearch.cc | 221 ++++++++++++------ src/logging/writers/ElasticSearch.h | 22 +- 5 files changed, 167 insertions(+), 83 deletions(-) diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.bro index 2c2a6d2f59..b65cb1dea3 100644 --- a/scripts/base/frameworks/logging/__load__.bro +++ b/scripts/base/frameworks/logging/__load__.bro @@ -2,4 +2,5 @@ @load ./postprocessors @load ./writers/ascii @load ./writers/dataseries -@load ./writers/elasticsearch@load ./writers/none +@load ./writers/elasticsearch +@load ./writers/none diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro index b262201c85..93c6c98705 100644 --- a/scripts/base/frameworks/logging/writers/elasticsearch.bro +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -11,7 +11,7 @@ export { const server_port = 9200 &redef; ## Name of the ES index - const index_name = "bro" &redef; + const index_prefix = "bro" &redef; ## The ES type prefix comes before the name of the related log. ## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc. diff --git a/src/logging.bif b/src/logging.bif index 23b9378b26..3cdb414d80 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -89,7 +89,7 @@ module LogElasticSearch; const cluster_name: string; const server_host: string; const server_port: count; -const index_name: string; +const index_prefix: string; const type_prefix: string; const max_batch_size: count; const max_batch_interval: interval; diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 75a4e0514f..6d2f8363cc 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -30,8 +30,17 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) memcpy(cluster_name, BifConst::LogElasticSearch::cluster_name->Bytes(), cluster_name_len); cluster_name[cluster_name_len] = 0; + index_prefix = string((const char*) BifConst::LogElasticSearch::index_prefix->Bytes(), BifConst::LogElasticSearch::index_prefix->Len()); + + es_server = string(Fmt("http://%s:%d", BifConst::LogElasticSearch::server_host->Bytes(), + (int) BifConst::LogElasticSearch::server_port)); + bulk_url = string(Fmt("%s/_bulk", es_server.c_str())); + + http_headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8"); buffer.Clear(); counter = 0; + current_index = string(); + prev_index = string(); last_send = current_time(); curl_handle = HTTPSetup(); @@ -42,67 +51,84 @@ ElasticSearch::~ElasticSearch() delete [] cluster_name; } -bool ElasticSearch::DoInit(string path, int num_fields, const Field* const * fields) +bool ElasticSearch::DoInit(const WriterInfo& info, int num_fields, const threading::Field* const* fields) { - //TODO: Determine what, if anything, needs to be done here. return true; } bool ElasticSearch::DoFlush() { + BatchIndex(); return true; } bool ElasticSearch::DoFinish() { BatchIndex(); + curl_slist_free_all(http_headers); curl_easy_cleanup(curl_handle); return WriterBackend::DoFinish(); } bool ElasticSearch::BatchIndex() { - HTTPSend(); + curl_easy_reset(curl_handle); + curl_easy_setopt(curl_handle, CURLOPT_URL, bulk_url.c_str()); + curl_easy_setopt(curl_handle, CURLOPT_POST, 1); + curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)buffer.Len()); + curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes()); + HTTPSend(curl_handle); + buffer.Clear(); counter = 0; last_send = current_time(); + return true; } -bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) +bool ElasticSearch::AddValueToBuffer(ODesc* b, Value* val) { switch ( val->type ) { // ES treats 0 as false and any other value as true so bool types go here. case TYPE_BOOL: case TYPE_INT: - buffer.Add(val->val.int_val); + b->Add(val->val.int_val); break; case TYPE_COUNT: case TYPE_COUNTER: - buffer.Add(val->val.uint_val); + { + // ElasticSearch doesn't seem to support unsigned 64bit ints. + if ( val->val.uint_val >= INT64_MAX ) + { + Error(Fmt("count value too large: %" PRIu64, val->val.uint_val)); + b->AddRaw("null", 4); + } + else + b->Add(val->val.uint_val); break; + } case TYPE_PORT: - buffer.Add(val->val.port_val.port); + b->Add(val->val.port_val.port); break; case TYPE_SUBNET: - buffer.AddRaw("\"", 1); - buffer.Add(Render(val->val.subnet_val)); - buffer.AddRaw("\"", 1); + b->AddRaw("\"", 1); + b->Add(Render(val->val.subnet_val)); + b->AddRaw("\"", 1); break; case TYPE_ADDR: - buffer.AddRaw("\"", 1); - buffer.Add(Render(val->val.addr_val)); - buffer.AddRaw("\"", 1); + b->AddRaw("\"", 1); + b->Add(Render(val->val.addr_val)); + b->AddRaw("\"", 1); break; case TYPE_DOUBLE: case TYPE_INTERVAL: - buffer.Add(val->val.double_val); + b->Add(val->val.double_val); break; case TYPE_TIME: @@ -113,10 +139,10 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) if ( ts >= INT64_MAX ) { Error(Fmt("time value too large: %" PRIu64, ts)); - buffer.AddRaw("null", 4); + b->AddRaw("null", 4); } else - buffer.Add(ts); + b->Add(ts); break; } @@ -125,51 +151,48 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) case TYPE_FILE: case TYPE_FUNC: { - buffer.AddRaw("\"", 1); + b->AddRaw("\"", 1); for ( uint i = 0; i < val->val.string_val->size(); ++i ) { char c = val->val.string_val->data()[i]; - // HTML entity encode special characters. + // 2byte Unicode escape special characters. if ( c < 32 || c > 126 || c == '\n' || c == '"' || c == '\'' || c == '\\' || c == '&' ) { static const char hex_chars[] = "0123456789abcdef"; - buffer.AddRaw("\\u00", 4); - buffer.AddRaw(&hex_chars[(c & 0xf0) >> 4], 1); - buffer.AddRaw(&hex_chars[c & 0x0f], 1); - //buffer.AddRaw("&#//", 2); - //buffer.Add((uint8_t) c); - //buffer.AddRaw(";", 1); + b->AddRaw("\\u00", 4); + b->AddRaw(&hex_chars[(c & 0xf0) >> 4], 1); + b->AddRaw(&hex_chars[c & 0x0f], 1); } else - buffer.AddRaw(&c, 1); + b->AddRaw(&c, 1); } - buffer.AddRaw("\"", 1); + b->AddRaw("\"", 1); break; } case TYPE_TABLE: { - buffer.AddRaw("[", 1); + b->AddRaw("[", 1); for ( int j = 0; j < val->val.set_val.size; j++ ) { if ( j > 0 ) - buffer.AddRaw(",", 1); - AddFieldValueToBuffer(val->val.set_val.vals[j], field); + b->AddRaw(",", 1); + AddValueToBuffer(b, val->val.set_val.vals[j]); } - buffer.AddRaw("]", 1); + b->AddRaw("]", 1); break; } case TYPE_VECTOR: { - buffer.AddRaw("[", 1); + b->AddRaw("[", 1); for ( int j = 0; j < val->val.vector_val.size; j++ ) { if ( j > 0 ) - buffer.AddRaw(",", 1); - AddFieldValueToBuffer(val->val.vector_val.vals[j], field); + b->AddRaw(",", 1); + AddValueToBuffer(b, val->val.vector_val.vals[j]); } - buffer.AddRaw("]", 1); + b->AddRaw("]", 1); break; } @@ -179,38 +202,37 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field) return true; } -bool ElasticSearch::AddFieldToBuffer(Value* val, const Field* field) +bool ElasticSearch::AddFieldToBuffer(ODesc *b, Value* val, const Field* field) { if ( ! val->present ) return false; - buffer.AddRaw("\"", 1); - buffer.Add(field->name); - buffer.AddRaw("\":", 2); - AddFieldValueToBuffer(val, field); + b->AddRaw("\"", 1); + b->Add(field->name); + b->AddRaw("\":", 2); + AddValueToBuffer(b, val); return true; } bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, Value** vals) { + if ( current_index.empty() ) + UpdateIndex(network_time, Info().rotation_interval, Info().rotation_base); + // Our action line looks like: - // {"index":{"_index":"$index_name","_type":"$type_prefix$path"}}\n buffer.AddRaw("{\"index\":{\"_index\":\"", 20); - buffer.AddN((const char*) BifConst::LogElasticSearch::index_name->Bytes(), - BifConst::LogElasticSearch::index_name->Len()); + buffer.Add(current_index); buffer.AddRaw("\",\"_type\":\"", 11); - buffer.AddN((const char*) BifConst::LogElasticSearch::type_prefix->Bytes(), - BifConst::LogElasticSearch::type_prefix->Len()); - buffer.Add(Path()); - buffer.AddRaw("\"}\n", 3); + buffer.Add(Info().path); + buffer.AddRaw("\"}}\n", 4); buffer.AddRaw("{", 1); for ( int i = 0; i < num_fields; i++ ) { if ( i > 0 && buffer.Bytes()[buffer.Len()] != ',' && vals[i]->present ) buffer.AddRaw(",", 1); - AddFieldToBuffer(vals[i], fields[i]); + AddFieldToBuffer(&buffer, vals[i], fields[i]); } buffer.AddRaw("}\n", 2); @@ -221,10 +243,63 @@ bool ElasticSearch::DoWrite(int num_fields, const Field* const * fields, return true; } + +bool ElasticSearch::UpdateIndex(double now, double rinterval, double rbase) + { + if ( rinterval == 0 ) + { + // if logs aren't being rotated, don't use a rotation oriented index name. + current_index = index_prefix; + } + else + { + double nr = calc_next_rotate(now, rinterval, rbase); + double interval_beginning = now - (rinterval - nr); + + struct tm tm; + char buf[128]; + time_t teatime = (time_t)interval_beginning; + gmtime_r(&teatime, &tm); + strftime(buf, sizeof(buf), "%Y%m%d%H%M", &tm); + + prev_index = current_index; + current_index = index_prefix + "-" + buf; + } + + //printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str()); + return true; + } + bool ElasticSearch::DoRotate(string rotated_path, double open, double close, bool terminating) { - //TODO: Determine what, if anything, needs to be done here. + // Update the currently used index to the new rotation interval. + UpdateIndex(close, Info().rotation_interval, Info().rotation_base); + + // Only do this stuff if there was a previous index. + if ( ! prev_index.empty() ) + { + // FIXME: I think this section is taking too long and causing the thread to die. + + // Compress the previous index + //curl_easy_reset(curl_handle); + //curl_easy_setopt(curl_handle, CURLOPT_URL, Fmt("%s/%s/_settings", es_server.c_str(), prev_index.c_str())); + //curl_easy_setopt(curl_handle, CURLOPT_CUSTOMREQUEST, "PUT"); + //curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, "{\"index\":{\"store.compress.stored\":\"true\"}}"); + //curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t) 42); + //HTTPSend(curl_handle); + + // Optimize the previous index. + // TODO: make this into variables. + //curl_easy_reset(curl_handle); + //curl_easy_setopt(curl_handle, CURLOPT_URL, Fmt("%s/%s/_optimize?max_num_segments=1&wait_for_merge=false", es_server.c_str(), prev_index.c_str())); + //HTTPSend(curl_handle); + } + + //if ( ! FinishedRotation(current_index, prev_index, open, close, terminating) ) + // { + // Error(Fmt("error rotating %s to %s", prev_index.c_str(), current_index.c_str())); + // } return true; } @@ -237,7 +312,7 @@ bool ElasticSearch::DoSetBuf(bool enabled) bool ElasticSearch::DoHeartbeat(double network_time, double current_time) { - if ( last_send > 0 && + if ( last_send > 0 && buffer.Len() > 0 && current_time-last_send > BifConst::LogElasticSearch::max_batch_interval ) { BatchIndex(); @@ -247,31 +322,15 @@ bool ElasticSearch::DoHeartbeat(double network_time, double current_time) } -// HTTP Functions start here. - CURL* ElasticSearch::HTTPSetup() { - const char *URL = fmt("http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(), - (int) BifConst::LogElasticSearch::server_port);; - CURL* handle; - struct curl_slist *headers=NULL; - - handle = curl_easy_init(); + CURL* handle = curl_easy_init(); if ( ! handle ) - return handle; + { + Error("cURL did not initialize correctly."); + return 0; + } - //sprintf(URL, "http://%s:%d/_bulk", BifConst::LogElasticSearch::server_host->CheckString(), (int) BifConst::LogElasticSearch::server_port); - curl_easy_setopt(handle, CURLOPT_URL, URL); - - headers = curl_slist_append(NULL, "Content-Type: text/json; charset=utf-8"); - curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); - - curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result. - curl_easy_setopt(handle, CURLOPT_POST, 1); // All requests are POSTs - - // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to - // just use HTTP 1.0 - curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); return handle; } @@ -281,14 +340,16 @@ bool ElasticSearch::HTTPReceive(void* ptr, int size, int nmemb, void* userdata) return true; } -bool ElasticSearch::HTTPSend() +bool ElasticSearch::HTTPSend(CURL *handle) { - CURLcode return_code; + curl_easy_setopt(handle, CURLOPT_HTTPHEADER, http_headers); + curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &logging::writer::ElasticSearch::HTTPReceive); // This gets called with the result. + // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. + // The best (only?) way to disable that is to just use HTTP 1.0 + curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); - curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, buffer.Len()); - curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes()); + CURLcode return_code = curl_easy_perform(handle); - return_code = curl_easy_perform(curl_handle); switch ( return_code ) { case CURLE_COULDNT_CONNECT: @@ -296,6 +357,16 @@ bool ElasticSearch::HTTPSend() case CURLE_WRITE_ERROR: return false; + case CURLE_OK: + { + uint http_code = 0; + curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_code); + if ( http_code != 200 ) + Error(Fmt("Received a non-successful status code back from ElasticSearch server.")); + + return true; + } + default: return true; } diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h index bd1351214b..375845b002 100644 --- a/src/logging/writers/ElasticSearch.h +++ b/src/logging/writers/ElasticSearch.h @@ -22,8 +22,8 @@ public: protected: // Overidden from WriterBackend. - virtual bool DoInit(string path, int num_fields, - const threading::Field* const * fields); + virtual bool DoInit(const WriterInfo& info, int num_fields, + const threading::Field* const* fields); virtual bool DoWrite(int num_fields, const threading::Field* const* fields, threading::Value** vals); @@ -35,18 +35,22 @@ protected: virtual bool DoHeartbeat(double network_time, double current_time); private: - bool AddFieldToBuffer(threading::Value* val, const threading::Field* field); - bool AddFieldValueToBuffer(threading::Value* val, const threading::Field* field); + bool AddFieldToBuffer(ODesc *b, threading::Value* val, const threading::Field* field); + bool AddValueToBuffer(ODesc *b, threading::Value* val); bool BatchIndex(); + bool SendMappings(); + bool UpdateIndex(double now, double rinterval, double rbase); CURL* HTTPSetup(); bool HTTPReceive(void* ptr, int size, int nmemb, void* userdata); - bool HTTPSend(); + bool HTTPSend(CURL *handle); // Buffers, etc. ODesc buffer; uint64 counter; double last_send; + string current_index; + string prev_index; CURL* curl_handle; @@ -54,6 +58,14 @@ private: char* cluster_name; int cluster_name_len; + string es_server; + string bulk_url; + + struct curl_slist *http_headers; + + string path; + string index_prefix; + uint64 batch_size; }; From 9b70ee8799ec9b52528eb750abfd34bed2278422 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 9 Jul 2012 16:50:42 -0400 Subject: [PATCH 053/120] Tiny updates. --- doc/logging-elasticsearch.rst | 3 +-- src/logging/writers/ElasticSearch.cc | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index 26b49f3a0b..b6d22cf5fa 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -78,7 +78,7 @@ Bro's ElasticSearch writer comes with a few configuration options:: - server_port: What port to send the data to. Default 9200. -- index_name: ElasticSearch indexes are like databases in a standard DB model. +- index_prefix: ElasticSearch indexes are like databases in a standard DB model. This is the name of the index to which to send the data. Default bro. - type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. @@ -92,5 +92,4 @@ Lots. - Perform multicast discovery for server. - Better error detection. -- Dynamic index names. - Better defaults (don't index loaded-plugins, for instance). diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 6d2f8363cc..4461508083 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -266,7 +266,7 @@ bool ElasticSearch::UpdateIndex(double now, double rinterval, double rbase) current_index = index_prefix + "-" + buf; } - //printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str()); + //printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str()); return true; } From c0bbd78ee1c856ea62687fe3f10d867e8dd760c4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 10 Jul 2012 11:15:48 -0500 Subject: [PATCH 054/120] Fix segfault when there's an error/timeout resolving DNS requests. Addresses #846. --- src/DNS_Mgr.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 9e65d3c9a9..6b0f18f459 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -693,7 +693,7 @@ Val* DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r) { struct hostent* h = (r && r->host_errno == 0) ? r->hostent : 0; - u_int32_t ttl = r->ttl; + u_int32_t ttl = (r && r->host_errno == 0) ? r->ttl : 0; DNS_Mapping* new_dm; DNS_Mapping* prev_dm; From 7f4b0b52f8de12466125b0bf2ab44cfc1b4ea77e Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 10 Jul 2012 15:39:05 -0500 Subject: [PATCH 055/120] Fix compiler warnings These changes eliminate 405 of 571 warnings seen on OS X 10.7.4 with clang. --- src/EventHandler.cc | 2 +- src/Func.cc | 2 +- src/RemoteSerializer.h | 4 ++-- src/SMB.cc | 2 +- src/SerialObj.cc | 2 +- src/Sessions.h | 2 +- src/Type.cc | 2 +- src/input/readers/Ascii.cc | 4 ++-- src/logging/Manager.cc | 2 +- src/ssl-analyzer.pac | 4 ++-- src/threading/SerialTypes.h | 4 ++-- 11 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 2867b63437..5598f93f98 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -96,7 +96,7 @@ EventHandler* EventHandler::Unserialize(UnserialInfo* info) { char* name; if ( ! UNSERIALIZE_STR(&name, 0) ) - return false; + return 0; EventHandler* h = event_registry->Lookup(name); if ( ! h ) diff --git a/src/Func.cc b/src/Func.cc index 30689d4c26..582de1d9bb 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -100,7 +100,7 @@ Func* Func::Unserialize(UnserialInfo* info) if ( ! (id->HasVal() && id->ID_Val()->Type()->Tag() == TYPE_FUNC) ) { info->s->Error(fmt("ID %s is not a built-in", name)); - return false; + return 0; } Unref(f); diff --git a/src/RemoteSerializer.h b/src/RemoteSerializer.h index 1d7feef585..5ff7fff8d6 100644 --- a/src/RemoteSerializer.h +++ b/src/RemoteSerializer.h @@ -17,8 +17,8 @@ class IncrementalSendTimer; namespace threading { - class Field; - class Value; + struct Field; + struct Value; } // This class handles the communication done in Bro's main loop. diff --git a/src/SMB.cc b/src/SMB.cc index edce2a69b8..a06707328a 100644 --- a/src/SMB.cc +++ b/src/SMB.cc @@ -368,7 +368,7 @@ int SMB_Session::ParseSetupAndx(int is_orig, binpac::SMB::SMB_header const& hdr, // The binpac type depends on the negotiated server settings - // possibly we can just pick the "right" format here, and use that? - if ( hdr.flags2() && 0x0800 ) + if ( hdr.flags2() & 0x0800 ) { binpac::SMB::SMB_setup_andx_ext msg(hdr.unicode()); msg.Parse(body.data(), body.data() + body.length()); diff --git a/src/SerialObj.cc b/src/SerialObj.cc index a8ab969f5e..73cab275c2 100644 --- a/src/SerialObj.cc +++ b/src/SerialObj.cc @@ -163,7 +163,7 @@ SerialObj* SerialObj::Unserialize(UnserialInfo* info, SerialType type) if ( ! result ) { DBG_POP(DBG_SERIAL); - return false; + return 0; } DBG_POP(DBG_SERIAL); diff --git a/src/Sessions.h b/src/Sessions.h index a7d7b1272f..25065012e6 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -18,7 +18,7 @@ struct pcap_pkthdr; class EncapsulationStack; class Connection; -class ConnID; +struct ConnID; class OSFingerprint; class ConnCompressor; diff --git a/src/Type.cc b/src/Type.cc index caba0c9fa0..414c07d3d7 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -910,7 +910,7 @@ Val* RecordType::FieldDefault(int field) const const TypeDecl* td = FieldDecl(field); if ( ! td->attrs ) - return false; + return 0; const Attr* def_attr = td->attrs->FindAttr(ATTR_DEFAULT); diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index 1731bba872..dd1e742e5e 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -232,7 +232,7 @@ Value* Ascii::EntryToVal(string s, FieldMapping field) { Error(Fmt("Field: %s Invalid value for boolean: %s", field.name.c_str(), s.c_str())); - return false; + return 0; } break; @@ -262,7 +262,7 @@ Value* Ascii::EntryToVal(string s, FieldMapping field) if ( pos == s.npos ) { Error(Fmt("Invalid value for subnet: %s", s.c_str())); - return false; + return 0; } int width = atoi(s.substr(pos+1).c_str()); diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 511fedc984..0fea3d577d 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -983,7 +983,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer if ( ! stream ) // Don't know this stream. - return false; + return 0; Stream::WriterMap::iterator w = stream->writers.find(Stream::WriterPathPair(writer->AsEnum(), info.path)); diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index bf9cf1e0ba..bd4b76ee98 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -295,7 +295,7 @@ refine connection SSL_Conn += { for ( int k = 0; k < num_ext; ++k ) { unsigned char *pBuffer = 0; - uint length = 0; + int length = 0; X509_EXTENSION* ex = X509_get_ext(pTemp, k); if (ex) @@ -303,7 +303,7 @@ refine connection SSL_Conn += { ASN1_STRING *pString = X509_EXTENSION_get_data(ex); length = ASN1_STRING_to_UTF8(&pBuffer, pString); //i2t_ASN1_OBJECT(&pBuffer, length, obj) - // printf("extension length: %u\n", length); + // printf("extension length: %d\n", length); // -1 indicates an error. if ( length < 0 ) continue; diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 9ce53c7cb1..283d88bf4c 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -2,8 +2,6 @@ #ifndef THREADING_SERIALIZATIONTYPES_H #define THREADING_SERIALIZATIONTYPES_H -using namespace std; - #include #include #include @@ -11,6 +9,8 @@ using namespace std; #include "Type.h" #include "net_util.h" +using namespace std; + class SerializationFormat; namespace threading { From c4b6499d858c5799845f9f312931bc845e506e05 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 10 Jul 2012 16:27:03 -0500 Subject: [PATCH 056/120] Add sorting canonifier to rotate-custom unit test. (addresses #846) The output on stderr for this test is the results of many backgrounded "echo" commands, one for each rotation, so the order in which they occur may be subject to OS process scheduling and can't be relied upon --- testing/btest/scripts/base/frameworks/logging/rotate-custom.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro b/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro index 3f6d40adaf..8a7f16d182 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro +++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro @@ -2,7 +2,7 @@ #@TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out # @TEST-EXEC: btest-diff out -# @TEST-EXEC: btest-diff .stderr +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderr module Test; From 6e5382da548a4d8ffbd73089a3a502778d477176 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 10 Jul 2012 23:49:31 -0400 Subject: [PATCH 057/120] Re-adding the needed call to FinishedRotation in the ES writer plugin. --- src/logging/writers/ElasticSearch.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 4461508083..1b8dfa495d 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -296,10 +296,10 @@ bool ElasticSearch::DoRotate(string rotated_path, double open, double close, boo //HTTPSend(curl_handle); } - //if ( ! FinishedRotation(current_index, prev_index, open, close, terminating) ) - // { - // Error(Fmt("error rotating %s to %s", prev_index.c_str(), current_index.c_str())); - // } + if ( ! FinishedRotation(current_index, prev_index, open, close, terminating) ) + { + Error(Fmt("error rotating %s to %s", prev_index.c_str(), current_index.c_str())); + } return true; } From b31ef8cde5c6b40a736a88ea1354f3073f99c9b1 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 11 Jul 2012 10:58:57 -0400 Subject: [PATCH 058/120] Fixing memory leak. --- src/ssl-analyzer.pac | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index bd4b76ee98..d1ac470284 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -305,12 +305,12 @@ refine connection SSL_Conn += { //i2t_ASN1_OBJECT(&pBuffer, length, obj) // printf("extension length: %d\n", length); // -1 indicates an error. - if ( length < 0 ) - continue; - - StringVal* value = new StringVal(length, (char*)pBuffer); - BifEvent::generate_x509_extension(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, value); + if ( length >= 0 ) + { + StringVal* value = new StringVal(length, (char*)pBuffer); + BifEvent::generate_x509_extension(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, value); + } OPENSSL_free(pBuffer); } } From a44612788ee0ccee284a61e80792a645915cab5c Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 11 Jul 2012 16:53:46 -0400 Subject: [PATCH 059/120] Some small fixes to further reduce SOCKS false positive logs. --- scripts/base/protocols/socks/main.bro | 5 ++++- src/SOCKS.cc | 9 ++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.bro index ca35a3f5e4..052e666371 100644 --- a/scripts/base/protocols/socks/main.bro +++ b/scripts/base/protocols/socks/main.bro @@ -83,5 +83,8 @@ event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Addres event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port) &priority=-5 { - Log::write(SOCKS::LOG, c$socks); + # This will handle the case where the analyzer failed in some way and was removed. We probably + # don't want to log these connections. + if ( "SOCKS" in c$service ) + Log::write(SOCKS::LOG, c$socks); } diff --git a/src/SOCKS.cc b/src/SOCKS.cc index 0064f6e700..02429aa208 100644 --- a/src/SOCKS.cc +++ b/src/SOCKS.cc @@ -67,7 +67,14 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } else { - interp->NewData(orig, data, data + len); + try + { + interp->NewData(orig, data, data + len); + } + catch ( const binpac::Exception& e ) + { + ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + } } } From 8ff8c66655fdfc2dfec703b332dfad02226be775 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Wed, 11 Jul 2012 20:10:49 -0700 Subject: [PATCH 060/120] make pthread_mutex_unlock include the reason for why the unlock fails. --- src/threading/BasicThread.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index e5a4dc5dbe..3dda6b5e8c 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -86,12 +86,12 @@ void BasicThread::Start() int err = pthread_mutex_init(&terminate, 0); if ( err != 0 ) - reporter->FatalError("Cannot create terminate mutex for thread %s:%s", name.c_str(), strerror(err)); + reporter->FatalError("Cannot create terminate mutex for thread %s: %s", name.c_str(), strerror(err)); // We use this like a binary semaphore and acquire it immediately. err = pthread_mutex_lock(&terminate); if ( err != 0 ) - reporter->FatalError("Cannot aquire terminate mutex for thread %s:%s", name.c_str(), strerror(err)); + reporter->FatalError("Cannot aquire terminate mutex for thread %s: %s", name.c_str(), strerror(err)); err = pthread_create(&pthread, 0, BasicThread::launcher, this); if ( err != 0 ) @@ -116,8 +116,9 @@ void BasicThread::Stop() // Signal that it's ok for the thread to exit now by unlocking the // mutex. - if ( pthread_mutex_unlock(&terminate) != 0 ) - reporter->FatalError("Failure flagging terminate condition for thread %s", name.c_str()); + int err = pthread_mutex_unlock(&terminate); + if ( err != 0 ) + reporter->FatalError("Failure flagging terminate condition for thread %s: %s", name.c_str(), strerror(err)); terminating = true; From e1bd9609264a4d067e3c58016806877f0f859c8d Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Fri, 13 Jul 2012 02:20:41 -0700 Subject: [PATCH 061/120] Unblock SIGFPE, SIGILL, SIGSEGV and SIGBUS for threads. According to POSIX, behavior is unspecified if a specific thread receives one of those signals (because of e.g. executing an invalid instruction) if the signal is blocked. This resulted in segfaults in threads not propagating to the main thread. Adresses #848 --- src/threading/BasicThread.cc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index 3dda6b5e8c..6ce5ad5f52 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -164,6 +164,13 @@ void* BasicThread::launcher(void *arg) // process. sigset_t mask_set; sigfillset(&mask_set); + // Unblock the signals where according to POSIX the result is undefined if they are blocked + // in a thread and received by that thread. If those are not unblocked, threads will just + // hang when they crash without the user being notified. + sigdelset(&mask_set, SIGFPE); + sigdelset(&mask_set, SIGILL); + sigdelset(&mask_set, SIGSEGV); + sigdelset(&mask_set, SIGBUS); int res = pthread_sigmask(SIG_BLOCK, &mask_set, 0); assert(res == 0); // From f43576cff346bcecde12bd477f444d532e4b0632 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Fri, 13 Jul 2012 14:04:24 -0400 Subject: [PATCH 062/120] Fix some Info:Record field documentation. --- .../base/frameworks/communication/main.bro | 2 +- scripts/base/protocols/conn/main.bro | 25 +++++++++-------- scripts/base/protocols/dns/main.bro | 8 +++--- scripts/base/protocols/ftp/main.bro | 2 ++ scripts/base/protocols/http/main.bro | 2 ++ scripts/base/protocols/irc/main.bro | 2 ++ scripts/base/protocols/smtp/main.bro | 28 +++++++++++++++---- scripts/base/protocols/socks/main.bro | 8 ++++-- scripts/base/protocols/ssh/main.bro | 10 ++++--- scripts/base/protocols/ssl/main.bro | 10 ++++--- scripts/base/protocols/syslog/main.bro | 4 ++- 11 files changed, 67 insertions(+), 34 deletions(-) diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro index ceae357f78..81f9a383b9 100644 --- a/scripts/base/frameworks/communication/main.bro +++ b/scripts/base/frameworks/communication/main.bro @@ -42,7 +42,7 @@ export { type Info: record { ## The network time at which a communication event occurred. ts: time &log; - ## The peer name (if any) for which a communication event is concerned. + ## The peer name (if any) with which a communication event is concerned. peer: string &log &optional; ## Where the communication event message originated from, that is, ## either from the scripting layer or inside the Bro process. diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro index 5796c3c6b1..6cc2510027 100644 --- a/scripts/base/protocols/conn/main.bro +++ b/scripts/base/protocols/conn/main.bro @@ -17,7 +17,7 @@ export { type Info: record { ## This is the time of the first packet. ts: time &log; - ## A unique identifier of a connection. + ## A unique identifier of the connection. uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; @@ -61,7 +61,7 @@ export { ## be left empty at all times. local_orig: bool &log &optional; - ## Indicates the number of bytes missed in content gaps which is + ## Indicates the number of bytes missed in content gaps, which is ## representative of packet loss. A value other than zero will ## normally cause protocol analysis to fail but some analysis may ## have been completed prior to the packet loss. @@ -83,23 +83,24 @@ export { ## i inconsistent packet (e.g. SYN+RST bits both set) ## ====== ==================================================== ## - ## If the letter is in upper case it means the event comes from the - ## originator and lower case then means the responder. - ## Also, there is compression. We only record one "d" in each direction, - ## for instance. I.e., we just record that data went in that direction. - ## This history is not meant to encode how much data that happened to - ## be. + ## If the event comes from the originator, the letter is in upper-case; if it comes + ## from the responder, it's in lower-case. Multiple packets of the same type will + ## only be noted once (e.g. we only record one "d" in each direction, regardless of + ## how many data packets were seen.) history: string &log &optional; - ## Number of packets the originator sent. + ## Number of packets that the originator sent. ## Only set if :bro:id:`use_conn_size_analyzer` = T orig_pkts: count &log &optional; - ## Number IP level bytes the originator sent (as seen on the wire, + ## Number of IP level bytes that the originator sent (as seen on the wire, ## taken from IP total_length header field). ## Only set if :bro:id:`use_conn_size_analyzer` = T orig_ip_bytes: count &log &optional; - ## Number of packets the responder sent. See ``orig_pkts``. + ## Number of packets that the responder sent. + ## Only set if :bro:id:`use_conn_size_analyzer` = T resp_pkts: count &log &optional; - ## Number IP level bytes the responder sent. See ``orig_pkts``. + ## Number og IP level bytes that the responder sent (as seen on the wire, + ## taken from IP total_length header field). + ## Only set if :bro:id:`use_conn_size_analyzer` = T resp_ip_bytes: count &log &optional; ## If this connection was over a tunnel, indicate the ## *uid* values for any encapsulating parent connections diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro index c50a8bdc54..600de4beaf 100644 --- a/scripts/base/protocols/dns/main.bro +++ b/scripts/base/protocols/dns/main.bro @@ -45,16 +45,16 @@ export { AA: bool &log &default=F; ## The Truncation bit specifies that the message was truncated. TC: bool &log &default=F; - ## The Recursion Desired bit indicates to a name server to recursively - ## purse the query. + ## The Recursion Desired bit in a request message indicates that + ## the client wants recursive service for this query. RD: bool &log &default=F; - ## The Recursion Available bit in a response message indicates if + ## The Recursion Available bit in a response message indicates that ## the name server supports recursive queries. RA: bool &log &default=F; ## A reserved field that is currently supposed to be zero in all ## queries and responses. Z: count &log &default=0; - ## The set of resource descriptions in answer of the query. + ## The set of resource descriptions in the query answer. answers: vector of string &log &optional; ## The caching intervals of the associated RRs described by the ## ``answers`` field. diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index 7c5bbaefdc..d20bc92d8a 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -28,7 +28,9 @@ export { type Info: record { ## Time when the command was sent. ts: time &log; + ## Unique ID for the connection. uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; ## User name for the current FTP session. user: string &log &default=""; diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index 6571548145..f4377e03de 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -22,7 +22,9 @@ export { type Info: record { ## Timestamp for when the request happened. ts: time &log; + ## Unique ID for the connection. uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; ## Represents the pipelined depth into the connection of this ## request/response transaction. diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.bro index 2bf2a9bbb9..1cf542b8ea 100644 --- a/scripts/base/protocols/irc/main.bro +++ b/scripts/base/protocols/irc/main.bro @@ -11,7 +11,9 @@ export { type Info: record { ## Timestamp when the command was seen. ts: time &log; + ## Unique ID for the connection. uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; ## Nick name given for the connection. nick: string &log &optional; diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro index 513b85e342..03b3d36a24 100644 --- a/scripts/base/protocols/smtp/main.bro +++ b/scripts/base/protocols/smtp/main.bro @@ -8,33 +8,51 @@ export { redef enum Log::ID += { LOG }; type Info: record { + ## Time when the message was first seen. ts: time &log; + ## Unique ID for the connection. uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; - ## This is a number that indicates the number of messages deep into - ## this connection where this particular message was transferred. + ## A count to represent the depth of this message transaction in a single + ## connection where multiple messages were transferred. trans_depth: count &log; + ## Contents of the Helo header. helo: string &log &optional; + ## Contents of the From header. mailfrom: string &log &optional; + ## Contents of the Rcpt header. rcptto: set[string] &log &optional; + ## Contents of the Date header. date: string &log &optional; + ## Contents of the From header. from: string &log &optional; + ## Contents of the To header. to: set[string] &log &optional; + ## Contents of the ReplyTo header. reply_to: string &log &optional; + ## Contents of the MsgID header. msg_id: string &log &optional; + ## Contents of the In-Reply-To header. in_reply_to: string &log &optional; + ## Contents of the Subject header. subject: string &log &optional; + ## Contents of the X-Origininating-IP header. x_originating_ip: addr &log &optional; + ## Contents of the first Received header. first_received: string &log &optional; + ## Contents of the second Received header. second_received: string &log &optional; - ## The last message the server sent to the client. + ## The last message that the server sent to the client. last_reply: string &log &optional; + ## The message transmission path, as extracted from the headers. path: vector of addr &log &optional; + ## Value of the User-Agent header from the client. user_agent: string &log &optional; - ## Indicate if the "Received: from" headers should still be processed. + ## Indicates if the "Received: from" headers should still be processed. process_received_from: bool &default=T; - ## Indicates if client activity has been seen, but not yet logged + ## Indicates if client activity has been seen, but not yet logged. has_client_activity: bool &default=F; }; diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.bro index 052e666371..79ae4baa19 100644 --- a/scripts/base/protocols/socks/main.bro +++ b/scripts/base/protocols/socks/main.bro @@ -9,19 +9,21 @@ export { type Info: record { ## Time when the proxy connection was first detected. ts: time &log; + ## Unique ID for the tunnel - may correspond to connection uid or be non-existent. uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; ## Protocol version of SOCKS. version: count &log; - ## Username for the proxy if extracted from the network. + ## Username for the proxy if extracted from the network.. user: string &log &optional; ## Server status for the attempt at using the proxy. status: string &log &optional; - ## Client requested SOCKS address. Could be an address, a name or both. + ## Client requested SOCKS address. Could be an address, a name or both. request: SOCKS::Address &log &optional; ## Client requested port. request_p: port &log &optional; - ## Server bound address. Could be an address, a name or both. + ## Server bound address. Could be an address, a name or both. bound: SOCKS::Address &log &optional; ## Server bound port. bound_p: port &log &optional; diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 0d3439bb1f..cd20f4e913 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -26,21 +26,23 @@ export { type Info: record { ## Time when the SSH connection began. ts: time &log; + ## Unique ID for the connection. uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; ## Indicates if the login was heuristically guessed to be "success" ## or "failure". status: string &log &optional; ## Direction of the connection. If the client was a local host - ## logging into an external host, this would be OUTBOUD. INBOUND + ## logging into an external host, this would be OUTBOUND. INBOUND ## would be set for the opposite situation. # TODO: handle local-local and remote-remote better. direction: Direction &log &optional; - ## Software string given by the client. + ## Software string from the client. client: string &log &optional; - ## Software string given by the server. + ## Software string from the server. server: string &log &optional; - ## Amount of data returned from the server. This is currently + ## Amount of data returned from the server. This is currently ## the only measure of the success heuristic and it is logged to ## assist analysts looking at the logs to make their own determination ## about the success on a case-by-case basis. diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index b5f74d5122..f61e0d68ab 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -9,13 +9,15 @@ export { redef enum Log::ID += { LOG }; type Info: record { - ## Time when the SSL connection began. + ## Time when the SSL connection was first detected. ts: time &log; - uid: string &log; + ## Unique ID for the connection. + uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; - ## SSL/TLS version the server offered. + ## SSL/TLS version that the server offered. version: string &log &optional; - ## SSL/TLS cipher suite the server chose. + ## SSL/TLS cipher suite that the server chose. cipher: string &log &optional; ## Value of the Server Name Indicator SSL/TLS extension. It ## indicates the server name that the client was requesting. diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.bro index 79f89d5e71..61334e3f2b 100644 --- a/scripts/base/protocols/syslog/main.bro +++ b/scripts/base/protocols/syslog/main.bro @@ -9,9 +9,11 @@ export { redef enum Log::ID += { LOG }; type Info: record { - ## Timestamp of when the syslog message was seen. + ## Timestamp when the syslog message was seen. ts: time &log; + ## Unique ID for the connection. uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; ## Protocol over which the message was seen. proto: transport_proto &log; From 8279de25c98e54e526a7d7abacd4c69d28b3300a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Jul 2012 14:25:31 -0500 Subject: [PATCH 063/120] Remove baselines for some leak-detecting unit tests. They were drifting from the non-leak-detecting unit tests and the point of these was just leak detecting anyway, don't need the redundancy. --- .../btest/Baseline/core.leaks.ayiya/conn.log | 15 ---- .../btest/Baseline/core.leaks.ayiya/http.log | 10 --- .../Baseline/core.leaks.ayiya/tunnel.log | 11 --- .../btest/Baseline/core.leaks.teredo/conn.log | 28 ------- .../btest/Baseline/core.leaks.teredo/http.log | 11 --- .../btest/Baseline/core.leaks.teredo/output | 83 ------------------- .../Baseline/core.leaks.teredo/tunnel.log | 13 --- testing/btest/core/leaks/ayiya.test | 3 - testing/btest/core/leaks/teredo.bro | 4 - 9 files changed, 178 deletions(-) delete mode 100644 testing/btest/Baseline/core.leaks.ayiya/conn.log delete mode 100644 testing/btest/Baseline/core.leaks.ayiya/http.log delete mode 100644 testing/btest/Baseline/core.leaks.ayiya/tunnel.log delete mode 100644 testing/btest/Baseline/core.leaks.teredo/conn.log delete mode 100644 testing/btest/Baseline/core.leaks.teredo/http.log delete mode 100644 testing/btest/Baseline/core.leaks.teredo/output delete mode 100644 testing/btest/Baseline/core.leaks.teredo/tunnel.log diff --git a/testing/btest/Baseline/core.leaks.ayiya/conn.log b/testing/btest/Baseline/core.leaks.ayiya/conn.log deleted file mode 100644 index 5c23b4c404..0000000000 --- a/testing/btest/Baseline/core.leaks.ayiya/conn.log +++ /dev/null @@ -1,15 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path conn -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes parents -#types time string addr port addr port enum string interval count count string bool count string count count count count table[string] -1257655301.595604 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - 0 ShADad 10 3605 11 5329 k6kgXLOoSKl -1257655296.585034 k6kgXLOoSKl 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - 0 Dd 21 5717 13 6473 (empty) -1257655293.629048 UWkUyAuUGXf 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - 0 d 0 0 1 176 (empty) -1257655296.585333 FrJExwHcSal :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - 0 - 1 64 0 0 k6kgXLOoSKl -1257655293.629048 arKYeMETxOg 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - 0 - 3 312 1 104 UWkUyAuUGXf,k6kgXLOoSKl -1257655296.585188 TEfuqmmG4bh fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl -1257655296.585151 j4u32Pc5bif fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl -1257655296.585034 nQcgTWjvg4c fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl diff --git a/testing/btest/Baseline/core.leaks.ayiya/http.log b/testing/btest/Baseline/core.leaks.ayiya/http.log deleted file mode 100644 index 7cef1a1b8e..0000000000 --- a/testing/btest/Baseline/core.leaks.ayiya/http.log +++ /dev/null @@ -1,10 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path http -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file -#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1257655301.652206 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - - (empty) - - - text/html - - -1257655302.514424 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - -1257655303.603569 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - diff --git a/testing/btest/Baseline/core.leaks.ayiya/tunnel.log b/testing/btest/Baseline/core.leaks.ayiya/tunnel.log deleted file mode 100644 index 512f49b6ee..0000000000 --- a/testing/btest/Baseline/core.leaks.ayiya/tunnel.log +++ /dev/null @@ -1,11 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path tunnel -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p action tunnel_type -#types time string addr port addr port enum enum -1257655293.629048 UWkUyAuUGXf 192.168.3.101 53796 216.14.98.22 5072 Tunnel::DISCOVER Tunnel::AYIYA -1257655296.585034 k6kgXLOoSKl 192.168.3.101 53859 216.14.98.22 5072 Tunnel::DISCOVER Tunnel::AYIYA -1257655317.464035 k6kgXLOoSKl 192.168.3.101 53859 216.14.98.22 5072 Tunnel::CLOSE Tunnel::AYIYA -1257655317.464035 UWkUyAuUGXf 192.168.3.101 53796 216.14.98.22 5072 Tunnel::CLOSE Tunnel::AYIYA diff --git a/testing/btest/Baseline/core.leaks.teredo/conn.log b/testing/btest/Baseline/core.leaks.teredo/conn.log deleted file mode 100644 index 151230886b..0000000000 --- a/testing/btest/Baseline/core.leaks.teredo/conn.log +++ /dev/null @@ -1,28 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path conn -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes parents -#types time string addr port addr port enum string interval count count string bool count string count count count count table[string] -1210953047.736921 arKYeMETxOg 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - 0 fA 1 40 1 40 (empty) -1210953050.867067 k6kgXLOoSKl 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - 0 fA 1 40 1 40 (empty) -1210953057.833364 5OKnoww6xl4 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - 0 Fa 1 40 1 40 (empty) -1210953058.007081 VW0XPVINV8a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - 0 R 1 40 0 0 (empty) -1210953057.834454 3PKsZ2Uye21 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - 0 ShADadR 6 1038 4 335 (empty) -1210953058.350065 fRFu0wcOle6 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - 0 Dd 2 122 2 494 (empty) -1210953058.577231 qSsw6ESzHV4 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - 0 D 3 234 0 0 (empty) -1210953074.264819 Tw8jXtpTGu6 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - 0 Dd 3 207 3 682 (empty) -1210953061.312379 70MGiRM1Qf4 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - 0 ShADad 10 2279 12 11191 GSxOnSLghOa -1210953076.058333 EAr0uf4mhq 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty) -1210953074.055744 h5DsfNtYzi1 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty) -1210953074.057124 P654jzLoe3a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty) -1210953074.570439 c4Zw9TmAE05 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - 0 ShADadFf 7 757 6 4164 (empty) -1210953052.202579 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - 0 Dd 2 185 1 76 (empty) -1210953060.829233 GSxOnSLghOa 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - 0 Dd 12 2695 13 11607 (empty) -1210953058.933954 iE6yhOq3SF 0.0.0.0 68 255.255.255.255 67 udp - - - - S0 - 0 D 1 328 0 0 (empty) -1210953052.324629 TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 udp teredo - - - SHR - 0 d 0 0 1 137 (empty) -1210953046.591933 UWkUyAuUGXf 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - 0 D 2 472 0 0 (empty) -1210953052.324629 FrJExwHcSal fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 TEfuqmmG4bh -1210953060.829303 qCaWGmzFtM5 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - 0 - 1 52 1 52 GSxOnSLghOa,nQcgTWjvg4c -1210953052.202579 j4u32Pc5bif fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 nQcgTWjvg4c diff --git a/testing/btest/Baseline/core.leaks.teredo/http.log b/testing/btest/Baseline/core.leaks.teredo/http.log deleted file mode 100644 index b3cf832083..0000000000 --- a/testing/btest/Baseline/core.leaks.teredo/http.log +++ /dev/null @@ -1,11 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path http -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file -#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1210953057.917183 3PKsZ2Uye21 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - Syncer/4.80 (av_pro-1169;f) 589 0 204 - - - (empty) - - - text/plain - - -1210953061.585996 70MGiRM1Qf4 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - text/html - - -1210953073.381474 70MGiRM1Qf4 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - text/html - - -1210953074.674817 c4Zw9TmAE05 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - text/xml - - diff --git a/testing/btest/Baseline/core.leaks.teredo/output b/testing/btest/Baseline/core.leaks.teredo/output deleted file mode 100644 index 02d5a41e74..0000000000 --- a/testing/btest/Baseline/core.leaks.teredo/output +++ /dev/null @@ -1,83 +0,0 @@ -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp] - ip6: [class=0, flow=0, len=24, nxt=58, hlim=255, src=fe80::8000:ffff:ffff:fffd, dst=ff02::2, exts=[]] - auth: [id=, value=, nonce=14796129349558001544, confirm=0] -auth: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp] - ip6: [class=0, flow=0, len=24, nxt=58, hlim=255, src=fe80::8000:ffff:ffff:fffd, dst=ff02::2, exts=[]] - auth: [id=, value=, nonce=14796129349558001544, confirm=0] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.81, resp_p=3544/udp] - ip6: [class=0, flow=0, len=48, nxt=58, hlim=255, src=fe80::8000:f227:bec8:61af, dst=fe80::8000:ffff:ffff:fffd, exts=[]] - auth: [id=, value=, nonce=14796129349558001544, confirm=0] - origin: [p=3797/udp, a=70.55.215.234] -auth: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.81, resp_p=3544/udp] - ip6: [class=0, flow=0, len=48, nxt=58, hlim=255, src=fe80::8000:f227:bec8:61af, dst=fe80::8000:ffff:ffff:fffd, exts=[]] - auth: [id=, value=, nonce=14796129349558001544, confirm=0] - origin: [p=3797/udp, a=70.55.215.234] -origin: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.81, resp_p=3544/udp] - ip6: [class=0, flow=0, len=48, nxt=58, hlim=255, src=fe80::8000:f227:bec8:61af, dst=fe80::8000:ffff:ffff:fffd, exts=[]] - auth: [id=, value=, nonce=14796129349558001544, confirm=0] - origin: [p=3797/udp, a=70.55.215.234] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=0, nxt=59, hlim=21, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -bubble: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=0, nxt=59, hlim=21, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp] - ip6: [class=0, flow=0, len=12, nxt=58, hlim=21, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp] - ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=fe80::708d:fe83:4114:a512, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] - origin: [p=32900/udp, a=83.170.1.38] -origin: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp] - ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=fe80::708d:fe83:4114:a512, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] - origin: [p=32900/udp, a=83.170.1.38] -bubble: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp] - ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=fe80::708d:fe83:4114:a512, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] - origin: [p=32900/udp, a=83.170.1.38] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=fe80::708d:fe83:4114:a512, exts=[]] -bubble: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=fe80::708d:fe83:4114:a512, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=12, nxt=58, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=24, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=24, nxt=6, hlim=245, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=817, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=514, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=898, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=812, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=717, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]] -packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp] - ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]] diff --git a/testing/btest/Baseline/core.leaks.teredo/tunnel.log b/testing/btest/Baseline/core.leaks.teredo/tunnel.log deleted file mode 100644 index 5a2114dd1c..0000000000 --- a/testing/btest/Baseline/core.leaks.teredo/tunnel.log +++ /dev/null @@ -1,13 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path tunnel -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p action tunnel_type -#types time string addr port addr port enum enum -1210953052.202579 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 Tunnel::DISCOVER Tunnel::TEREDO -1210953052.324629 TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::DISCOVER Tunnel::TEREDO -1210953061.292918 GSxOnSLghOa 192.168.2.16 3797 83.170.1.38 32900 Tunnel::DISCOVER Tunnel::TEREDO -1210953076.058333 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 Tunnel::CLOSE Tunnel::TEREDO -1210953076.058333 GSxOnSLghOa 192.168.2.16 3797 83.170.1.38 32900 Tunnel::CLOSE Tunnel::TEREDO -1210953076.058333 TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::CLOSE Tunnel::TEREDO diff --git a/testing/btest/core/leaks/ayiya.test b/testing/btest/core/leaks/ayiya.test index adad42a822..2093924c7a 100644 --- a/testing/btest/core/leaks/ayiya.test +++ b/testing/btest/core/leaks/ayiya.test @@ -5,6 +5,3 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/tunnels/ayiya3.trace -# @TEST-EXEC: btest-diff tunnel.log -# @TEST-EXEC: btest-diff conn.log -# @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/core/leaks/teredo.bro b/testing/btest/core/leaks/teredo.bro index 9902f1258b..be298f4d68 100644 --- a/testing/btest/core/leaks/teredo.bro +++ b/testing/btest/core/leaks/teredo.bro @@ -5,10 +5,6 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output -# @TEST-EXEC: btest-diff output -# @TEST-EXEC: btest-diff tunnel.log -# @TEST-EXEC: btest-diff conn.log -# @TEST-EXEC: btest-diff http.log function print_teredo(name: string, outer: connection, inner: teredo_hdr) { From 353393f9bd9c43bab74b1ba4244d82e414b0698c Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Jul 2012 14:32:50 -0500 Subject: [PATCH 064/120] Fix segfault when incrementing whole vector values. Also removed RefExpr::Eval(Val*) method since it was never called (Clang emitted warning about this hiding overloaded virtual function UnaryExpr::Eval(Frame*)) and doesn't appear to be necessary even if it was called to avoid the default vector handling of UnaryExpr::Eval (as the comment suggests as the intention). --- src/Expr.cc | 7 ---- src/Expr.h | 4 --- .../btest/Baseline/language.incr-vec-expr/out | 5 +++ testing/btest/core/leaks/incr-vec-expr.test | 35 +++++++++++++++++++ testing/btest/language/incr-vec-expr.test | 27 ++++++++++++++ 5 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 testing/btest/Baseline/language.incr-vec-expr/out create mode 100644 testing/btest/core/leaks/incr-vec-expr.test create mode 100644 testing/btest/language/incr-vec-expr.test diff --git a/src/Expr.cc b/src/Expr.cc index 58f5db3fd1..b62f119bae 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -1035,12 +1035,10 @@ Val* IncrExpr::Eval(Frame* f) const { Val* new_elt = DoSingleEval(f, elt); v_vec->Assign(i, new_elt, this, OP_INCR); - Unref(new_elt); // was Ref()'d by Assign() } else v_vec->Assign(i, 0, this, OP_INCR); } - // FIXME: Is the next line needed? op->Assign(f, v_vec, OP_INCR); } @@ -2402,11 +2400,6 @@ Expr* RefExpr::MakeLvalue() return this; } -Val* RefExpr::Eval(Val* v) const - { - return Fold(v); - } - void RefExpr::Assign(Frame* f, Val* v, Opcode opcode) { op->Assign(f, v, opcode); diff --git a/src/Expr.h b/src/Expr.h index f0798359c2..c16cf86612 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -608,10 +608,6 @@ public: void Assign(Frame* f, Val* v, Opcode op = OP_ASSIGN); Expr* MakeLvalue(); - // Only overridden to avoid special vector handling which doesn't apply - // for this class. - Val* Eval(Val* v) const; - protected: friend class Expr; RefExpr() { } diff --git a/testing/btest/Baseline/language.incr-vec-expr/out b/testing/btest/Baseline/language.incr-vec-expr/out new file mode 100644 index 0000000000..b6c108a2d8 --- /dev/null +++ b/testing/btest/Baseline/language.incr-vec-expr/out @@ -0,0 +1,5 @@ +[0, 0, 0] +[a=0, b=test, c=[1, 2, 3]] +[1, 1, 1] +[a=1, b=test, c=[1, 2, 3]] +[a=1, b=test, c=[2, 3, 4]] diff --git a/testing/btest/core/leaks/incr-vec-expr.test b/testing/btest/core/leaks/incr-vec-expr.test new file mode 100644 index 0000000000..d2b94a5e63 --- /dev/null +++ b/testing/btest/core/leaks/incr-vec-expr.test @@ -0,0 +1,35 @@ +# Needs perftools support. +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-GROUP: leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT + +type rec: record { + a: count; + b: string; + c: vector of count; +}; + +global vec: vector of count = vector(0,0,0); + +global v: rec = [$a=0, $b="test", $c=vector(1,2,3)]; + +event new_connection(c: connection) + { + print vec; + print v; + + ++vec; + + print vec; + + ++v$a; + + print v; + + ++v$c; + + print v; + } diff --git a/testing/btest/language/incr-vec-expr.test b/testing/btest/language/incr-vec-expr.test new file mode 100644 index 0000000000..c9945061a2 --- /dev/null +++ b/testing/btest/language/incr-vec-expr.test @@ -0,0 +1,27 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + +type rec: record { + a: count; + b: string; + c: vector of count; +}; + +global vec: vector of count = vector(0,0,0); + +global v: rec = [$a=0, $b="test", $c=vector(1,2,3)]; + +print vec; +print v; + +++vec; + +print vec; + +++v$a; + +print v; + +++v$c; + +print v; From 0ef91538dbd5890dc7eaf265e74c0c3a85880000 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Jul 2012 16:25:58 -0500 Subject: [PATCH 065/120] Fix overrides of TCP_ApplicationAnalyzer::EndpointEOF. In many cases, classes derived from TCP_ApplicationAnalyzer were *overloading* instead of overriding EndpointEOF causing the parent class version to become hidden in the child and also for the child's version to never to called polymorphically from TCP_Analyzer::EndpointEOF. Clang gave a warning in each case. --- src/BitTorrent.cc | 6 +++--- src/BitTorrent.h | 2 +- src/BitTorrentTracker.cc | 4 ++-- src/BitTorrentTracker.h | 2 +- src/DNS-binpac.cc | 6 +++--- src/DNS-binpac.h | 2 +- src/HTTP-binpac.cc | 6 +++--- src/HTTP-binpac.h | 2 +- src/SOCKS.cc | 6 +++--- src/SOCKS.h | 2 +- src/SSL.cc | 6 +++--- src/SSL.h | 2 +- 12 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/BitTorrent.cc b/src/BitTorrent.cc index 824e4ec98d..fa8fb09e43 100644 --- a/src/BitTorrent.cc +++ b/src/BitTorrent.cc @@ -106,10 +106,10 @@ void BitTorrent_Analyzer::Undelivered(int seq, int len, bool orig) // } } -void BitTorrent_Analyzer::EndpointEOF(TCP_Reassembler* endp) +void BitTorrent_Analyzer::EndpointEOF(bool is_orig) { - TCP_ApplicationAnalyzer::EndpointEOF(endp); - interp->FlowEOF(endp->IsOrig()); + TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + interp->FlowEOF(is_orig); } void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) diff --git a/src/BitTorrent.h b/src/BitTorrent.h index 191b4c50d7..f083cf4fc7 100644 --- a/src/BitTorrent.h +++ b/src/BitTorrent.h @@ -15,7 +15,7 @@ public: virtual void Done(); virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(int seq, int len, bool orig); - virtual void EndpointEOF(TCP_Reassembler* endp); + virtual void EndpointEOF(bool is_orig); static Analyzer* InstantiateAnalyzer(Connection* conn) { return new BitTorrent_Analyzer(conn); } diff --git a/src/BitTorrentTracker.cc b/src/BitTorrentTracker.cc index 995a01dd63..12c5a199de 100644 --- a/src/BitTorrentTracker.cc +++ b/src/BitTorrentTracker.cc @@ -215,9 +215,9 @@ void BitTorrentTracker_Analyzer::Undelivered(int seq, int len, bool orig) stop_resp = true; } -void BitTorrentTracker_Analyzer::EndpointEOF(TCP_Reassembler* endp) +void BitTorrentTracker_Analyzer::EndpointEOF(bool is_orig) { - TCP_ApplicationAnalyzer::EndpointEOF(endp); + TCP_ApplicationAnalyzer::EndpointEOF(is_orig); } void BitTorrentTracker_Analyzer::InitBencParser(void) diff --git a/src/BitTorrentTracker.h b/src/BitTorrentTracker.h index d57665d104..3b9efe0430 100644 --- a/src/BitTorrentTracker.h +++ b/src/BitTorrentTracker.h @@ -48,7 +48,7 @@ public: virtual void Done(); virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(int seq, int len, bool orig); - virtual void EndpointEOF(TCP_Reassembler* endp); + virtual void EndpointEOF(bool is_orig); static Analyzer* InstantiateAnalyzer(Connection* conn) { return new BitTorrentTracker_Analyzer(conn); } diff --git a/src/DNS-binpac.cc b/src/DNS-binpac.cc index eb95ac2e1c..999f6015c0 100644 --- a/src/DNS-binpac.cc +++ b/src/DNS-binpac.cc @@ -63,10 +63,10 @@ void DNS_TCP_Analyzer_binpac::Done() interp->FlowEOF(false); } -void DNS_TCP_Analyzer_binpac::EndpointEOF(TCP_Reassembler* endp) +void DNS_TCP_Analyzer_binpac::EndpointEOF(bool is_orig) { - TCP_ApplicationAnalyzer::EndpointEOF(endp); - interp->FlowEOF(endp->IsOrig()); + TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + interp->FlowEOF(is_orig); } void DNS_TCP_Analyzer_binpac::DeliverStream(int len, const u_char* data, diff --git a/src/DNS-binpac.h b/src/DNS-binpac.h index 9e8cb16f69..0bbacf9192 100644 --- a/src/DNS-binpac.h +++ b/src/DNS-binpac.h @@ -45,7 +45,7 @@ public: virtual void Done(); virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(int seq, int len, bool orig); - virtual void EndpointEOF(TCP_Reassembler* endp); + virtual void EndpointEOF(bool is_orig); static Analyzer* InstantiateAnalyzer(Connection* conn) { return new DNS_TCP_Analyzer_binpac(conn); } diff --git a/src/HTTP-binpac.cc b/src/HTTP-binpac.cc index 70cf37457b..47b2c479ec 100644 --- a/src/HTTP-binpac.cc +++ b/src/HTTP-binpac.cc @@ -20,10 +20,10 @@ void HTTP_Analyzer_binpac::Done() interp->FlowEOF(false); } -void HTTP_Analyzer_binpac::EndpointEOF(TCP_Reassembler* endp) +void HTTP_Analyzer_binpac::EndpointEOF(bool is_orig) { - TCP_ApplicationAnalyzer::EndpointEOF(endp); - interp->FlowEOF(endp->IsOrig()); + TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + interp->FlowEOF(is_orig); } void HTTP_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig) diff --git a/src/HTTP-binpac.h b/src/HTTP-binpac.h index 62b6fd0db3..ef7cc7dd7d 100644 --- a/src/HTTP-binpac.h +++ b/src/HTTP-binpac.h @@ -13,7 +13,7 @@ public: virtual void Done(); virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(int seq, int len, bool orig); - virtual void EndpointEOF(TCP_Reassembler* endp); + virtual void EndpointEOF(bool is_orig); static Analyzer* InstantiateAnalyzer(Connection* conn) { return new HTTP_Analyzer_binpac(conn); } diff --git a/src/SOCKS.cc b/src/SOCKS.cc index 02429aa208..4a6eda7043 100644 --- a/src/SOCKS.cc +++ b/src/SOCKS.cc @@ -31,10 +31,10 @@ void SOCKS_Analyzer::Done() interp->FlowEOF(false); } -void SOCKS_Analyzer::EndpointEOF(TCP_Reassembler* endp) +void SOCKS_Analyzer::EndpointEOF(bool is_orig) { - TCP_ApplicationAnalyzer::EndpointEOF(endp); - interp->FlowEOF(endp->IsOrig()); + TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + interp->FlowEOF(is_orig); } void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig) diff --git a/src/SOCKS.h b/src/SOCKS.h index c9a7338496..9753abb660 100644 --- a/src/SOCKS.h +++ b/src/SOCKS.h @@ -23,7 +23,7 @@ public: virtual void Done(); virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(int seq, int len, bool orig); - virtual void EndpointEOF(TCP_Reassembler* endp); + virtual void EndpointEOF(bool is_orig); static Analyzer* InstantiateAnalyzer(Connection* conn) { return new SOCKS_Analyzer(conn); } diff --git a/src/SSL.cc b/src/SSL.cc index 218b17080b..4658bbbc16 100644 --- a/src/SSL.cc +++ b/src/SSL.cc @@ -23,10 +23,10 @@ void SSL_Analyzer::Done() interp->FlowEOF(false); } -void SSL_Analyzer::EndpointEOF(TCP_Reassembler* endp) +void SSL_Analyzer::EndpointEOF(bool is_orig) { - TCP_ApplicationAnalyzer::EndpointEOF(endp); - interp->FlowEOF(endp->IsOrig()); + TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + interp->FlowEOF(is_orig); } void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) diff --git a/src/SSL.h b/src/SSL.h index c9f8d9be91..d0ef164877 100644 --- a/src/SSL.h +++ b/src/SSL.h @@ -15,7 +15,7 @@ public: virtual void Undelivered(int seq, int len, bool orig); // Overriden from TCP_ApplicationAnalyzer. - virtual void EndpointEOF(TCP_Reassembler* endp); + virtual void EndpointEOF(bool is_orig); static Analyzer* InstantiateAnalyzer(Connection* conn) { return new SSL_Analyzer(conn); } From ce05600a717e31f36170d6c47dabd91bd914cd2d Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 13 Jul 2012 22:24:34 -0400 Subject: [PATCH 066/120] Mozilla's current certificate bundle. --- scripts/base/protocols/ssl/mozilla-ca-list.bro | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro index 4c4dccb755..ad8e445912 100644 --- a/scripts/base/protocols/ssl/mozilla-ca-list.bro +++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro @@ -1,5 +1,5 @@ # Don't edit! This file is automatically generated. -# Generated at: 2011-10-25 11:03:20 -0500 +# Generated at: Fri Jul 13 22:22:40 -0400 2012 @load base/protocols/ssl module SSL; redef root_certs += { @@ -11,7 +11,6 @@ redef root_certs += { ["OU=DSTCA E2,O=Digital Signature Trust Co.,C=US"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xA0\x03\x02\x01\x02\x02\x04\x36\x6E\xD3\xCE\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x1E\x17\x0D\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x17\x0D\x31\x38\x31\x32\x30\x39\x31\x39\x34\x37\x32\x36\x5A\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x81\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8B\x00\x30\x81\x87\x02\x81\x81\x00\xBF\x93\x8F\x17\x92\xEF\x33\x13\x18\xEB\x10\x7F\x4E\x16\xBF\xFF\x06\x8F\x2A\x85\xBC\x5E\xF9\x24\xA6\x24\x88\xB6\x03\xB7\xC1\xC3\x5F\x03\x5B\xD1\x6F\xAE\x7E\x42\xEA\x66\x23\xB8\x63\x83\x56\xFB\x28\x2D\xE1\x38\x8B\xB4\xEE\xA8\x01\xE1\xCE\x1C\xB6\x88\x2A\x22\x46\x85\xFB\x9F\xA7\x70\xA9\x47\x14\x3F\xCE\xDE\x65\xF0\xA8\x71\xF7\x4F\x26\x6C\x8C\xBC\xC6\xB5\xEF\xDE\x49\x27\xFF\x48\x2A\x7D\xE8\x4D\x03\xCC\xC7\xB2\x52\xC6\x17\x31\x13\x3B\xB5\x4D\xDB\xC8\xC4\xF6\xC3\x0F\x24\x2A\xDA\x0C\x9D\xE7\x91\x5B\x80\xCD\x94\x9D\x02\x01\x03\xA3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1D\x1F\x04\x61\x30\x5F\x30\x5D\xA0\x5B\xA0\x59\xA4\x57\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x31\x39\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x81\x0F\x32\x30\x31\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x1E\x82\x4D\x28\x65\x80\x3C\xC9\x41\x6E\xAC\x35\x2E\x5A\xCB\xDE\xEE\xF8\x39\x5B\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1E\x82\x4D\x28\x65\x80\x3C\xC9\x41\x6E\xAC\x35\x2E\x5A\xCB\xDE\xEE\xF8\x39\x5B\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x19\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0C\x30\x0A\x1B\x04\x56\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x47\x8D\x83\xAD\x62\xF2\xDB\xB0\x9E\x45\x22\x05\xB9\xA2\xD6\x03\x0E\x38\x72\xE7\x9E\xFC\x7B\xE6\x93\xB6\x9A\xA5\xA2\x94\xC8\x34\x1D\x91\xD1\xC5\xD7\xF4\x0A\x25\x0F\x3D\x78\x81\x9E\x0F\xB1\x67\xC4\x90\x4C\x63\xDD\x5E\xA7\xE2\xBA\x9F\xF5\xF7\x4D\xA5\x31\x7B\x9C\x29\x2D\x4C\xFE\x64\x3E\xEC\xB6\x53\xFE\xEA\x9B\xED\x82\xDB\x74\x75\x4B\x07\x79\x6E\x1E\xD8\x19\x83\x73\xDE\xF5\x3E\xD0\xB5\xDE\xE7\x4B\x68\x7D\x43\x2E\x2A\x20\xE1\x7E\xA0\x78\x44\x9E\x08\xF5\x98\xF9\xC7\x7F\x1B\x1B\xD6\x06\x20\x02\x58\xA1\xC3\xA2\x03", ["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64", ["OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x02\x30\x82\x02\x6B\x02\x10\x7D\xD9\xFE\x07\xCF\xA8\x1E\xB7\x10\x79\x67\xFB\xA7\x89\x34\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x1E\x17\x0D\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCC\x5E\xD1\x11\x5D\x5C\x69\xD0\xAB\xD3\xB9\x6A\x4C\x99\x1F\x59\x98\x30\x8E\x16\x85\x20\x46\x6D\x47\x3F\xD4\x85\x20\x84\xE1\x6D\xB3\xF8\xA4\xED\x0C\xF1\x17\x0F\x3B\xF9\xA7\xF9\x25\xD7\xC1\xCF\x84\x63\xF2\x7C\x63\xCF\xA2\x47\xF2\xC6\x5B\x33\x8E\x64\x40\x04\x68\xC1\x80\xB9\x64\x1C\x45\x77\xC7\xD8\x6E\xF5\x95\x29\x3C\x50\xE8\x34\xD7\x78\x1F\xA8\xBA\x6D\x43\x91\x95\x8F\x45\x57\x5E\x7E\xC5\xFB\xCA\xA4\x04\xEB\xEA\x97\x37\x54\x30\x6F\xBB\x01\x47\x32\x33\xCD\xDC\x57\x9B\x64\x69\x61\xF8\x9B\x1D\x1C\x89\x4F\x5C\x67\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x51\x4D\xCD\xBE\x5C\xCB\x98\x19\x9C\x15\xB2\x01\x39\x78\x2E\x4D\x0F\x67\x70\x70\x99\xC6\x10\x5A\x94\xA4\x53\x4D\x54\x6D\x2B\xAF\x0D\x5D\x40\x8B\x64\xD3\xD7\xEE\xDE\x56\x61\x92\x5F\xA6\xC4\x1D\x10\x61\x36\xD3\x2C\x27\x3C\xE8\x29\x09\xB9\x11\x64\x74\xCC\xB5\x73\x9F\x1C\x48\xA9\xBC\x61\x01\xEE\xE2\x17\xA6\x0C\xE3\x40\x08\x3B\x0E\xE7\xEB\x44\x73\x2A\x9A\xF1\x69\x92\xEF\x71\x14\xC3\x39\xAC\x71\xA7\x91\x09\x6F\xE4\x71\x06\xB3\xBA\x59\x57\x26\x79\x00\xF6\xF8\x0D\xA2\x33\x30\x28\xD4\xAA\x58\xA0\x9D\x9D\x69\x91\xFD", - ["OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 4 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x02\x30\x82\x02\x6B\x02\x10\x32\x88\x8E\x9A\xD2\xF5\xEB\x13\x47\xF8\x7F\xC4\x20\x37\x25\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x1E\x17\x0D\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xBA\xF0\xE4\xCF\xF9\xC4\xAE\x85\x54\xB9\x07\x57\xF9\x8F\xC5\x7F\x68\x11\xF8\xC4\x17\xB0\x44\xDC\xE3\x30\x73\xD5\x2A\x62\x2A\xB8\xD0\xCC\x1C\xED\x28\x5B\x7E\xBD\x6A\xDC\xB3\x91\x24\xCA\x41\x62\x3C\xFC\x02\x01\xBF\x1C\x16\x31\x94\x05\x97\x76\x6E\xA2\xAD\xBD\x61\x17\x6C\x4E\x30\x86\xF0\x51\x37\x2A\x50\xC7\xA8\x62\x81\xDC\x5B\x4A\xAA\xC1\xA0\xB4\x6E\xEB\x2F\xE5\x57\xC5\xB1\x2B\x40\x70\xDB\x5A\x4D\xA1\x8E\x1F\xBD\x03\x1F\xD8\x03\xD4\x8F\x4C\x99\x71\xBC\xE2\x82\xCC\x58\xE8\x98\x3A\x86\xD3\x86\x38\xF3\x00\x29\x1F\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x85\x8C\x12\xC1\xA7\xB9\x50\x15\x7A\xCB\x3E\xAC\xB8\x43\x8A\xDC\xAA\xDD\x14\xBA\x89\x81\x7E\x01\x3C\x23\x71\x21\x88\x2F\x82\xDC\x63\xFA\x02\x45\xAC\x45\x59\xD7\x2A\x58\x44\x5B\xB7\x9F\x81\x3B\x92\x68\x3D\xE2\x37\x24\xF5\x7B\x6C\x8F\x76\x35\x96\x09\xA8\x59\x9D\xB9\xCE\x23\xAB\x74\xD6\x83\xFD\x32\x73\x27\xD8\x69\x3E\x43\x74\xF6\xAE\xC5\x89\x9A\xE7\x53\x7C\xE9\x7B\xF6\x4B\xF3\xC1\x65\x83\xDE\x8D\x8A\x9C\x3C\x88\x8D\x39\x59\xFC\xAA\x3F\x22\x8D\xA1\xC1\x66\x50\x81\x72\x4C\xED\x22\x64\x4F\x4F\xCA\x80\x91\xB6\x29", ["CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE"] = "\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0", ["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x0F\x86\x26\xE6\x0D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x17\x0D\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA6\xCF\x24\x0E\xBE\x2E\x6F\x28\x99\x45\x42\xC4\xAB\x3E\x21\x54\x9B\x0B\xD3\x7F\x84\x70\xFA\x12\xB3\xCB\xBF\x87\x5F\xC6\x7F\x86\xD3\xB2\x30\x5C\xD6\xFD\xAD\xF1\x7B\xDC\xE5\xF8\x60\x96\x09\x92\x10\xF5\xD0\x53\xDE\xFB\x7B\x7E\x73\x88\xAC\x52\x88\x7B\x4A\xA6\xCA\x49\xA6\x5E\xA8\xA7\x8C\x5A\x11\xBC\x7A\x82\xEB\xBE\x8C\xE9\xB3\xAC\x96\x25\x07\x97\x4A\x99\x2A\x07\x2F\xB4\x1E\x77\xBF\x8A\x0F\xB5\x02\x7C\x1B\x96\xB8\xC5\xB9\x3A\x2C\xBC\xD6\x12\xB9\xEB\x59\x7D\xE2\xD0\x06\x86\x5F\x5E\x49\x6A\xB5\x39\x5E\x88\x34\xEC\xBC\x78\x0C\x08\x98\x84\x6C\xA8\xCD\x4B\xB4\xA0\x7D\x0C\x79\x4D\xF0\xB8\x2D\xCB\x21\xCA\xD5\x6C\x5B\x7D\xE1\xA0\x29\x84\xA1\xF9\xD3\x94\x49\xCB\x24\x62\x91\x20\xBC\xDD\x0B\xD5\xD9\xCC\xF9\xEA\x27\x0A\x2B\x73\x91\xC6\x9D\x1B\xAC\xC8\xCB\xE8\xE0\xA0\xF4\x2F\x90\x8B\x4D\xFB\xB0\x36\x1B\xF6\x19\x7A\x85\xE0\x6D\xF2\x61\x13\x88\x5C\x9F\xE0\x93\x0A\x51\x97\x8A\x5A\xCE\xAF\xAB\xD5\xF7\xAA\x09\xAA\x60\xBD\xDC\xD9\x5F\xDF\x72\xA9\x60\x13\x5E\x00\x01\xC9\x4A\xFA\x3F\xA4\xEA\x07\x03\x21\x02\x8E\x82\xCA\x03\xC2\x9B\x8F\x02\x03\x01\x00\x01\xA3\x81\x9C\x30\x81\x99\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x36\x06\x03\x55\x1D\x1F\x04\x2F\x30\x2D\x30\x2B\xA0\x29\xA0\x27\x86\x25\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x67\x6C\x6F\x62\x61\x6C\x73\x69\x67\x6E\x2E\x6E\x65\x74\x2F\x72\x6F\x6F\x74\x2D\x72\x32\x2E\x63\x72\x6C\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x9B\xE2\x07\x57\x67\x1C\x1E\xC0\x6A\x06\xDE\x59\xB4\x9A\x2D\xDF\xDC\x19\x86\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x99\x81\x53\x87\x1C\x68\x97\x86\x91\xEC\xE0\x4A\xB8\x44\x0B\xAB\x81\xAC\x27\x4F\xD6\xC1\xB8\x1C\x43\x78\xB3\x0C\x9A\xFC\xEA\x2C\x3C\x6E\x61\x1B\x4D\x4B\x29\xF5\x9F\x05\x1D\x26\xC1\xB8\xE9\x83\x00\x62\x45\xB6\xA9\x08\x93\xB9\xA9\x33\x4B\x18\x9A\xC2\xF8\x87\x88\x4E\xDB\xDD\x71\x34\x1A\xC1\x54\xDA\x46\x3F\xE0\xD3\x2A\xAB\x6D\x54\x22\xF5\x3A\x62\xCD\x20\x6F\xBA\x29\x89\xD7\xDD\x91\xEE\xD3\x5C\xA2\x3E\xA1\x5B\x41\xF5\xDF\xE5\x64\x43\x2D\xE9\xD5\x39\xAB\xD2\xA2\xDF\xB7\x8B\xD0\xC0\x80\x19\x1C\x45\xC0\x2D\x8C\xE8\xF8\x2D\xA4\x74\x56\x49\xC5\x05\xB5\x4F\x15\xDE\x6E\x44\x78\x39\x87\xA8\x7E\xBB\xF3\x79\x18\x91\xBB\xF4\x6F\x9D\xC1\xF0\x8C\x35\x8C\x5D\x01\xFB\xC3\x6D\xB9\xEF\x44\x6D\x79\x46\x31\x7E\x0A\xFE\xA9\x82\xC1\xFF\xEF\xAB\x6E\x20\xC4\x50\xC9\x5F\x9D\x4D\x9B\x17\x8C\x0C\xE5\x01\xC9\xA0\x41\x6A\x73\x53\xFA\xA5\x50\xB4\x6E\x25\x0F\xFB\x4C\x18\xF4\xFD\x52\xD9\x8E\x69\xB1\xE8\x11\x0F\xDE\x88\xD8\xFB\x1D\x49\xF7\xAA\xDE\x95\xCF\x20\x78\xC2\x60\x12\xDB\x25\x40\x8C\x6A\xFC\x7E\x42\x38\x40\x64\x12\xF7\x9E\x81\xE1\x93\x2E", ["emailAddress=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O=ValiCert\, Inc.,L=ValiCert Validation Network"] = "\x30\x82\x02\xE7\x30\x82\x02\x50\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xBB\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1B\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x61\x6C\x69\x43\x65\x72\x74\x2C\x20\x49\x6E\x63\x2E\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x50\x6F\x6C\x69\x63\x79\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x2F\x31\x20\x30\x1E\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x11\x69\x6E\x66\x6F\x40\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5A\x17\x0D\x31\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5A\x30\x81\xBB\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1B\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x61\x6C\x69\x43\x65\x72\x74\x2C\x20\x49\x6E\x63\x2E\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x61\x6C\x69\x43\x65\x72\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x50\x6F\x6C\x69\x63\x79\x20\x56\x61\x6C\x69\x64\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x2F\x31\x20\x30\x1E\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x11\x69\x6E\x66\x6F\x40\x76\x61\x6C\x69\x63\x65\x72\x74\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD8\x59\x82\x7A\x89\xB8\x96\xBA\xA6\x2F\x68\x6F\x58\x2E\xA7\x54\x1C\x06\x6E\xF4\xEA\x8D\x48\xBC\x31\x94\x17\xF0\xF3\x4E\xBC\xB2\xB8\x35\x92\x76\xB0\xD0\xA5\xA5\x01\xD7\x00\x03\x12\x22\x19\x08\xF8\xFF\x11\x23\x9B\xCE\x07\xF5\xBF\x69\x1A\x26\xFE\x4E\xE9\xD1\x7F\x9D\x2C\x40\x1D\x59\x68\x6E\xA6\xF8\x58\xB0\x9D\x1A\x8F\xD3\x3F\xF1\xDC\x19\x06\x81\xA8\x0E\xE0\x3A\xDD\xC8\x53\x45\x09\x06\xE6\x0F\x70\xC3\xFA\x40\xA6\x0E\xE2\x56\x05\x0F\x18\x4D\xFC\x20\x82\xD1\x73\x55\x74\x8D\x76\x72\xA0\x1D\x9D\x1D\xC0\xDD\x3F\x71\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x50\x68\x3D\x49\xF4\x2C\x1C\x06\x94\xDF\x95\x60\x7F\x96\x7B\x17\xFE\x4F\x71\xAD\x64\xC8\xDD\x77\xD2\xEF\x59\x55\xE8\x3F\xE8\x8E\x05\x2A\x21\xF2\x07\xD2\xB5\xA7\x52\xFE\x9C\xB1\xB6\xE2\x5B\x77\x17\x40\xEA\x72\xD6\x23\xCB\x28\x81\x32\xC3\x00\x79\x18\xEC\x59\x17\x89\xC9\xC6\x6A\x1E\x71\xC9\xFD\xB7\x74\xA5\x25\x45\x69\xC5\x48\xAB\x19\xE1\x45\x8A\x25\x6B\x19\xEE\xE5\xBB\x12\xF5\x7F\xF7\xA6\x8D\x51\xC3\xF0\x9D\x74\xB7\xA9\x3E\xA0\xA5\xFF\xB6\x49\x03\x13\xDA\x22\xCC\xED\x71\x82\x2B\x99\xCF\x3A\xB7\xF5\x2D\x72\xC8", @@ -38,8 +37,6 @@ redef root_certs += { ["CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US"] = "\x30\x82\x03\xA4\x30\x82\x02\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x31\x31\x31\x39\x32\x30\x34\x33\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA8\x2F\xE8\xA4\x69\x06\x03\x47\xC3\xE9\x2A\x98\xFF\x19\xA2\x70\x9A\xC6\x50\xB2\x7E\xA5\xDF\x68\x4D\x1B\x7C\x0F\xB6\x97\x68\x7D\x2D\xA6\x8B\x97\xE9\x64\x86\xC9\xA3\xEF\xA0\x86\xBF\x60\x65\x9C\x4B\x54\x88\xC2\x48\xC5\x4A\x39\xBF\x14\xE3\x59\x55\xE5\x19\xB4\x74\xC8\xB4\x05\x39\x5C\x16\xA5\xE2\x95\x05\xE0\x12\xAE\x59\x8B\xA2\x33\x68\x58\x1C\xA6\xD4\x15\xB7\xD8\x9F\xD7\xDC\x71\xAB\x7E\x9A\xBF\x9B\x8E\x33\x0F\x22\xFD\x1F\x2E\xE7\x07\x36\xEF\x62\x39\xC5\xDD\xCB\xBA\x25\x14\x23\xDE\x0C\xC6\x3D\x3C\xCE\x82\x08\xE6\x66\x3E\xDA\x51\x3B\x16\x3A\xA3\x05\x7F\xA0\xDC\x87\xD5\x9C\xFC\x72\xA9\xA0\x7D\x78\xE4\xB7\x31\x55\x1E\x65\xBB\xD4\x61\xB0\x21\x60\xED\x10\x32\x72\xC5\x92\x25\x1E\xF8\x90\x4A\x18\x78\x47\xDF\x7E\x30\x37\x3E\x50\x1B\xDB\x1C\xD3\x6B\x9A\x86\x53\x07\xB0\xEF\xAC\x06\x78\xF8\x84\x99\xFE\x21\x8D\x4C\x80\xB6\x0C\x82\xF6\x66\x70\x79\x1A\xD3\x4F\xA3\xCF\xF1\xCF\x46\xB0\x4B\x0F\x3E\xDD\x88\x62\xB8\x8C\xA9\x09\x28\x3B\x7A\xC7\x97\xE1\x1E\xE5\xF4\x9F\xC0\xC0\xAE\x24\xA0\xC8\xA1\xD9\x0F\xD6\x7B\x26\x82\x69\x32\x3D\xA7\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x00\xAD\xD9\xA3\xF6\x79\xF6\x6E\x74\xA9\x7F\x33\x3D\x81\x17\xD7\x4C\xCF\x33\xDE\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7C\x8A\xD1\x1F\x18\x37\x82\xE0\xB8\xB0\xA3\xED\x56\x95\xC8\x62\x61\x9C\x05\xA2\xCD\xC2\x62\x26\x61\xCD\x10\x16\xD7\xCC\xB4\x65\x34\xD0\x11\x8A\xAD\xA8\xA9\x05\x66\xEF\x74\xF3\x6D\x5F\x9D\x99\xAF\xF6\x8B\xFB\xEB\x52\xB2\x05\x98\xA2\x6F\x2A\xC5\x54\xBD\x25\xBD\x5F\xAE\xC8\x86\xEA\x46\x2C\xC1\xB3\xBD\xC1\xE9\x49\x70\x18\x16\x97\x08\x13\x8C\x20\xE0\x1B\x2E\x3A\x47\xCB\x1E\xE4\x00\x30\x95\x5B\xF4\x45\xA3\xC0\x1A\xB0\x01\x4E\xAB\xBD\xC0\x23\x6E\x63\x3F\x80\x4A\xC5\x07\xED\xDC\xE2\x6F\xC7\xC1\x62\xF1\xE3\x72\xD6\x04\xC8\x74\x67\x0B\xFA\x88\xAB\xA1\x01\xC8\x6F\xF0\x14\xAF\xD2\x99\xCD\x51\x93\x7E\xED\x2E\x38\xC7\xBD\xCE\x46\x50\x3D\x72\xE3\x79\x25\x9D\x9B\x88\x2B\x10\x20\xDD\xA5\xB8\x32\x9F\x8D\xE0\x29\xDF\x21\x74\x86\x82\xDB\x2F\x82\x30\xC6\xC7\x35\x86\xB3\xF9\x96\x5F\x46\xDB\x0C\x45\xFD\xF3\x50\xC3\x6F\xC6\xC3\x48\xAD\x46\xA6\xE1\x27\x47\x0A\x1D\x0E\x9B\xB6\xC2\x77\x7F\x63\xF2\xE0\x7D\x1A\xBE\xFC\xE0\xDF\xD7\xC7\xA7\x6C\xB0\xF9\xAE\xBA\x3C\xFD\x74\xB4\x11\xE8\x58\x0D\x80\xBC\xD3\xA8\x80\x3A\x99\xED\x75\xCC\x46\x7B", ["CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US"] = "\x30\x82\x05\xA4\x30\x82\x03\x8C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x1E\x17\x0D\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5A\x17\x0D\x33\x37\x30\x39\x32\x39\x31\x34\x30\x38\x30\x30\x5A\x30\x63\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x49\x6E\x63\x2E\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2D\x41\x6D\x65\x72\x69\x63\x61\x20\x4F\x6E\x6C\x69\x6E\x65\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCC\x41\x45\x1D\xE9\x3D\x4D\x10\xF6\x8C\xB1\x41\xC9\xE0\x5E\xCB\x0D\xB7\xBF\x47\x73\xD3\xF0\x55\x4D\xDD\xC6\x0C\xFA\xB1\x66\x05\x6A\xCD\x78\xB4\xDC\x02\xDB\x4E\x81\xF3\xD7\xA7\x7C\x71\xBC\x75\x63\xA0\x5D\xE3\x07\x0C\x48\xEC\x25\xC4\x03\x20\xF4\xFF\x0E\x3B\x12\xFF\x9B\x8D\xE1\xC6\xD5\x1B\xB4\x6D\x22\xE3\xB1\xDB\x7F\x21\x64\xAF\x86\xBC\x57\x22\x2A\xD6\x47\x81\x57\x44\x82\x56\x53\xBD\x86\x14\x01\x0B\xFC\x7F\x74\xA4\x5A\xAE\xF1\xBA\x11\xB5\x9B\x58\x5A\x80\xB4\x37\x78\x09\x33\x7C\x32\x47\x03\x5C\xC4\xA5\x83\x48\xF4\x57\x56\x6E\x81\x36\x27\x18\x4F\xEC\x9B\x28\xC2\xD4\xB4\xD7\x7C\x0C\x3E\x0C\x2B\xDF\xCA\x04\xD7\xC6\x8E\xEA\x58\x4E\xA8\xA4\xA5\x18\x1C\x6C\x45\x98\xA3\x41\xD1\x2D\xD2\xC7\x6D\x8D\x19\xF1\xAD\x79\xB7\x81\x3F\xBD\x06\x82\x27\x2D\x10\x58\x05\xB5\x78\x05\xB9\x2F\xDB\x0C\x6B\x90\x90\x7E\x14\x59\x38\xBB\x94\x24\x13\xE5\xD1\x9D\x14\xDF\xD3\x82\x4D\x46\xF0\x80\x39\x52\x32\x0F\xE3\x84\xB2\x7A\x43\xF2\x5E\xDE\x5F\x3F\x1D\xDD\xE3\xB2\x1B\xA0\xA1\x2A\x23\x03\x6E\x2E\x01\x15\x87\x5C\xA6\x75\x75\xC7\x97\x61\xBE\xDE\x86\xDC\xD4\x48\xDB\xBD\x2A\xBF\x4A\x55\xDA\xE8\x7D\x50\xFB\xB4\x80\x17\xB8\x94\xBF\x01\x3D\xEA\xDA\xBA\x7C\xE0\x58\x67\x17\xB9\x58\xE0\x88\x86\x46\x67\x6C\x9D\x10\x47\x58\x32\xD0\x35\x7C\x79\x2A\x90\xA2\x5A\x10\x11\x23\x35\xAD\x2F\xCC\xE4\x4A\x5B\xA7\xC8\x27\xF2\x83\xDE\x5E\xBB\x5E\x77\xE7\xE8\xA5\x6E\x63\xC2\x0D\x5D\x61\xD0\x8C\xD2\x6C\x5A\x21\x0E\xCA\x28\xA3\xCE\x2A\xE9\x95\xC7\x48\xCF\x96\x6F\x1D\x92\x25\xC8\xC6\xC6\xC1\xC1\x0C\x05\xAC\x26\xC4\xD2\x75\xD2\xE1\x2A\x67\xC0\x3D\x5B\xA5\x9A\xEB\xCF\x7B\x1A\xA8\x9D\x14\x45\xE5\x0F\xA0\x9A\x65\xDE\x2F\x28\xBD\xCE\x6F\x94\x66\x83\x48\x29\xD8\xEA\x65\x8C\xAF\x93\xD9\x64\x9F\x55\x57\x26\xBF\x6F\xCB\x37\x31\x99\xA3\x60\xBB\x1C\xAD\x89\x34\x32\x62\xB8\x43\x21\x06\x72\x0C\xA1\x5C\x6D\x46\xC5\xFA\x29\xCF\x30\xDE\x89\xDC\x71\x5B\xDD\xB6\x37\x3E\xDF\x50\xF5\xB8\x07\x25\x26\xE5\xBC\xB5\xFE\x3C\x02\xB3\xB7\xF8\xBE\x43\xC1\x87\x11\x94\x9E\x23\x6C\x17\x8A\xB8\x8A\x27\x0C\x54\x47\xF0\xA9\xB3\xC0\x80\x8C\xA0\x27\xEB\x1D\x19\xE3\x07\x8E\x77\x70\xCA\x2B\xF4\x7D\x76\xE0\x78\x67\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4D\x45\xC1\x68\x38\xBB\x73\xA9\x69\xA1\x20\xE7\xED\xF5\x22\xA1\x23\x14\xD7\x9E\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x67\x6B\x06\xB9\x5F\x45\x3B\x2A\x4B\x33\xB3\xE6\x1B\x6B\x59\x4E\x22\xCC\xB9\xB7\xA4\x25\xC9\xA7\xC4\xF0\x54\x96\x0B\x64\xF3\xB1\x58\x4F\x5E\x51\xFC\xB2\x97\x7B\x27\x65\xC2\xE5\xCA\xE7\x0D\x0C\x25\x7B\x62\xE3\xFA\x9F\xB4\x87\xB7\x45\x46\xAF\x83\xA5\x97\x48\x8C\xA5\xBD\xF1\x16\x2B\x9B\x76\x2C\x7A\x35\x60\x6C\x11\x80\x97\xCC\xA9\x92\x52\xE6\x2B\xE6\x69\xED\xA9\xF8\x36\x2D\x2C\x77\xBF\x61\x48\xD1\x63\x0B\xB9\x5B\x52\xED\x18\xB0\x43\x42\x22\xA6\xB1\x77\xAE\xDE\x69\xC5\xCD\xC7\x1C\xA1\xB1\xA5\x1C\x10\xFB\x18\xBE\x1A\x70\xDD\xC1\x92\x4B\xBE\x29\x5A\x9D\x3F\x35\xBE\xE5\x7D\x51\xF8\x55\xE0\x25\x75\x23\x87\x1E\x5C\xDC\xBA\x9D\xB0\xAC\xB3\x69\xDB\x17\x83\xC9\xF7\xDE\x0C\xBC\x08\xDC\x91\x9E\xA8\xD0\xD7\x15\x37\x73\xA5\x35\xB8\xFC\x7E\xC5\x44\x40\x06\xC3\xEB\xF8\x22\x80\x5C\x47\xCE\x02\xE3\x11\x9F\x44\xFF\xFD\x9A\x32\xCC\x7D\x64\x51\x0E\xEB\x57\x26\x76\x3A\xE3\x1E\x22\x3C\xC2\xA6\x36\xDD\x19\xEF\xA7\xFC\x12\xF3\x26\xC0\x59\x31\x85\x4C\x9C\xD8\xCF\xDF\xA4\xCC\xCC\x29\x93\xFF\x94\x6D\x76\x5C\x13\x08\x97\xF2\xED\xA5\x0B\x4D\xDD\xE8\xC9\x68\x0E\x66\xD3\x00\x0E\x33\x12\x5B\xBC\x95\xE5\x32\x90\xA8\xB3\xC6\x6C\x83\xAD\x77\xEE\x8B\x7E\x7E\xB1\xA9\xAB\xD3\xE1\xF1\xB6\xC0\xB1\xEA\x88\xC0\xE7\xD3\x90\xE9\x28\x92\x94\x7B\x68\x7B\x97\x2A\x0A\x67\x2D\x85\x02\x38\x10\xE4\x03\x61\xD4\xDA\x25\x36\xC7\x08\x58\x2D\xA1\xA7\x51\xAF\x30\x0A\x49\xF5\xA6\x69\x87\x07\x2D\x44\x46\x76\x8E\x2A\xE5\x9A\x3B\xD7\x18\xA2\xFC\x9C\x38\x10\xCC\xC6\x3B\xD2\xB5\x17\x3A\x6F\xFD\xAE\x25\xBD\xF5\x72\x59\x64\xB1\x74\x2A\x38\x5F\x18\x4C\xDF\xCF\x71\x04\x5A\x36\xD4\xBF\x2F\x99\x9C\xE8\xD9\xBA\xB1\x95\xE6\x02\x4B\x21\xA1\x5B\xD5\xC1\x4F\x8F\xAE\x69\x6D\x53\xDB\x01\x93\xB5\x5C\x1E\x18\xDD\x64\x5A\xCA\x18\x28\x3E\x63\x04\x11\xFD\x1C\x8D\x00\x0F\xB8\x37\xDF\x67\x8A\x9D\x66\xA9\x02\x6A\x91\xFF\x13\xCA\x2F\x5D\x83\xBC\x87\x93\x6C\xDC\x24\x51\x16\x04\x25\x66\xFA\xB3\xD9\xC2\xBA\x29\xBE\x9A\x48\x38\x82\x99\xF4\xBF\x3B\x4A\x31\x19\xF9\xBF\x8E\x21\x33\x14\xCA\x4F\x54\x5F\xFB\xCE\xFB\x8F\x71\x7F\xFD\x5E\x19\xA0\x0F\x4B\x91\xB8\xC4\x54\xBC\x06\xB0\x45\x8F\x26\x91\xA2\x8E\xFE\xA9", ["CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US"] = "\x30\x82\x03\xA2\x30\x82\x02\x8A\xA0\x03\x02\x01\x02\x02\x10\x13\x86\x35\x4D\x1D\x3F\x06\xF2\xC1\xF9\x65\x05\xD5\x90\x1C\x62\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x32\x30\x36\x32\x36\x30\x32\x31\x38\x33\x36\x5A\x17\x0D\x32\x32\x30\x36\x32\x34\x30\x30\x31\x36\x31\x32\x5A\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x56\x49\x53\x41\x31\x2F\x30\x2D\x06\x03\x55\x04\x0B\x13\x26\x56\x69\x73\x61\x20\x49\x6E\x74\x65\x72\x6E\x61\x74\x69\x6F\x6E\x61\x6C\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6F\x63\x69\x61\x74\x69\x6F\x6E\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAF\x57\xDE\x56\x1E\x6E\xA1\xDA\x60\xB1\x94\x27\xCB\x17\xDB\x07\x3F\x80\x85\x4F\xC8\x9C\xB6\xD0\xF4\x6F\x4F\xCF\x99\xD8\xE1\xDB\xC2\x48\x5C\x3A\xAC\x39\x33\xC7\x1F\x6A\x8B\x26\x3D\x2B\x35\xF5\x48\xB1\x91\xC1\x02\x4E\x04\x96\x91\x7B\xB0\x33\xF0\xB1\x14\x4E\x11\x6F\xB5\x40\xAF\x1B\x45\xA5\x4A\xEF\x7E\xB6\xAC\xF2\xA0\x1F\x58\x3F\x12\x46\x60\x3C\x8D\xA1\xE0\x7D\xCF\x57\x3E\x33\x1E\xFB\x47\xF1\xAA\x15\x97\x07\x55\x66\xA5\xB5\x2D\x2E\xD8\x80\x59\xB2\xA7\x0D\xB7\x46\xEC\x21\x63\xFF\x35\xAB\xA5\x02\xCF\x2A\xF4\x4C\xFE\x7B\xF5\x94\x5D\x84\x4D\xA8\xF2\x60\x8F\xDB\x0E\x25\x3C\x9F\x73\x71\xCF\x94\xDF\x4A\xEA\xDB\xDF\x72\x38\x8C\xF3\x96\xBD\xF1\x17\xBC\xD2\xBA\x3B\x45\x5A\xC6\xA7\xF6\xC6\x17\x8B\x01\x9D\xFC\x19\xA8\x2A\x83\x16\xB8\x3A\x48\xFE\x4E\x3E\xA0\xAB\x06\x19\xE9\x53\xF3\x80\x13\x07\xED\x2D\xBF\x3F\x0A\x3C\x55\x20\x39\x2C\x2C\x00\x69\x74\x95\x4A\xBC\x20\xB2\xA9\x79\xE5\x18\x89\x91\xA8\xDC\x1C\x4D\xEF\xBB\x7E\x37\x0B\x5D\xFE\x39\xA5\x88\x52\x8C\x00\x6C\xEC\x18\x7C\x41\xBD\xF6\x8B\x75\x77\xBA\x60\x9D\x84\xE7\xFE\x2D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x15\x38\x83\x0F\x3F\x2C\x3F\x70\x33\x1E\xCD\x46\xFE\x07\x8C\x20\xE0\xD7\xC3\xB7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5F\xF1\x41\x7D\x7C\x5C\x08\xB9\x2B\xE0\xD5\x92\x47\xFA\x67\x5C\xA5\x13\xC3\x03\x21\x9B\x2B\x4C\x89\x46\xCF\x59\x4D\xC9\xFE\xA5\x40\xB6\x63\xCD\xDD\x71\x28\x95\x67\x11\xCC\x24\xAC\xD3\x44\x6C\x71\xAE\x01\x20\x6B\x03\xA2\x8F\x18\xB7\x29\x3A\x7D\xE5\x16\x60\x53\x78\x3C\xC0\xAF\x15\x83\xF7\x8F\x52\x33\x24\xBD\x64\x93\x97\xEE\x8B\xF7\xDB\x18\xA8\x6D\x71\xB3\xF7\x2C\x17\xD0\x74\x25\x69\xF7\xFE\x6B\x3C\x94\xBE\x4D\x4B\x41\x8C\x4E\xE2\x73\xD0\xE3\x90\x22\x73\x43\xCD\xF3\xEF\xEA\x73\xCE\x45\x8A\xB0\xA6\x49\xFF\x4C\x7D\x9D\x71\x88\xC4\x76\x1D\x90\x5B\x1D\xEE\xFD\xCC\xF7\xEE\xFD\x60\xA5\xB1\x7A\x16\x71\xD1\x16\xD0\x7C\x12\x3C\x6C\x69\x97\xDB\xAE\x5F\x39\x9A\x70\x2F\x05\x3C\x19\x46\x04\x99\x20\x36\xD0\x60\x6E\x61\x06\xBB\x16\x42\x8C\x70\xF7\x30\xFB\xE0\xDB\x66\xA3\x00\x01\xBD\xE6\x2C\xDA\x91\x5F\xA0\x46\x8B\x4D\x6A\x9C\x3D\x3D\xDD\x05\x46\xFE\x76\xBF\xA0\x0A\x3C\xE4\x00\xE6\x27\xB7\xFF\x84\x2D\xDE\xBA\x22\x27\x96\x10\x71\xEB\x22\xED\xDF\xDF\x33\x9C\xCF\xE3\xAD\xAE\x8E\xD4\x8E\xE6\x4F\x51\xAF\x16\x92\xE0\x5C\xF6\x07\x0F", - ["emailAddress=certificate@trustcenter.de,OU=TC TrustCenter Class 2 CA,O=TC TrustCenter for Security in Data Networks GmbH,L=Hamburg,ST=Hamburg,C=DE"] = "\x30\x82\x03\x5C\x30\x82\x02\xC5\xA0\x03\x02\x01\x02\x02\x02\x03\xEA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x1E\x17\x0D\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5A\x17\x0D\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5A\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xDA\x38\xE8\xED\x32\x00\x29\x71\x83\x01\x0D\xBF\x8C\x01\xDC\xDA\xC6\xAD\x39\xA4\xA9\x8A\x2F\xD5\x8B\x5C\x68\x5F\x50\xC6\x62\xF5\x66\xBD\xCA\x91\x22\xEC\xAA\x1D\x51\xD7\x3D\xB3\x51\xB2\x83\x4E\x5D\xCB\x49\xB0\xF0\x4C\x55\xE5\x6B\x2D\xC7\x85\x0B\x30\x1C\x92\x4E\x82\xD4\xCA\x02\xED\xF7\x6F\xBE\xDC\xE0\xE3\x14\xB8\x05\x53\xF2\x9A\xF4\x56\x8B\x5A\x9E\x85\x93\xD1\xB4\x82\x56\xAE\x4D\xBB\xA8\x4B\x57\x16\xBC\xFE\xF8\x58\x9E\xF8\x29\x8D\xB0\x7B\xCD\x78\xC9\x4F\xAC\x8B\x67\x0C\xF1\x9C\xFB\xFC\x57\x9B\x57\x5C\x4F\x0D\x02\x03\x01\x00\x01\xA3\x6B\x30\x69\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x67\x75\x69\x64\x65\x6C\x69\x6E\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x84\x52\xFB\x28\xDF\xFF\x1F\x75\x01\xBC\x01\xBE\x04\x56\x97\x6A\x74\x42\x24\x31\x83\xF9\x46\xB1\x06\x8A\x89\xCF\x96\x2C\x33\xBF\x8C\xB5\x5F\x7A\x72\xA1\x85\x06\xCE\x86\xF8\x05\x8E\xE8\xF9\x25\xCA\xDA\x83\x8C\x06\xAC\xEB\x36\x6D\x85\x91\x34\x04\x36\xF4\x42\xF0\xF8\x79\x2E\x0A\x48\x5C\xAB\xCC\x51\x4F\x78\x76\xA0\xD9\xAC\x19\xBD\x2A\xD1\x69\x04\x28\x91\xCA\x36\x10\x27\x80\x57\x5B\xD2\x5C\xF5\xC2\x5B\xAB\x64\x81\x63\x74\x51\xF4\x97\xBF\xCD\x12\x28\xF7\x4D\x66\x7F\xA7\xF0\x1C\x01\x26\x78\xB2\x66\x47\x70\x51\x64", - ["emailAddress=certificate@trustcenter.de,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter for Security in Data Networks GmbH,L=Hamburg,ST=Hamburg,C=DE"] = "\x30\x82\x03\x5C\x30\x82\x02\xC5\xA0\x03\x02\x01\x02\x02\x02\x03\xEB\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x1E\x17\x0D\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5A\x17\x0D\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5A\x30\x81\xBC\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6D\x62\x75\x72\x67\x31\x3A\x30\x38\x06\x03\x55\x04\x0A\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x66\x6F\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6E\x20\x44\x61\x74\x61\x20\x4E\x65\x74\x77\x6F\x72\x6B\x73\x20\x47\x6D\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0B\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x1A\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xB6\xB4\xC1\x35\x05\x2E\x0D\x8D\xEC\xA0\x40\x6A\x1C\x0E\x27\xA6\x50\x92\x6B\x50\x1B\x07\xDE\x2E\xE7\x76\xCC\xE0\xDA\xFC\x84\xA8\x5E\x8C\x63\x6A\x2B\x4D\xD9\x4E\x02\x76\x11\xC1\x0B\xF2\x8D\x79\xCA\x00\xB6\xF1\xB0\x0E\xD7\xFB\xA4\x17\x3D\xAF\xAB\x69\x7A\x96\x27\xBF\xAF\x33\xA1\x9A\x2A\x59\xAA\xC4\xB5\x37\x08\xF2\x12\xA5\x31\xB6\x43\xF5\x32\x96\x71\x28\x28\xAB\x8D\x28\x86\xDF\xBB\xEE\xE3\x0C\x7D\x30\xD6\xC3\x52\xAB\x8F\x5D\x27\x9C\x6B\xC0\xA3\xE7\x05\x6B\x57\x49\x44\xB3\x6E\xEA\x64\xCF\xD2\x8E\x7A\x50\x77\x77\x02\x03\x01\x00\x01\xA3\x6B\x30\x69\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x74\x72\x75\x73\x74\x63\x65\x6E\x74\x65\x72\x2E\x64\x65\x2F\x67\x75\x69\x64\x65\x6C\x69\x6E\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x16\x3D\xC6\xCD\xC1\xBB\x85\x71\x85\x46\x9F\x3E\x20\x8F\x51\x28\x99\xEC\x2D\x45\x21\x63\x23\x5B\x04\xBB\x4C\x90\xB8\x88\x92\x04\x4D\xBD\x7D\x01\xA3\x3F\xF6\xEC\xCE\xF1\xDE\xFE\x7D\xE5\xE1\x3E\xBB\xC6\xAB\x5E\x0B\xDD\x3D\x96\xC4\xCB\xA9\xD4\xF9\x26\xE6\x06\x4E\x9E\x0C\xA5\x7A\xBA\x6E\xC3\x7C\x82\x19\xD1\xC7\xB1\xB1\xC3\xDB\x0D\x8E\x9B\x40\x7C\x37\x0B\xF1\x5D\xE8\xFD\x1F\x90\x88\xA5\x0E\x4E\x37\x64\x21\xA8\x4E\x8D\xB4\x9F\xF1\xDE\x48\xAD\xD5\x56\x18\x52\x29\x8B\x47\x34\x12\x09\xD4\xBB\x92\x35\xEF\x0F\xDB\x34", ["CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL"] = "\x30\x82\x03\x0C\x30\x82\x01\xF4\xA0\x03\x02\x01\x02\x02\x03\x01\x00\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x17\x0D\x32\x37\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5A\x30\x3E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4C\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x55\x6E\x69\x7A\x65\x74\x6F\x20\x53\x70\x2E\x20\x7A\x20\x6F\x2E\x6F\x2E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6D\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCE\xB1\xC1\x2E\xD3\x4F\x7C\xCD\x25\xCE\x18\x3E\x4F\xC4\x8C\x6F\x80\x6A\x73\xC8\x5B\x51\xF8\x9B\xD2\xDC\xBB\x00\x5C\xB1\xA0\xFC\x75\x03\xEE\x81\xF0\x88\xEE\x23\x52\xE9\xE6\x15\x33\x8D\xAC\x2D\x09\xC5\x76\xF9\x2B\x39\x80\x89\xE4\x97\x4B\x90\xA5\xA8\x78\xF8\x73\x43\x7B\xA4\x61\xB0\xD8\x58\xCC\xE1\x6C\x66\x7E\x9C\xF3\x09\x5E\x55\x63\x84\xD5\xA8\xEF\xF3\xB1\x2E\x30\x68\xB3\xC4\x3C\xD8\xAC\x6E\x8D\x99\x5A\x90\x4E\x34\xDC\x36\x9A\x8F\x81\x88\x50\xB7\x6D\x96\x42\x09\xF3\xD7\x95\x83\x0D\x41\x4B\xB0\x6A\x6B\xF8\xFC\x0F\x7E\x62\x9F\x67\xC4\xED\x26\x5F\x10\x26\x0F\x08\x4F\xF0\xA4\x57\x28\xCE\x8F\xB8\xED\x45\xF6\x6E\xEE\x25\x5D\xAA\x6E\x39\xBE\xE4\x93\x2F\xD9\x47\xA0\x72\xEB\xFA\xA6\x5B\xAF\xCA\x53\x3F\xE2\x0E\xC6\x96\x56\x11\x6E\xF7\xE9\x66\xA9\x26\xD8\x7F\x95\x53\xED\x0A\x85\x88\xBA\x4F\x29\xA5\x42\x8C\x5E\xB6\xFC\x85\x20\x00\xAA\x68\x0B\xA1\x1A\x85\x01\x9C\xC4\x46\x63\x82\x88\xB6\x22\xB1\xEE\xFE\xAA\x46\x59\x7E\xCF\x35\x2C\xD5\xB6\xDA\x5D\xF7\x48\x33\x14\x54\xB6\xEB\xD9\x6F\xCE\xCD\x88\xD6\xAB\x1B\xDA\x96\x3B\x1D\x59\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB8\x8D\xCE\xEF\xE7\x14\xBA\xCF\xEE\xB0\x44\x92\x6C\xB4\x39\x3E\xA2\x84\x6E\xAD\xB8\x21\x77\xD2\xD4\x77\x82\x87\xE6\x20\x41\x81\xEE\xE2\xF8\x11\xB7\x63\xD1\x17\x37\xBE\x19\x76\x24\x1C\x04\x1A\x4C\xEB\x3D\xAA\x67\x6F\x2D\xD4\xCD\xFE\x65\x31\x70\xC5\x1B\xA6\x02\x0A\xBA\x60\x7B\x6D\x58\xC2\x9A\x49\xFE\x63\x32\x0B\x6B\xE3\x3A\xC0\xAC\xAB\x3B\xB0\xE8\xD3\x09\x51\x8C\x10\x83\xC6\x34\xE0\xC5\x2B\xE0\x1A\xB6\x60\x14\x27\x6C\x32\x77\x8C\xBC\xB2\x72\x98\xCF\xCD\xCC\x3F\xB9\xC8\x24\x42\x14\xD6\x57\xFC\xE6\x26\x43\xA9\x1D\xE5\x80\x90\xCE\x03\x54\x28\x3E\xF7\x3F\xD3\xF8\x4D\xED\x6A\x0A\x3A\x93\x13\x9B\x3B\x14\x23\x13\x63\x9C\x3F\xD1\x87\x27\x79\xE5\x4C\x51\xE3\x01\xAD\x85\x5D\x1A\x3B\xB1\xD5\x73\x10\xA4\xD3\xF2\xBC\x6E\x64\xF5\x5A\x56\x90\xA8\xC7\x0E\x4C\x74\x0F\x2E\x71\x3B\xF7\xC8\x47\xF4\x69\x6F\x15\xF2\x11\x5E\x83\x1E\x9C\x7C\x52\xAE\xFD\x02\xDA\x12\xA8\x59\x67\x18\xDB\xBC\x70\xDD\x9B\xB1\x69\xED\x80\xCE\x89\x40\x48\x6A\x0E\x35\xCA\x29\x66\x15\x21\x94\x2C\xE8\x60\x2A\x9B\x85\x4A\x40\xF3\x6B\x8A\x24\xEC\x06\x16\x2C\x73", ["CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x32\x30\x82\x03\x1A\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x0C\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBE\x40\x9D\xF4\x6E\xE1\xEA\x76\x87\x1C\x4D\x45\x44\x8E\xBE\x46\xC8\x83\x06\x9D\xC1\x2A\xFE\x18\x1F\x8E\xE4\x02\xFA\xF3\xAB\x5D\x50\x8A\x16\x31\x0B\x9A\x06\xD0\xC5\x70\x22\xCD\x49\x2D\x54\x63\xCC\xB6\x6E\x68\x46\x0B\x53\xEA\xCB\x4C\x24\xC0\xBC\x72\x4E\xEA\xF1\x15\xAE\xF4\x54\x9A\x12\x0A\xC3\x7A\xB2\x33\x60\xE2\xDA\x89\x55\xF3\x22\x58\xF3\xDE\xDC\xCF\xEF\x83\x86\xA2\x8C\x94\x4F\x9F\x68\xF2\x98\x90\x46\x84\x27\xC7\x76\xBF\xE3\xCC\x35\x2C\x8B\x5E\x07\x64\x65\x82\xC0\x48\xB0\xA8\x91\xF9\x61\x9F\x76\x20\x50\xA8\x91\xC7\x66\xB5\xEB\x78\x62\x03\x56\xF0\x8A\x1A\x13\xEA\x31\xA3\x1E\xA0\x99\xFD\x38\xF6\xF6\x27\x32\x58\x6F\x07\xF5\x6B\xB8\xFB\x14\x2B\xAF\xB7\xAA\xCC\xD6\x63\x5F\x73\x8C\xDA\x05\x99\xA8\x38\xA8\xCB\x17\x78\x36\x51\xAC\xE9\x9E\xF4\x78\x3A\x8D\xCF\x0F\xD9\x42\xE2\x98\x0C\xAB\x2F\x9F\x0E\x01\xDE\xEF\x9F\x99\x49\xF1\x2D\xDF\xAC\x74\x4D\x1B\x98\xB5\x47\xC5\xE5\x29\xD1\xF9\x90\x18\xC7\x62\x9C\xBE\x83\xC7\x26\x7B\x3E\x8A\x25\xC7\xC0\xDD\x9D\xE6\x35\x68\x10\x20\x9D\x8F\xD8\xDE\xD2\xC3\x84\x9C\x0D\x5E\xE8\x2F\xC9\x02\x03\x01\x00\x01\xA3\x81\xC0\x30\x81\xBD\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\x11\x0A\x23\x3E\x96\xF1\x07\xEC\xE2\xAF\x29\xEF\x82\xA5\x7F\xD0\x30\xA4\xB4\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x7B\x06\x03\x55\x1D\x1F\x04\x74\x30\x72\x30\x38\xA0\x36\xA0\x34\x86\x32\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x36\xA0\x34\xA0\x32\x86\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x08\x56\xFC\x02\xF0\x9B\xE8\xFF\xA4\xFA\xD6\x7B\xC6\x44\x80\xCE\x4F\xC4\xC5\xF6\x00\x58\xCC\xA6\xB6\xBC\x14\x49\x68\x04\x76\xE8\xE6\xEE\x5D\xEC\x02\x0F\x60\xD6\x8D\x50\x18\x4F\x26\x4E\x01\xE3\xE6\xB0\xA5\xEE\xBF\xBC\x74\x54\x41\xBF\xFD\xFC\x12\xB8\xC7\x4F\x5A\xF4\x89\x60\x05\x7F\x60\xB7\x05\x4A\xF3\xF6\xF1\xC2\xBF\xC4\xB9\x74\x86\xB6\x2D\x7D\x6B\xCC\xD2\xF3\x46\xDD\x2F\xC6\xE0\x6A\xC3\xC3\x34\x03\x2C\x7D\x96\xDD\x5A\xC2\x0E\xA7\x0A\x99\xC1\x05\x8B\xAB\x0C\x2F\xF3\x5C\x3A\xCF\x6C\x37\x55\x09\x87\xDE\x53\x40\x6C\x58\xEF\xFC\xB6\xAB\x65\x6E\x04\xF6\x1B\xDC\x3C\xE0\x5A\x15\xC6\x9E\xD9\xF1\x59\x48\x30\x21\x65\x03\x6C\xEC\xE9\x21\x73\xEC\x9B\x03\xA1\xE0\x37\xAD\xA0\x15\x18\x8F\xFA\xBA\x02\xCE\xA7\x2C\xA9\x10\x13\x2C\xD4\xE5\x08\x26\xAB\x22\x97\x60\xF8\x90\x5E\x74\xD4\xA2\x9A\x53\xBD\xF2\xA9\x68\xE0\xA2\x6E\xC2\xD7\x6C\xB1\xA3\x0F\x9E\xBF\xEB\x68\xE7\x56\xF2\xAE\xF2\xE3\x2B\x38\x3A\x09\x81\xB5\x6B\x85\xD7\xBE\x2D\xED\x3F\x1A\xB7\xB2\x63\xE2\xF5\x62\x2C\x82\xD4\x6A\x00\x41\x50\xF1\x39\x83\x9F\x95\xE9\x36\x96\x98\x6E", ["CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"] = "\x30\x82\x04\x3F\x30\x82\x03\x27\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0C\x1B\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1E\x17\x0D\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1B\x30\x19\x06\x03\x55\x04\x08\x0C\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4D\x61\x6E\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x0C\x07\x53\x61\x6C\x66\x6F\x72\x64\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x0C\x11\x43\x6F\x6D\x6F\x64\x6F\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0C\x1B\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC0\x71\x33\x82\x8A\xD0\x70\xEB\x73\x87\x82\x40\xD5\x1D\xE4\xCB\xC9\x0E\x42\x90\xF9\xDE\x34\xB9\xA1\xBA\x11\xF4\x25\x85\xF3\xCC\x72\x6D\xF2\x7B\x97\x6B\xB3\x07\xF1\x77\x24\x91\x5F\x25\x8F\xF6\x74\x3D\xE4\x80\xC2\xF8\x3C\x0D\xF3\xBF\x40\xEA\xF7\xC8\x52\xD1\x72\x6F\xEF\xC8\xAB\x41\xB8\x6E\x2E\x17\x2A\x95\x69\x0C\xCD\xD2\x1E\x94\x7B\x2D\x94\x1D\xAA\x75\xD7\xB3\x98\xCB\xAC\xBC\x64\x53\x40\xBC\x8F\xAC\xAC\x36\xCB\x5C\xAD\xBB\xDD\xE0\x94\x17\xEC\xD1\x5C\xD0\xBF\xEF\xA5\x95\xC9\x90\xC5\xB0\xAC\xFB\x1B\x43\xDF\x7A\x08\x5D\xB7\xB8\xF2\x40\x1B\x2B\x27\x9E\x50\xCE\x5E\x65\x82\x88\x8C\x5E\xD3\x4E\x0C\x7A\xEA\x08\x91\xB6\x36\xAA\x2B\x42\xFB\xEA\xC2\xA3\x39\xE5\xDB\x26\x38\xAD\x8B\x0A\xEE\x19\x63\xC7\x1C\x24\xDF\x03\x78\xDA\xE6\xEA\xC1\x47\x1A\x0B\x0B\x46\x09\xDD\x02\xFC\xDE\xCB\x87\x5F\xD7\x30\x63\x68\xA1\xAE\xDC\x32\xA1\xBA\xBE\xFE\x44\xAB\x68\xB6\xA5\x17\x15\xFD\xBD\xD5\xA7\xA7\x9A\xE4\x44\x33\xE9\x88\x8E\xFC\xED\x51\xEB\x93\x71\x4E\xAD\x01\xE7\x44\x8E\xAB\x2D\xCB\xA8\xFE\x01\x49\x48\xF0\xC0\xDD\xC7\x68\xD8\x92\xFE\x3D\x02\x03\x01\x00\x01\xA3\x81\xC7\x30\x81\xC4\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x3C\xD8\x93\x88\xC2\xC0\x82\x09\xCC\x01\x99\x06\x93\x20\xE9\x9E\x70\x09\x63\x4F\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x81\x06\x03\x55\x1D\x1F\x04\x7A\x30\x78\x30\x3B\xA0\x39\xA0\x37\x86\x35\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x63\x61\x2E\x63\x6F\x6D\x2F\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x6F\x6D\x6F\x64\x6F\x2E\x6E\x65\x74\x2F\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x87\x01\x6D\x23\x1D\x7E\x5B\x17\x7D\xC1\x61\x32\xCF\x8F\xE7\xF3\x8A\x94\x59\x66\xE0\x9E\x28\xA8\x5E\xD3\xB7\xF4\x34\xE6\xAA\x39\xB2\x97\x16\xC5\x82\x6F\x32\xA4\xE9\x8C\xE7\xAF\xFD\xEF\xC2\xE8\xB9\x4B\xAA\xA3\xF4\xE6\xDA\x8D\x65\x21\xFB\xBA\x80\xEB\x26\x28\x85\x1A\xFE\x39\x8C\xDE\x5B\x04\x04\xB4\x54\xF9\xA3\x67\x9E\x41\xFA\x09\x52\xCC\x05\x48\xA8\xC9\x3F\x21\x04\x1E\xCE\x48\x6B\xFC\x85\xE8\xC2\x7B\xAF\x7F\xB7\xCC\xF8\x5F\x3A\xFD\x35\xC6\x0D\xEF\x97\xDC\x4C\xAB\x11\xE1\x6B\xCB\x31\xD1\x6C\xFB\x48\x80\xAB\xDC\x9C\x37\xB8\x21\x14\x4B\x0D\x71\x3D\xEC\x83\x33\x6E\xD1\x6E\x32\x16\xEC\x98\xC7\x16\x8B\x59\xA6\x34\xAB\x05\x57\x2D\x93\xF7\xAA\x13\xCB\xD2\x13\xE2\xB7\x2E\x3B\xCD\x6B\x50\x17\x09\x68\x3E\xB5\x26\x57\xEE\xB6\xE0\xB6\xDD\xB9\x29\x80\x79\x7D\x8F\xA3\xF0\xA4\x28\xA4\x15\xC4\x85\xF4\x27\xD4\x6B\xBF\xE5\x5C\xE4\x65\x02\x76\x54\xB4\xE3\x37\x66\x24\xD3\x19\x61\xC8\x52\x10\xE5\x8B\x37\x9A\xB9\xA9\xF9\x1D\xBF\xEA\x99\x92\x61\x96\xFF\x01\xCD\xA1\x5F\x0D\xBC\x71\xBC\x0E\xAC\x0B\x1D\x47\x45\x1D\xC1\xEC\x7C\xEC\xFD\x29", @@ -51,7 +48,6 @@ redef root_certs += { ["CN=Sonera Class2 CA,O=Sonera,C=FI"] = "\x30\x82\x03\x20\x30\x82\x02\x08\xA0\x03\x02\x01\x02\x02\x01\x1D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x17\x0D\x32\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5A\x30\x39\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0F\x30\x0D\x06\x03\x55\x04\x0A\x13\x06\x53\x6F\x6E\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6F\x6E\x65\x72\x61\x20\x43\x6C\x61\x73\x73\x32\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x90\x17\x4A\x35\x9D\xCA\xF0\x0D\x96\xC7\x44\xFA\x16\x37\xFC\x48\xBD\xBD\x7F\x80\x2D\x35\x3B\xE1\x6F\xA8\x67\xA9\xBF\x03\x1C\x4D\x8C\x6F\x32\x47\xD5\x41\x68\xA4\x13\x04\xC1\x35\x0C\x9A\x84\x43\xFC\x5C\x1D\xFF\x89\xB3\xE8\x17\x18\xCD\x91\x5F\xFB\x89\xE3\xEA\xBF\x4E\x5D\x7C\x1B\x26\xD3\x75\x79\xED\xE6\x84\xE3\x57\xE5\xAD\x29\xC4\xF4\x3A\x28\xE7\xA5\x7B\x84\x36\x69\xB3\xFD\x5E\x76\xBD\xA3\x2D\x99\xD3\x90\x4E\x23\x28\x7D\x18\x63\xF1\x54\x3B\x26\x9D\x76\x5B\x97\x42\xB2\xFF\xAE\xF0\x4E\xEC\xDD\x39\x95\x4E\x83\x06\x7F\xE7\x49\x40\xC8\xC5\x01\xB2\x54\x5A\x66\x1D\x3D\xFC\xF9\xE9\x3C\x0A\x9E\x81\xB8\x70\xF0\x01\x8B\xE4\x23\x54\x7C\xC8\xAE\xF8\x90\x1E\x00\x96\x72\xD4\x54\xCF\x61\x23\xBC\xEA\xFB\x9D\x02\x95\xD1\xB6\xB9\x71\x3A\x69\x08\x3F\x0F\xB4\xE1\x42\xC7\x88\xF5\x3F\x98\xA8\xA7\xBA\x1C\xE0\x71\x71\xEF\x58\x57\x81\x50\x7A\x5C\x6B\x74\x46\x0E\x83\x03\x98\xC3\x8E\xA8\x6E\xF2\x76\x32\x6E\x27\x83\xC2\x73\xF3\xDC\x18\xE8\xB4\x93\xEA\x75\x44\x6B\x04\x60\x20\x71\x57\x87\x9D\xF3\xBE\xA0\x90\x23\x3D\x8A\x24\xE1\xDA\x21\xDB\xC3\x02\x03\x01\x00\x01\xA3\x33\x30\x31\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x11\x06\x03\x55\x1D\x0E\x04\x0A\x04\x08\x4A\xA0\xAA\x58\x84\xD3\x5E\x3C\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5A\xCE\x87\xF9\x16\x72\x15\x57\x4B\x1D\xD9\x9B\xE7\xA2\x26\x30\xEC\x93\x67\xDF\xD6\x2D\xD2\x34\xAF\xF7\x38\xA5\xCE\xAB\x16\xB9\xAB\x2F\x7C\x35\xCB\xAC\xD0\x0F\xB4\x4C\x2B\xFC\x80\xEF\x6B\x8C\x91\x5F\x36\x76\xF7\xDB\xB3\x1B\x19\xEA\xF4\xB2\x11\xFD\x61\x71\x44\xBF\x28\xB3\x3A\x1D\xBF\xB3\x43\xE8\x9F\xBF\xDC\x31\x08\x71\xB0\x9D\x8D\xD6\x34\x47\x32\x90\xC6\x65\x24\xF7\xA0\x4A\x7C\x04\x73\x8F\x39\x6F\x17\x8C\x72\xB5\xBD\x4B\xC8\x7A\xF8\x7B\x83\xC3\x28\x4E\x9C\x09\xEA\x67\x3F\xB2\x67\x04\x1B\xC3\x14\xDA\xF8\xE7\x49\x24\x91\xD0\x1D\x6A\xFA\x61\x39\xEF\x6B\xE7\x21\x75\x06\x07\xD8\x12\xB4\x21\x20\x70\x42\x71\x81\xDA\x3C\x9A\x36\xBE\xA6\x5B\x0D\x6A\x6C\x9A\x1F\x91\x7B\xF9\xF9\xEF\x42\xBA\x4E\x4E\x9E\xCC\x0C\x8D\x94\xDC\xD9\x45\x9C\x5E\xEC\x42\x50\x63\xAE\xF4\x5D\xC4\xB1\x12\xDC\xCA\x3B\xA8\x2E\x9D\x14\x5A\x05\x75\xB7\xEC\xD7\x63\xE2\xBA\x35\xB6\x04\x08\x91\xE8\xDA\x9D\x9C\xF6\x66\xB5\x18\xAC\x0A\xA6\x54\x26\x34\x33\xD2\x1B\xC1\xD4\x7F\x1A\x3A\x8E\x0B\xAA\x32\x6E\xDB\xFC\x4F\x25\x9F\xD9\x32\xC7\x96\x5A\x70\xAC\xDF\x4C", ["CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL"] = "\x30\x82\x03\xBA\x30\x82\x02\xA2\xA0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x32\x31\x32\x31\x37\x30\x39\x32\x33\x34\x39\x5A\x17\x0D\x31\x35\x31\x32\x31\x36\x30\x39\x31\x35\x33\x38\x5A\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4C\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4E\x65\x64\x65\x72\x6C\x61\x6E\x64\x65\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x98\xD2\xB5\x51\x11\x7A\x81\xA6\x14\x98\x71\x6D\xBE\xCC\xE7\x13\x1B\xD6\x27\x0E\x7A\xB3\x6A\x18\x1C\xB6\x61\x5A\xD5\x61\x09\xBF\xDE\x90\x13\xC7\x67\xEE\xDD\xF3\xDA\xC5\x0C\x12\x9E\x35\x55\x3E\x2C\x27\x88\x40\x6B\xF7\xDC\xDD\x22\x61\xF5\xC2\xC7\x0E\xF5\xF6\xD5\x76\x53\x4D\x8F\x8C\xBC\x18\x76\x37\x85\x9D\xE8\xCA\x49\xC7\xD2\x4F\x98\x13\x09\xA2\x3E\x22\x88\x9C\x7F\xD6\xF2\x10\x65\xB4\xEE\x5F\x18\xD5\x17\xE3\xF8\xC5\xFD\xE2\x9D\xA2\xEF\x53\x0E\x85\x77\xA2\x0F\xE1\x30\x47\xEE\x00\xE7\x33\x7D\x44\x67\x1A\x0B\x51\xE8\x8B\xA0\x9E\x50\x98\x68\x34\x52\x1F\x2E\x6D\x01\xF2\x60\x45\xF2\x31\xEB\xA9\x31\x68\x29\xBB\x7A\x41\x9E\xC6\x19\x7F\x94\xB4\x51\x39\x03\x7F\xB2\xDE\xA7\x32\x9B\xB4\x47\x8E\x6F\xB4\x4A\xAE\xE5\xAF\xB1\xDC\xB0\x1B\x61\xBC\x99\x72\xDE\xE4\x89\xB7\x7A\x26\x5D\xDA\x33\x49\x5B\x52\x9C\x0E\xF5\x8A\xAD\xC3\xB8\x3D\xE8\x06\x6A\xC2\xD5\x2A\x0B\x6C\x7B\x84\xBD\x56\x05\xCB\x86\x65\x92\xEC\x44\x2B\xB0\x8E\xB9\xDC\x70\x0B\x46\xDA\xAD\xBC\x63\x88\x39\xFA\xDB\x6A\xFE\x23\xFA\xBC\xE4\x48\xF4\x67\x2B\x6A\x11\x10\x21\x49\x02\x03\x01\x00\x01\xA3\x81\x91\x30\x81\x8E\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x4F\x06\x03\x55\x1D\x20\x04\x48\x30\x46\x30\x44\x06\x04\x55\x1D\x20\x00\x30\x3C\x30\x3A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x2E\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x6F\x76\x65\x72\x68\x65\x69\x64\x2E\x6E\x6C\x2F\x70\x6F\x6C\x69\x63\x69\x65\x73\x2F\x72\x6F\x6F\x74\x2D\x70\x6F\x6C\x69\x63\x79\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA8\x7D\xEB\xBC\x63\xA4\x74\x13\x74\x00\xEC\x96\xE0\xD3\x34\xC1\x2C\xBF\x6C\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x84\x87\x55\x74\x36\x61\xC1\xBB\xD1\xD4\xC6\x15\xA8\x13\xB4\x9F\xA4\xFE\xBB\xEE\x15\xB4\x2F\x06\x0C\x29\xF2\xA8\x92\xA4\x61\x0D\xFC\xAB\x5C\x08\x5B\x51\x13\x2B\x4D\xC2\x2A\x61\xC8\xF8\x09\x58\xFC\x2D\x02\xB2\x39\x7D\x99\x66\x81\xBF\x6E\x5C\x95\x45\x20\x6C\xE6\x79\xA7\xD1\xD8\x1C\x29\xFC\xC2\x20\x27\x51\xC8\xF1\x7C\x5D\x34\x67\x69\x85\x11\x30\xC6\x00\xD2\xD7\xF3\xD3\x7C\xB6\xF0\x31\x57\x28\x12\x82\x73\xE9\x33\x2F\xA6\x55\xB4\x0B\x91\x94\x47\x9C\xFA\xBB\x7A\x42\x32\xE8\xAE\x7E\x2D\xC8\xBC\xAC\x14\xBF\xD9\x0F\xD9\x5B\xFC\xC1\xF9\x7A\x95\xE1\x7D\x7E\x96\xFC\x71\xB0\xC2\x4C\xC8\xDF\x45\x34\xC9\xCE\x0D\xF2\x9C\x64\x08\xD0\x3B\xC3\x29\xC5\xB2\xED\x90\x04\xC1\xB1\x29\x91\xC5\x30\x6F\xC1\xA9\x72\x33\xCC\xFE\x5D\x16\x17\x2C\x11\x69\xE7\x7E\xFE\xC5\x83\x08\xDF\xBC\xDC\x22\x3A\x2E\x20\x69\x23\x39\x56\x60\x67\x90\x8B\x2E\x76\x39\xFB\x11\x88\x97\xF6\x7C\xBD\x4B\xB8\x20\x16\x67\x05\x8D\xE2\x3B\xC1\x72\x3F\x94\x95\x37\xC7\x5D\xB9\x9E\xD8\x93\xA1\x17\x8F\xFF\x0C\x66\x15\xC1\x24\x7C\x32\x7C\x03\x1D\x3B\xA1\x58\x45\x32\x93", ["OU=TDC Internet Root CA,O=TDC Internet,C=DK"] = "\x30\x82\x04\x2B\x30\x82\x03\x13\xA0\x03\x02\x01\x02\x02\x04\x3A\xCC\xA5\x4C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x17\x0D\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x43\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC4\xB8\x40\xBC\x91\xD5\x63\x1F\xD7\x99\xA0\x8B\x0C\x40\x1E\x74\xB7\x48\x9D\x46\x8C\x02\xB2\xE0\x24\x5F\xF0\x19\x13\xA7\x37\x83\x6B\x5D\xC7\x8E\xF9\x84\x30\xCE\x1A\x3B\xFA\xFB\xCE\x8B\x6D\x23\xC6\xC3\x6E\x66\x9F\x89\xA5\xDF\xE0\x42\x50\x67\xFA\x1F\x6C\x1E\xF4\xD0\x05\xD6\xBF\xCA\xD6\x4E\xE4\x68\x60\x6C\x46\xAA\x1C\x5D\x63\xE1\x07\x86\x0E\x65\x00\xA7\x2E\xA6\x71\xC6\xBC\xB9\x81\xA8\x3A\x7D\x1A\xD2\xF9\xD1\xAC\x4B\xCB\xCE\x75\xAF\xDC\x7B\xFA\x81\x73\xD4\xFC\xBA\xBD\x41\x88\xD4\x74\xB3\xF9\x5E\x38\x3A\x3C\x43\xA8\xD2\x95\x4E\x77\x6D\x13\x0C\x9D\x8F\x78\x01\xB7\x5A\x20\x1F\x03\x37\x35\xE2\x2C\xDB\x4B\x2B\x2C\x78\xB9\x49\xDB\xC4\xD0\xC7\x9C\x9C\xE4\x8A\x20\x09\x21\x16\x56\x66\xFF\x05\xEC\x5B\xE3\xF0\xCF\xAB\x24\x24\x5E\xC3\x7F\x70\x7A\x12\xC4\xD2\xB5\x10\xA0\xB6\x21\xE1\x8D\x78\x69\x55\x44\x69\xF5\xCA\x96\x1C\x34\x85\x17\x25\x77\xE2\xF6\x2F\x27\x98\x78\xFD\x79\x06\x3A\xA2\xD6\x5A\x43\xC1\xFF\xEC\x04\x3B\xEE\x13\xEF\xD3\x58\x5A\xFF\x92\xEB\xEC\xAE\xDA\xF2\x37\x03\x47\x41\xB6\x97\xC9\x2D\x0A\x41\x22\xBB\xBB\xE6\xA7\x02\x03\x01\x00\x01\xA3\x82\x01\x25\x30\x82\x01\x21\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x65\x06\x03\x55\x1D\x1F\x04\x5E\x30\x5C\x30\x5A\xA0\x58\xA0\x56\xA4\x54\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x13\x0C\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x54\x44\x43\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x32\x30\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5A\x81\x0F\x32\x30\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6C\x64\x01\xC7\xFD\x85\x6D\xAC\xC8\xDA\x9E\x50\x08\x85\x08\xB5\x3C\x56\xA8\x50\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x35\x2E\x30\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\x43\xCC\xD1\xDD\x1D\x10\x1B\x06\x7F\xB7\xA4\xFA\xD3\xD9\x4D\xFB\x23\x9F\x23\x54\x5B\xE6\x8B\x2F\x04\x28\x8B\xB5\x27\x6D\x89\xA1\xEC\x98\x69\xDC\xE7\x8D\x26\x83\x05\x79\x74\xEC\xB4\xB9\xA3\x97\xC1\x35\x00\xFD\x15\xDA\x39\x81\x3A\x95\x31\x90\xDE\x97\xE9\x86\xA8\x99\x77\x0C\xE5\x5A\xA0\x84\xFF\x12\x16\xAC\x6E\xB8\x8D\xC3\x7B\x92\xC2\xAC\x2E\xD0\x7D\x28\xEC\xB6\xF3\x60\x38\x69\x6F\x3E\xD8\x04\x55\x3E\x9E\xCC\x55\xD2\xBA\xFE\xBB\x47\x04\xD7\x0A\xD9\x16\x0A\x34\x29\xF5\x58\x13\xD5\x4F\xCF\x8F\x56\x4B\xB3\x1E\xEE\xD3\x98\x79\xDA\x08\x1E\x0C\x6F\xB8\xF8\x16\x27\xEF\xC2\x6F\x3D\xF6\xA3\x4B\x3E\x0E\xE4\x6D\x6C\xDB\x3B\x41\x12\x9B\xBD\x0D\x47\x23\x7F\x3C\x4A\xD0\xAF\xC0\xAF\xF6\xEF\x1B\xB5\x15\xC4\xEB\x83\xC4\x09\x5F\x74\x8B\xD9\x11\xFB\xC2\x56\xB1\x3C\xF8\x70\xCA\x34\x8D\x43\x40\x13\x8C\xFD\x99\x03\x54\x79\xC6\x2E\xEA\x86\xA1\xF6\x3A\xD4\x09\xBC\xF4\xBC\x66\xCC\x3D\x58\xD0\x57\x49\x0A\xEE\x25\xE2\x41\xEE\x13\xF9\x9B\x38\x34\xD1\x00\xF5\x7E\xE7\x94\x1D\xFC\x69\x03\x62\xB8\x99\x05\x05\x3D\x6B\x78\x12\xBD\xB0\x6F\x65", - ["CN=TDC OCES CA,O=TDC,C=DK"] = "\x30\x82\x05\x19\x30\x82\x04\x01\xA0\x03\x02\x01\x02\x02\x04\x3E\x48\xBD\xC4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x31\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0B\x54\x44\x43\x20\x4F\x43\x45\x53\x20\x43\x41\x30\x1E\x17\x0D\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5A\x17\x0D\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5A\x30\x31\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0B\x54\x44\x43\x20\x4F\x43\x45\x53\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAC\x62\xF6\x61\x20\xB2\xCF\xC0\xC6\x85\xD7\xE3\x79\xE6\xCC\xED\xF2\x39\x92\xA4\x97\x2E\x64\xA3\x84\x5B\x87\x9C\x4C\xFD\xA4\xF3\xC4\x5F\x21\xBD\x56\x10\xEB\xDB\x2E\x61\xEC\x93\x69\xE3\xA3\xCC\xBD\x99\xC3\x05\xFC\x06\xB8\xCA\x36\x1C\xFE\x90\x8E\x49\x4C\xC4\x56\x9A\x2F\x56\xBC\xCF\x7B\x0C\xF1\x6F\x47\xA6\x0D\x43\x4D\xE2\xE9\x1D\x39\x34\xCD\x8D\x2C\xD9\x12\x98\xF9\xE3\xE1\xC1\x4A\x7C\x86\x38\xC4\xA9\xC4\x61\x88\xD2\x5E\xAF\x1A\x26\x4D\xD5\xE4\xA0\x22\x47\x84\xD9\x64\xB7\x19\x96\xFC\xEC\x19\xE4\xB2\x97\x26\x4E\x4A\x4C\xCB\x8F\x24\x8B\x54\x18\x1C\x48\x61\x7B\xD5\x88\x68\xDA\x5D\xB5\xEA\xCD\x1A\x30\xC1\x80\x83\x76\x50\xAA\x4F\xD1\xD4\xDD\x38\xF0\xEF\x16\xF4\xE1\x0C\x50\x06\xBF\xEA\xFB\x7A\x49\xA1\x28\x2B\x1C\xF6\xFC\x15\x32\xA3\x74\x6A\x8F\xA9\xC3\x62\x29\x71\x31\xE5\x3B\xA4\x60\x17\x5E\x74\xE6\xDA\x13\xED\xE9\x1F\x1F\x1B\xD1\xB2\x68\x73\xC6\x10\x34\x75\x46\x10\x10\xE3\x90\x00\x76\x40\xCB\x8B\xB7\x43\x09\x21\xFF\xAB\x4E\x93\xC6\x58\xE9\xA5\x82\xDB\x77\xC4\x3A\x99\xB1\x72\x95\x49\x04\xF0\xB7\x2B\xFA\x7B\x59\x8E\xDD\x02\x03\x01\x00\x01\xA3\x82\x02\x37\x30\x82\x02\x33\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\xEC\x06\x03\x55\x1D\x20\x04\x81\xE4\x30\x81\xE1\x30\x81\xDE\x06\x08\x2A\x81\x50\x81\x29\x01\x01\x01\x30\x81\xD1\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x65\x72\x74\x69\x66\x69\x6B\x61\x74\x2E\x64\x6B\x2F\x72\x65\x70\x6F\x73\x69\x74\x6F\x72\x79\x30\x81\x9D\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x81\x90\x30\x0A\x16\x03\x54\x44\x43\x30\x03\x02\x01\x01\x1A\x81\x81\x43\x65\x72\x74\x69\x66\x69\x6B\x61\x74\x65\x72\x20\x66\x72\x61\x20\x64\x65\x6E\x6E\x65\x20\x43\x41\x20\x75\x64\x73\x74\x65\x64\x65\x73\x20\x75\x6E\x64\x65\x72\x20\x4F\x49\x44\x20\x31\x2E\x32\x2E\x32\x30\x38\x2E\x31\x36\x39\x2E\x31\x2E\x31\x2E\x31\x2E\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x66\x72\x6F\x6D\x20\x74\x68\x69\x73\x20\x43\x41\x20\x61\x72\x65\x20\x69\x73\x73\x75\x65\x64\x20\x75\x6E\x64\x65\x72\x20\x4F\x49\x44\x20\x31\x2E\x32\x2E\x32\x30\x38\x2E\x31\x36\x39\x2E\x31\x2E\x31\x2E\x31\x2E\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x81\x81\x06\x03\x55\x1D\x1F\x04\x7A\x30\x78\x30\x48\xA0\x46\xA0\x44\xA4\x42\x30\x40\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4B\x31\x0C\x30\x0A\x06\x03\x55\x04\x0A\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0B\x54\x44\x43\x20\x4F\x43\x45\x53\x20\x43\x41\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2C\xA0\x2A\xA0\x28\x86\x26\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x6F\x63\x65\x73\x2E\x63\x65\x72\x74\x69\x66\x69\x6B\x61\x74\x2E\x64\x6B\x2F\x6F\x63\x65\x73\x2E\x63\x72\x6C\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x32\x30\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5A\x81\x0F\x32\x30\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5A\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x60\xB5\x85\xEC\x56\x64\x7E\x12\x19\x27\x67\x1D\x50\x15\x4B\x73\xAE\x3B\xF9\x12\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\xB5\x85\xEC\x56\x64\x7E\x12\x19\x27\x67\x1D\x50\x15\x4B\x73\xAE\x3B\xF9\x12\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x36\x2E\x30\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0A\xBA\x26\x26\x46\xD3\x73\xA8\x09\xF3\x6B\x0B\x30\x99\xFD\x8A\xE1\x57\x7A\x11\xD3\xB8\x94\xD7\x09\x10\x6E\xA3\xB1\x38\x03\xD1\xB6\xF2\x43\x41\x29\x62\xA7\x72\xD8\xFB\x7C\x05\xE6\x31\x70\x27\x54\x18\x4E\x8A\x7C\x4E\xE5\xD1\xCA\x8C\x78\x88\xCF\x1B\xD3\x90\x8B\xE6\x23\xF8\x0B\x0E\x33\x43\x7D\x9C\xE2\x0A\x19\x8F\xC9\x01\x3E\x74\x5D\x74\xC9\x8B\x1C\x03\xE5\x18\xC8\x01\x4C\x3F\xCB\x97\x05\x5D\x98\x71\xA6\x98\x6F\xB6\x7C\xBD\x37\x7F\xBE\xE1\x93\x25\x6D\x6F\xF0\x0A\xAD\x17\x18\xE1\x03\xBC\x07\x29\xC8\xAD\x26\xE8\xF8\x61\xF0\xFD\x21\x09\x7E\x9A\x8E\xA9\x68\x7D\x48\x62\x72\xBD\x00\xEA\x01\x99\xB8\x06\x82\x51\x81\x4E\xF1\xF5\xB4\x91\x54\xB9\x23\x7A\x00\x9A\x9F\x5D\x8D\xE0\x3C\x64\xB9\x1A\x12\x92\x2A\xC7\x82\x44\x72\x39\xDC\xE2\x3C\xC6\xD8\x55\xF5\x15\x4E\xC8\x05\x0E\xDB\xC6\xD0\x62\xA6\xEC\x15\xB4\xB5\x02\x82\xDB\xAC\x8C\xA2\x81\xF0\x9B\x99\x31\xF5\x20\x20\xA8\x88\x61\x0A\x07\x9F\x94\xFC\xD0\xD7\x1B\xCC\x2E\x17\xF3\x04\x27\x76\x67\xEB\x54\x83\xFD\xA4\x90\x7E\x06\x3D\x04\xA3\x43\x2D\xDA\xFC\x0B\x62\xEA\x2F\x5F\x62\x53", ["CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x5E\x30\x82\x03\x46\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x21\xB4\x11\xD3\x2A\x68\x06\xA9\xAD\x69\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x34\x31\x38\x35\x37\x32\x31\x5A\x17\x0D\x31\x39\x30\x36\x32\x34\x31\x39\x30\x36\x33\x30\x5A\x30\x81\x93\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4E\x20\x2D\x20\x44\x41\x54\x41\x43\x6F\x72\x70\x20\x53\x47\x43\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDF\xEE\x58\x10\xA2\x2B\x6E\x55\xC4\x8E\xBF\x2E\x46\x09\xE7\xE0\x08\x0F\x2E\x2B\x7A\x13\x94\x1B\xBD\xF6\xB6\x80\x8E\x65\x05\x93\x00\x1E\xBC\xAF\xE2\x0F\x8E\x19\x0D\x12\x47\xEC\xAC\xAD\xA3\xFA\x2E\x70\xF8\xDE\x6E\xFB\x56\x42\x15\x9E\x2E\x5C\xEF\x23\xDE\x21\xB9\x05\x76\x27\x19\x0F\x4F\xD6\xC3\x9C\xB4\xBE\x94\x19\x63\xF2\xA6\x11\x0A\xEB\x53\x48\x9C\xBE\xF2\x29\x3B\x16\xE8\x1A\xA0\x4C\xA6\xC9\xF4\x18\x59\x68\xC0\x70\xF2\x53\x00\xC0\x5E\x50\x82\xA5\x56\x6F\x36\xF9\x4A\xE0\x44\x86\xA0\x4D\x4E\xD6\x47\x6E\x49\x4A\xCB\x67\xD7\xA6\xC4\x05\xB9\x8E\x1E\xF4\xFC\xFF\xCD\xE7\x36\xE0\x9C\x05\x6C\xB2\x33\x22\x15\xD0\xB4\xE0\xCC\x17\xC0\xB2\xC0\xF4\xFE\x32\x3F\x29\x2A\x95\x7B\xD8\xF2\xA7\x4E\x0F\x54\x7C\xA1\x0D\x80\xB3\x09\x03\xC1\xFF\x5C\xDD\x5E\x9A\x3E\xBC\xAE\xBC\x47\x8A\x6A\xAE\x71\xCA\x1F\xB1\x2A\xB8\x5F\x42\x05\x0B\xEC\x46\x30\xD1\x72\x0B\xCA\xE9\x56\x6D\xF5\xEF\xDF\x78\xBE\x61\xBA\xB2\xA5\xAE\x04\x4C\xBC\xA8\xAC\x69\x15\x97\xBD\xEF\xEB\xB4\x8C\xBF\x35\xF8\xD4\xC3\xD1\x28\x0E\x5C\x3A\x9F\x70\x18\x33\x20\x77\xC4\xA2\xAF\x02\x03\x01\x00\x01\xA3\x81\xAB\x30\x81\xA8\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x53\x32\xD1\xB3\xCF\x7F\xFA\xE0\xF1\xA0\x5D\x85\x4E\x92\xD2\x9E\x45\x1D\xB4\x4F\x30\x3D\x06\x03\x55\x1D\x1F\x04\x36\x30\x34\x30\x32\xA0\x30\xA0\x2E\x86\x2C\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x44\x41\x54\x41\x43\x6F\x72\x70\x53\x47\x43\x2E\x63\x72\x6C\x30\x2A\x06\x03\x55\x1D\x25\x04\x23\x30\x21\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x04\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x27\x35\x97\x00\x8A\x8B\x28\xBD\xC6\x33\x30\x1E\x29\xFC\xE2\xF7\xD5\x98\xD4\x40\xBB\x60\xCA\xBF\xAB\x17\x2C\x09\x36\x7F\x50\xFA\x41\xDC\xAE\x96\x3A\x0A\x23\x3E\x89\x59\xC9\xA3\x07\xED\x1B\x37\xAD\xFC\x7C\xBE\x51\x49\x5A\xDE\x3A\x0A\x54\x08\x16\x45\xC2\x99\xB1\x87\xCD\x8C\x68\xE0\x69\x03\xE9\xC4\x4E\x98\xB2\x3B\x8C\x16\xB3\x0E\xA0\x0C\x98\x50\x9B\x93\xA9\x70\x09\xC8\x2C\xA3\x8F\xDF\x02\xE4\xE0\x71\x3A\xF1\xB4\x23\x72\xA0\xAA\x01\xDF\xDF\x98\x3E\x14\x50\xA0\x31\x26\xBD\x28\xE9\x5A\x30\x26\x75\xF9\x7B\x60\x1C\x8D\xF3\xCD\x50\x26\x6D\x04\x27\x9A\xDF\xD5\x0D\x45\x47\x29\x6B\x2C\xE6\x76\xD9\xA9\x29\x7D\x32\xDD\xC9\x36\x3C\xBD\xAE\x35\xF1\x11\x9E\x1D\xBB\x90\x3F\x12\x47\x4E\x8E\xD7\x7E\x0F\x62\x73\x1D\x52\x26\x38\x1C\x18\x49\xFD\x30\x74\x9A\xC4\xE5\x22\x2F\xD8\xC0\x8D\xED\x91\x7A\x4C\x00\x8F\x72\x7F\x5D\xDA\xDD\x1B\x8B\x45\x6B\xE7\xDD\x69\x97\xA8\xC5\x56\x4C\x0F\x0C\xF6\x9F\x7A\x91\x37\xF6\x97\x82\xE0\xDD\x71\x69\xFF\x76\x3F\x60\x4D\x3C\xCF\xF7\x99\xF9\xC6\x57\xF4\xC9\x55\x39\x78\xBA\x2C\x79\xC9\xA6\x88\x2B\xF4\x08", ["CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US"] = "\x30\x82\x04\x74\x30\x82\x03\x5C\xA0\x03\x02\x01\x02\x02\x10\x44\xBE\x0C\x8B\x50\x00\x24\xB4\x11\xD3\x36\x2A\xFE\x65\x0A\xFD\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x1E\x17\x0D\x39\x39\x30\x37\x30\x39\x31\x38\x31\x30\x34\x32\x5A\x17\x0D\x31\x39\x30\x37\x30\x39\x31\x38\x31\x39\x32\x32\x5A\x30\x81\x97\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0E\x53\x61\x6C\x74\x20\x4C\x61\x6B\x65\x20\x43\x69\x74\x79\x31\x1E\x30\x1C\x06\x03\x55\x04\x0A\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x0B\x13\x18\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x31\x1F\x30\x1D\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB1\xF7\xC3\x38\x3F\xB4\xA8\x7F\xCF\x39\x82\x51\x67\xD0\x6D\x9F\xD2\xFF\x58\xF3\xE7\x9F\x2B\xEC\x0D\x89\x54\x99\xB9\x38\x99\x16\xF7\xE0\x21\x79\x48\xC2\xBB\x61\x74\x12\x96\x1D\x3C\x6A\x72\xD5\x3C\x10\x67\x3A\x39\xED\x2B\x13\xCD\x66\xEB\x95\x09\x33\xA4\x6C\x97\xB1\xE8\xC6\xEC\xC1\x75\x79\x9C\x46\x5E\x8D\xAB\xD0\x6A\xFD\xB9\x2A\x55\x17\x10\x54\xB3\x19\xF0\x9A\xF6\xF1\xB1\x5D\xB6\xA7\x6D\xFB\xE0\x71\x17\x6B\xA2\x88\xFB\x00\xDF\xFE\x1A\x31\x77\x0C\x9A\x01\x7A\xB1\x32\xE3\x2B\x01\x07\x38\x6E\xC3\xA5\x5E\x23\xBC\x45\x9B\x7B\x50\xC1\xC9\x30\x8F\xDB\xE5\x2B\x7A\xD3\x5B\xFB\x33\x40\x1E\xA0\xD5\x98\x17\xBC\x8B\x87\xC3\x89\xD3\x5D\xA0\x8E\xB2\xAA\xAA\xF6\x8E\x69\x88\x06\xC5\xFA\x89\x21\xF3\x08\x9D\x69\x2E\x09\x33\x9B\x29\x0D\x46\x0F\x8C\xCC\x49\x34\xB0\x69\x51\xBD\xF9\x06\xCD\x68\xAD\x66\x4C\xBC\x3E\xAC\x61\xBD\x0A\x88\x0E\xC8\xDF\x3D\xEE\x7C\x04\x4C\x9D\x0A\x5E\x6B\x91\xD6\xEE\xC7\xED\x28\x8D\xAB\x4D\x87\x89\x73\xD0\x6E\xA4\xD0\x1E\x16\x8B\x14\xE1\x76\x44\x03\x7F\x63\xAC\xE4\xCD\x49\x9C\xC5\x92\xF4\xAB\x32\xA1\x48\x5B\x02\x03\x01\x00\x01\xA3\x81\xB9\x30\x81\xB6\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\xC6\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA1\x72\x5F\x26\x1B\x28\x98\x43\x95\x5D\x07\x37\xD5\x85\x96\x9D\x4B\xD2\xC3\x45\x30\x44\x06\x03\x55\x1D\x1F\x04\x3D\x30\x3B\x30\x39\xA0\x37\xA0\x35\x86\x33\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2E\x63\x6F\x6D\x2F\x55\x54\x4E\x2D\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2D\x48\x61\x72\x64\x77\x61\x72\x65\x2E\x63\x72\x6C\x30\x31\x06\x03\x55\x1D\x25\x04\x2A\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x05\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x06\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x07\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x19\x0F\xDE\x74\xC6\x99\x97\xAF\xFC\xAD\x28\x5E\x75\x8E\xEB\x2D\x67\xEE\x4E\x7B\x2B\xD7\x0C\xFF\xF6\xDE\xCB\x55\xA2\x0A\xE1\x4C\x54\x65\x93\x60\x6B\x9F\x12\x9C\xAD\x5E\x83\x2C\xEB\x5A\xAE\xC0\xE4\x2D\xF4\x00\x63\x1D\xB8\xC0\x6C\xF2\xCF\x49\xBB\x4D\x93\x6F\x06\xA6\x0A\x22\xB2\x49\x62\x08\x4E\xFF\xC8\xC8\x14\xB2\x88\x16\x5D\xE7\x01\xE4\x12\x95\xE5\x45\x34\xB3\x8B\x69\xBD\xCF\xB4\x85\x8F\x75\x51\x9E\x7D\x3A\x38\x3A\x14\x48\x12\xC6\xFB\xA7\x3B\x1A\x8D\x0D\x82\x40\x07\xE8\x04\x08\x90\xA1\x89\xCB\x19\x50\xDF\xCA\x1C\x01\xBC\x1D\x04\x19\x7B\x10\x76\x97\x3B\xEE\x90\x90\xCA\xC4\x0E\x1F\x16\x6E\x75\xEF\x33\xF8\xD3\x6F\x5B\x1E\x96\xE3\xE0\x74\x77\x74\x7B\x8A\xA2\x6E\x2D\xDD\x76\xD6\x39\x30\x82\xF0\xAB\x9C\x52\xF2\x2A\xC7\xAF\x49\x5E\x7E\xC7\x68\xE5\x82\x81\xC8\x6A\x27\xF9\x27\x88\x2A\xD5\x58\x50\x95\x1F\xF0\x3B\x1C\x57\xBB\x7D\x14\x39\x62\x2B\x9A\xC9\x94\x92\x2A\xA3\x22\x0C\xFF\x89\x26\x7D\x5F\x23\x2B\x47\xD7\x15\x1D\xA9\x6A\x9E\x51\x0D\x2A\x51\x9E\x81\xF9\xD4\x3B\x5E\x70\x12\x7F\x10\x32\x9C\x1E\xBB\x9D\xF8\x66\xA8", ["CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU"] = "\x30\x82\x04\xBD\x30\x82\x03\xA5\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x33\x30\x39\x33\x30\x31\x36\x31\x33\x34\x33\x5A\x17\x0D\x33\x37\x30\x39\x33\x30\x31\x36\x31\x33\x34\x34\x5A\x30\x7F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0A\x13\x1E\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0B\x13\x1A\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x30\x82\x01\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0D\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xB7\x36\x55\xE5\xA5\x5D\x18\x30\xE0\xDA\x89\x54\x91\xFC\xC8\xC7\x52\xF8\x2F\x50\xD9\xEF\xB1\x75\x73\x65\x47\x7D\x1B\x5B\xBA\x75\xC5\xFC\xA1\x88\x24\xFA\x2F\xED\xCA\x08\x4A\x39\x54\xC4\x51\x7A\xB5\xDA\x60\xEA\x38\x3C\x81\xB2\xCB\xF1\xBB\xD9\x91\x23\x3F\x48\x01\x70\x75\xA9\x05\x2A\xAD\x1F\x71\xF3\xC9\x54\x3D\x1D\x06\x6A\x40\x3E\xB3\x0C\x85\xEE\x5C\x1B\x79\xC2\x62\xC4\xB8\x36\x8E\x35\x5D\x01\x0C\x23\x04\x47\x35\xAA\x9B\x60\x4E\xA0\x66\x3D\xCB\x26\x0A\x9C\x40\xA1\xF4\x5D\x98\xBF\x71\xAB\xA5\x00\x68\x2A\xED\x83\x7A\x0F\xA2\x14\xB5\xD4\x22\xB3\x80\xB0\x3C\x0C\x5A\x51\x69\x2D\x58\x18\x8F\xED\x99\x9E\xF1\xAE\xE2\x95\xE6\xF6\x47\xA8\xD6\x0C\x0F\xB0\x58\x58\xDB\xC3\x66\x37\x9E\x9B\x91\x54\x33\x37\xD2\x94\x1C\x6A\x48\xC9\xC9\xF2\xA5\xDA\xA5\x0C\x23\xF7\x23\x0E\x9C\x32\x55\x5E\x71\x9C\x84\x05\x51\x9A\x2D\xFD\xE6\x4E\x2A\x34\x5A\xDE\xCA\x40\x37\x67\x0C\x54\x21\x55\x77\xDA\x0A\x0C\xCC\x97\xAE\x80\xDC\x94\x36\x4A\xF4\x3E\xCE\x36\x13\x1E\x53\xE4\xAC\x4E\x3A\x05\xEC\xDB\xAE\x72\x9C\x38\x8B\xD0\x39\x3B\x89\x0A\x3E\x77\xFE\x75\x02\x01\x03\xA3\x82\x01\x44\x30\x82\x01\x40\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x3C\x06\x03\x55\x1D\x1F\x04\x35\x30\x33\x30\x31\xA0\x2F\xA0\x2D\x86\x2B\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x63\x72\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE3\x94\xF5\xB1\x4D\xE9\xDB\xA1\x29\x5B\x57\x8B\x4D\x76\x06\x76\xE1\xD1\xA2\x8A\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x27\x06\x03\x55\x1D\x11\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x27\x06\x03\x55\x1D\x12\x04\x20\x30\x1E\x81\x1C\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x40\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x30\x58\x06\x03\x55\x1D\x20\x04\x51\x30\x4F\x30\x4D\x06\x0B\x2B\x06\x01\x04\x01\x81\x87\x2E\x0A\x03\x01\x30\x3E\x30\x3C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x30\x68\x74\x74\x70\x3A\x2F\x2F\x63\x70\x73\x2E\x63\x68\x61\x6D\x62\x65\x72\x73\x69\x67\x6E\x2E\x6F\x72\x67\x2F\x63\x70\x73\x2F\x63\x68\x61\x6D\x62\x65\x72\x73\x72\x6F\x6F\x74\x2E\x68\x74\x6D\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0C\x41\x97\xC2\x1A\x86\xC0\x22\x7C\x9F\xFB\x90\xF3\x1A\xD1\x03\xB1\xEF\x13\xF9\x21\x5F\x04\x9C\xDA\xC9\xA5\x8D\x27\x6C\x96\x87\x91\xBE\x41\x90\x01\x72\x93\xE7\x1E\x7D\x5F\xF6\x89\xC6\x5D\xA7\x40\x09\x3D\xAC\x49\x45\x45\xDC\x2E\x8D\x30\x68\xB2\x09\xBA\xFB\xC3\x2F\xCC\xBA\x0B\xDF\x3F\x77\x7B\x46\x7D\x3A\x12\x24\x8E\x96\x8F\x3C\x05\x0A\x6F\xD2\x94\x28\x1D\x6D\x0C\xC0\x2E\x88\x22\xD5\xD8\xCF\x1D\x13\xC7\xF0\x48\xD7\xD7\x05\xA7\xCF\xC7\x47\x9E\x3B\x3C\x34\xC8\x80\x4F\xD4\x14\xBB\xFC\x0D\x50\xF7\xFA\xB3\xEC\x42\x5F\xA9\xDD\x6D\xC8\xF4\x75\xCF\x7B\xC1\x72\x26\xB1\x01\x1C\x5C\x2C\xFD\x7A\x4E\xB4\x01\xC5\x05\x57\xB9\xE7\x3C\xAA\x05\xD9\x88\xE9\x07\x46\x41\xCE\xEF\x41\x81\xAE\x58\xDF\x83\xA2\xAE\xCA\xD7\x77\x1F\xE7\x00\x3C\x9D\x6F\x8E\xE4\x32\x09\x1D\x4D\x78\x34\x78\x34\x3C\x94\x9B\x26\xED\x4F\x71\xC6\x19\x7A\xBD\x20\x22\x48\x5A\xFE\x4B\x7D\x03\xB7\xE7\x58\xBE\xC6\x32\x4E\x74\x1E\x68\xDD\xA8\x68\x5B\xB3\x3E\xEE\x62\x7D\xD9\x80\xE8\x0A\x75\x7A\xB7\xEE\xB4\x65\x9A\x21\x90\xE0\xAA\xD0\x98\xBC\x38\xB5\x73\x3C\x8B\xF8\xDC", @@ -139,4 +135,12 @@ redef root_certs += { ["CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES"] = "\x30\x82\x06\x8B\x30\x82\x05\x73\xA0\x03\x02\x01\x02\x02\x04\x3B\x45\xE5\x68\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x30\x1E\x17\x0D\x30\x31\x30\x37\x30\x36\x31\x36\x32\x32\x34\x37\x5A\x17\x0D\x32\x31\x30\x37\x30\x31\x31\x35\x32\x32\x34\x37\x5A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC6\x2A\xAB\x57\x11\x37\x2F\x22\x8A\xCA\x03\x74\x1D\xCA\xED\x2D\xA2\x0B\xBC\x33\x52\x40\x26\x47\xBE\x5A\x69\xA6\x3B\x72\x36\x17\x4C\xE8\xDF\xB8\xBB\x2F\x76\xE1\x40\x46\x74\x65\x02\x90\x52\x08\xB4\xFF\xA8\x8C\xC1\xE0\xC7\x89\x56\x10\x39\x33\xEF\x68\xB4\x5F\x5F\xDA\x6D\x23\xA1\x89\x5E\x22\xA3\x4A\x06\xF0\x27\xF0\x57\xB9\xF8\xE9\x4E\x32\x77\x0A\x3F\x41\x64\xF3\xEB\x65\xEE\x76\xFE\x54\xAA\x7D\x1D\x20\xAE\xF3\xD7\x74\xC2\x0A\x5F\xF5\x08\x28\x52\x08\xCC\x55\x5D\xD2\x0F\xDB\x9A\x81\xA5\xBB\xA1\xB3\xC1\x94\xCD\x54\xE0\x32\x75\x31\x91\x1A\x62\xB2\xDE\x75\xE2\xCF\x4F\x89\xD9\x91\x90\x0F\x41\x1B\xB4\x5A\x4A\x77\xBD\x67\x83\xE0\x93\xE7\x5E\xA7\x0C\xE7\x81\xD3\xF4\x52\xAC\x53\xB2\x03\xC7\x44\x26\xFB\x79\xE5\xCB\x34\x60\x50\x10\x7B\x1B\xDB\x6B\xD7\x47\xAB\x5F\x7C\x68\xCA\x6E\x9D\x41\x03\x10\xEE\x6B\x99\x7B\x5E\x25\xA8\xC2\xAB\xE4\xC0\xF3\x5C\x9C\xE3\xBE\xCE\x31\x4C\x64\x1E\x5E\x80\xA2\xF5\x83\x7E\x0C\xD6\xCA\x8C\x55\x8E\xBE\xE0\xBE\x49\x07\x0F\xA3\x24\x41\x7A\x58\x1D\x84\xEA\x58\x12\xC8\xE1\xB7\xED\xEF\x93\xDE\x94\x08\x31\x02\x03\x01\x00\x01\xA3\x82\x03\x3B\x30\x82\x03\x37\x30\x32\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x26\x30\x24\x30\x22\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x16\x68\x74\x74\x70\x3A\x2F\x2F\x6F\x63\x73\x70\x2E\x70\x6B\x69\x2E\x67\x76\x61\x2E\x65\x73\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x02\x30\x82\x02\x34\x06\x03\x55\x1D\x20\x04\x82\x02\x2B\x30\x82\x02\x27\x30\x82\x02\x23\x06\x0A\x2B\x06\x01\x04\x01\xBF\x55\x02\x01\x00\x30\x82\x02\x13\x30\x82\x01\xE8\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\xDA\x1E\x82\x01\xD6\x00\x41\x00\x75\x00\x74\x00\x6F\x00\x72\x00\x69\x00\x64\x00\x61\x00\x64\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x52\x00\x61\x00\xED\x00\x7A\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x47\x00\x65\x00\x6E\x00\x65\x00\x72\x00\x61\x00\x6C\x00\x69\x00\x74\x00\x61\x00\x74\x00\x20\x00\x56\x00\x61\x00\x6C\x00\x65\x00\x6E\x00\x63\x00\x69\x00\x61\x00\x6E\x00\x61\x00\x2E\x00\x0D\x00\x0A\x00\x4C\x00\x61\x00\x20\x00\x44\x00\x65\x00\x63\x00\x6C\x00\x61\x00\x72\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x64\x00\x65\x00\x20\x00\x50\x00\x72\x00\xE1\x00\x63\x00\x74\x00\x69\x00\x63\x00\x61\x00\x73\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x71\x00\x75\x00\x65\x00\x20\x00\x72\x00\x69\x00\x67\x00\x65\x00\x20\x00\x65\x00\x6C\x00\x20\x00\x66\x00\x75\x00\x6E\x00\x63\x00\x69\x00\x6F\x00\x6E\x00\x61\x00\x6D\x00\x69\x00\x65\x00\x6E\x00\x74\x00\x6F\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x70\x00\x72\x00\x65\x00\x73\x00\x65\x00\x6E\x00\x74\x00\x65\x00\x20\x00\x41\x00\x75\x00\x74\x00\x6F\x00\x72\x00\x69\x00\x64\x00\x61\x00\x64\x00\x20\x00\x64\x00\x65\x00\x20\x00\x43\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x63\x00\x61\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x73\x00\x65\x00\x20\x00\x65\x00\x6E\x00\x63\x00\x75\x00\x65\x00\x6E\x00\x74\x00\x72\x00\x61\x00\x20\x00\x65\x00\x6E\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x64\x00\x69\x00\x72\x00\x65\x00\x63\x00\x63\x00\x69\x00\xF3\x00\x6E\x00\x20\x00\x77\x00\x65\x00\x62\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3A\x00\x2F\x00\x2F\x00\x77\x00\x77\x00\x77\x00\x2E\x00\x70\x00\x6B\x00\x69\x00\x2E\x00\x67\x00\x76\x00\x61\x00\x2E\x00\x65\x00\x73\x00\x2F\x00\x63\x00\x70\x00\x73\x30\x25\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x19\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x70\x6B\x69\x2E\x67\x76\x61\x2E\x65\x73\x2F\x63\x70\x73\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7B\x35\xD3\x40\xD2\x1C\x78\x19\x66\xEF\x74\x10\x28\xDC\x3E\x4F\xB2\x78\x04\xFC\x30\x81\x95\x06\x03\x55\x1D\x23\x04\x81\x8D\x30\x81\x8A\x80\x14\x7B\x35\xD3\x40\xD2\x1C\x78\x19\x66\xEF\x74\x10\x28\xDC\x3E\x4F\xB2\x78\x04\xFC\xA1\x6C\xA4\x6A\x30\x68\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x1F\x30\x1D\x06\x03\x55\x04\x0A\x13\x16\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x4B\x49\x47\x56\x41\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1E\x52\x6F\x6F\x74\x20\x43\x41\x20\x47\x65\x6E\x65\x72\x61\x6C\x69\x74\x61\x74\x20\x56\x61\x6C\x65\x6E\x63\x69\x61\x6E\x61\x82\x04\x3B\x45\xE5\x68\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x24\x61\x4E\xF5\xB5\xC8\x42\x02\x2A\xB3\x5C\x75\xAD\xC5\x6D\xCA\xE7\x94\x3F\xA5\x68\x95\x88\xC1\x54\xC0\x10\x69\xA2\x12\x2F\x18\x3F\x25\x50\xA8\x7C\x4A\xEA\xC6\x09\xD9\xF4\x75\xC6\x40\xDA\xAF\x50\x9D\x3D\xA5\x16\xBB\x6D\x31\xC6\xC7\x73\x0A\x48\xFE\x20\x72\xED\x6F\xCC\xE8\x83\x61\x16\x46\x90\x01\x95\x4B\x7D\x8E\x9A\x52\x09\x2F\xF6\x6F\x1C\xE4\xA1\x71\xCF\x8C\x2A\x5A\x17\x73\x83\x47\x4D\x0F\x36\xFB\x04\x4D\x49\x51\xE2\x14\xC9\x64\x61\xFB\xD4\x14\xE0\xF4\x9E\xB7\x34\x8F\x0A\x26\xBD\x97\x5C\xF4\x79\x3A\x4A\x30\x19\xCC\xAD\x4F\xA0\x98\x8A\xB4\x31\x97\x2A\xE2\x73\x6D\x7E\x78\xB8\xF8\x88\x89\x4F\xB1\x22\x91\x64\x4B\xF5\x50\xDE\x03\xDB\xE5\xC5\x76\xE7\x13\x66\x75\x7E\x65\xFB\x01\x9F\x93\x87\x88\x9D\xF9\x46\x57\x7C\x4D\x60\xAF\x98\x73\x13\x23\xA4\x20\x91\x81\xFA\xD0\x61\x66\xB8\x7D\xD1\xAF\xD6\x6F\x1E\x6C\x3D\xE9\x11\xFD\xA9\xF9\x82\x22\x86\x99\x33\x71\x5A\xEA\x19\x57\x3D\x91\xCD\xA9\xC0\xA3\x6E\x07\x13\xA6\xC9\xED\xF8\x68\xA3\x9E\xC3\x5A\x72\x09\x87\x28\xD1\xC4\x73\xC4\x73\x18\x5F\x50\x75\x16\x31\x9F\xB7\xE8\x7C\xC3", ["CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT"] = "\x30\x82\x03\xCF\x30\x82\x02\xB7\xA0\x03\x02\x01\x02\x02\x03\x01\x6C\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x8D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x54\x31\x48\x30\x46\x06\x03\x55\x04\x0A\x0C\x3F\x41\x2D\x54\x72\x75\x73\x74\x20\x47\x65\x73\x2E\x20\x66\x2E\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x73\x79\x73\x74\x65\x6D\x65\x20\x69\x6D\x20\x65\x6C\x65\x6B\x74\x72\x2E\x20\x44\x61\x74\x65\x6E\x76\x65\x72\x6B\x65\x68\x72\x20\x47\x6D\x62\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x31\x19\x30\x17\x06\x03\x55\x04\x03\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x30\x1E\x17\x0D\x30\x35\x30\x38\x31\x37\x32\x32\x30\x30\x30\x30\x5A\x17\x0D\x31\x35\x30\x38\x31\x37\x32\x32\x30\x30\x30\x30\x5A\x30\x81\x8D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x54\x31\x48\x30\x46\x06\x03\x55\x04\x0A\x0C\x3F\x41\x2D\x54\x72\x75\x73\x74\x20\x47\x65\x73\x2E\x20\x66\x2E\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x73\x79\x73\x74\x65\x6D\x65\x20\x69\x6D\x20\x65\x6C\x65\x6B\x74\x72\x2E\x20\x44\x61\x74\x65\x6E\x76\x65\x72\x6B\x65\x68\x72\x20\x47\x6D\x62\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0B\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x31\x19\x30\x17\x06\x03\x55\x04\x03\x0C\x10\x41\x2D\x54\x72\x75\x73\x74\x2D\x6E\x51\x75\x61\x6C\x2D\x30\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x3D\x61\x6E\x03\xF3\x90\x3B\xC0\x41\x0B\x84\x80\xCD\xEC\x2A\xA3\x9D\x6B\xBB\x6E\xC2\x42\x84\xF7\x51\x14\xE1\xA0\xA8\x2D\x51\xA3\x51\xF2\xDE\x23\xF0\x34\x44\xFF\x94\xEB\xCC\x05\x23\x95\x40\xB9\x07\x78\xA5\x25\xF6\x0A\xBD\x45\x86\xE8\xD9\xBD\xC0\x04\x8E\x85\x44\x61\xEF\x7F\xA7\xC9\xFA\xC1\x25\xCC\x85\x2C\x63\x3F\x05\x60\x73\x49\x05\xE0\x60\x78\x95\x10\x4B\xDC\xF9\x11\x59\xCE\x71\x7F\x40\x9B\x8A\xAA\x24\xDF\x0B\x42\xE2\xDB\x56\xBC\x4A\xD2\xA5\x0C\x9B\xB7\x43\x3E\xDD\x83\xD3\x26\x10\x02\xCF\xEA\x23\xC4\x49\x4E\xE5\xD3\xE9\xB4\x88\xAB\x0C\xAE\x62\x92\xD4\x65\x87\xD9\x6A\xD7\xF4\x85\x9F\xE4\x33\x22\x25\xA5\xE5\xC8\x33\xBA\xC3\xC7\x41\xDC\x5F\xC6\x6A\xCC\x00\x0E\x6D\x32\xA8\xB6\x87\x36\x00\x62\x77\x9B\x1E\x1F\x34\xCB\x90\x3C\x78\x88\x74\x05\xEB\x79\xF5\x93\x71\x65\xCA\x9D\xC7\x6B\x18\x2D\x3D\x5C\x4E\xE7\xD5\xF8\x3F\x31\x7D\x8F\x87\xEC\x0A\x22\x2F\x23\xE9\xFE\xBB\x7D\xC9\xE0\xF4\xEC\xEB\x7C\xC4\xB0\xC3\x2D\x62\xB5\x9A\x71\xD6\xB1\x6A\xE8\xEC\xD9\xED\xD5\x72\xEC\xBE\x57\x01\xCE\x05\x55\x9F\xDE\xD1\x60\x88\x10\xB3\x02\x03\x01\x00\x01\xA3\x36\x30\x34\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x11\x06\x03\x55\x1D\x0E\x04\x0A\x04\x08\x44\x6A\x95\x67\x55\x79\x11\x4F\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x55\xD4\x54\xD1\x59\x48\x5C\xB3\x93\x85\xAA\xBF\x63\x2F\xE4\x80\xCE\x34\xA3\x34\x62\x3E\xF6\xD8\xEE\x67\x88\x31\x04\x03\x6F\x0B\xD4\x07\xFB\x4E\x75\x0F\xD3\x2E\xD3\xC0\x17\xC7\xC6\x28\xEC\x06\x0D\x11\x24\x0E\x0E\xA5\x5D\xBF\x8C\xB2\x13\x96\x71\xDC\xD4\xCE\x0E\x0D\x0A\x68\x32\x6C\xB9\x41\x31\x19\xAB\xB1\x07\x7B\x4D\x98\xD3\x5C\xB0\xD1\xF0\xA7\x42\xA0\xB5\xC4\x8E\xAF\xFE\xF1\x3F\xF4\xEF\x4F\x46\x00\x76\xEB\x02\xFB\xF9\x9D\xD2\x40\x96\xC7\x88\x3A\xB8\x9F\x11\x79\xF3\x80\x65\xA8\xBD\x1F\xD3\x78\x81\xA0\x51\x4C\x37\xB4\xA6\x5D\x25\x70\xD1\x66\xC9\x68\xF9\x2E\x11\x14\x68\xF1\x54\x98\x08\xAC\x26\x92\x0F\xDE\x89\x9E\xD4\xFA\xB3\x79\x2B\xD2\xA3\x79\xD4\xEC\x8B\xAC\x87\x53\x68\x42\x4C\x51\x51\x74\x1E\x1B\x27\x2E\xE3\xF5\x1F\x29\x74\x4D\xED\xAF\xF7\xE1\x92\x99\x81\xE8\xBE\x3A\xC7\x17\x50\xF6\xB7\xC6\xFC\x9B\xB0\x8A\x6B\xD6\x88\x03\x91\x8F\x06\x77\x3A\x85\x02\xDD\x98\xD5\x43\x78\x3F\xC6\x30\x15\xAC\x9B\x6B\xCB\x57\xB7\x89\x51\x8B\x3A\xE8\xC9\x84\x0C\xDB\xB1\x50\x20\x0A\x1A\x4A\xBA\x6A\x1A\xBD\xEC\x1B\xC8\xC5\x84\x9A\xCD", ["CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW"] = "\x30\x82\x03\x7B\x30\x82\x02\x63\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x54\x57\x43\x41\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x30\x38\x30\x38\x32\x38\x30\x37\x32\x34\x33\x33\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x31\x35\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x0C\x09\x54\x41\x49\x57\x41\x4E\x2D\x43\x41\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x0C\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x54\x57\x43\x41\x20\x52\x6F\x6F\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB0\x7E\x72\xB8\xA4\x03\x94\xE6\xA7\xDE\x09\x38\x91\x4A\x11\x40\x87\xA7\x7C\x59\x64\x14\x7B\xB5\x11\x10\xDD\xFE\xBF\xD5\xC0\xBB\x56\xE2\x85\x25\xF4\x35\x72\x0F\xF8\x53\xD0\x41\xE1\x44\x01\xC2\xB4\x1C\xC3\x31\x42\x16\x47\x85\x33\x22\x76\xB2\x0A\x6F\x0F\xE5\x25\x50\x4F\x85\x86\xBE\xBF\x98\x2E\x10\x67\x1E\xBE\x11\x05\x86\x05\x90\xC4\x59\xD0\x7C\x78\x10\xB0\x80\x5C\xB7\xE1\xC7\x2B\x75\xCB\x7C\x9F\xAE\xB5\xD1\x9D\x23\x37\x63\xA7\xDC\x42\xA2\x2D\x92\x04\x1B\x50\xC1\x7B\xB8\x3E\x1B\xC9\x56\x04\x8B\x2F\x52\x9B\xAD\xA9\x56\xE9\xC1\xFF\xAD\xA9\x58\x87\x30\xB6\x81\xF7\x97\x45\xFC\x19\x57\x3B\x2B\x6F\xE4\x47\xF4\x99\x45\xFE\x1D\xF1\xF8\x97\xA3\x88\x1D\x37\x1C\x5C\x8F\xE0\x76\x25\x9A\x50\xF8\xA0\x54\xFF\x44\x90\x76\x23\xD2\x32\xC6\xC3\xAB\x06\xBF\xFC\xFB\xBF\xF3\xAD\x7D\x92\x62\x02\x5B\x29\xD3\x35\xA3\x93\x9A\x43\x64\x60\x5D\xB2\xFA\x32\xFF\x3B\x04\xAF\x4D\x40\x6A\xF9\xC7\xE3\xEF\x23\xFD\x6B\xCB\xE5\x0F\x8B\x38\x0D\xEE\x0A\xFC\xFE\x0F\x98\x9F\x30\x31\xDD\x6C\x52\x65\xF9\x8B\x81\xBE\x22\xE1\x1C\x58\x03\xBA\x91\x1B\x89\x07\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6A\x38\x5B\x26\x8D\xDE\x8B\x5A\xF2\x4F\x7A\x54\x83\x19\x18\xE3\x08\x35\xA6\xBA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3C\xD5\x77\x3D\xDA\xDF\x89\xBA\x87\x0C\x08\x54\x6A\x20\x50\x92\xBE\xB0\x41\x3D\xB9\x26\x64\x83\x0A\x2F\xE8\x40\xC0\x97\x28\x27\x82\x30\x4A\xC9\x93\xFF\x6A\xE7\xA6\x00\x7F\x89\x42\x9A\xD6\x11\xE5\x53\xCE\x2F\xCC\xF2\xDA\x05\xC4\xFE\xE2\x50\xC4\x3A\x86\x7D\xCC\xDA\x7E\x10\x09\x3B\x92\x35\x2A\x53\xB2\xFE\xEB\x2B\x05\xD9\x6C\x5D\xE6\xD0\xEF\xD3\x6A\x66\x9E\x15\x28\x85\x7A\xE8\x82\x00\xAC\x1E\xA7\x09\x69\x56\x42\xD3\x68\x51\x18\xBE\x54\x9A\xBF\x44\x41\xBA\x49\xBE\x20\xBA\x69\x5C\xEE\xB8\x77\xCD\xCE\x6C\x1F\xAD\x83\x96\x18\x7D\x0E\xB5\x14\x39\x84\xF1\x28\xE9\x2D\xA3\x9E\x7B\x1E\x7A\x72\x5A\x83\xB3\x79\x6F\xEF\xB4\xFC\xD0\x0A\xA5\x58\x4F\x46\xDF\xFB\x6D\x79\x59\xF2\x84\x22\x52\xAE\x0F\xCC\xFB\x7C\x3B\xE7\x6A\xCA\x47\x61\xC3\x7A\xF8\xD3\x92\x04\x1F\xB8\x20\x84\xE1\x36\x54\x16\xC7\x40\xDE\x3B\x8A\x73\xDC\xDF\xC6\x09\x4C\xDF\xEC\xDA\xFF\xD4\x53\x42\xA1\xC9\xF2\x62\x1D\x22\x83\x3C\x97\xC5\xF9\x19\x62\x27\xAC\x65\x22\xD7\xD3\x3C\xC6\xE5\x8E\xB2\x53\xCC\x49\xCE\xBC\x30\xFE\x7B\x0E\x33\x90\xFB\xED\xD2\x14\x91\x1F\x07\xAF", + ["OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x32\x30\x1E\x17\x0D\x30\x39\x30\x35\x32\x39\x30\x35\x30\x30\x33\x39\x5A\x17\x0D\x32\x39\x30\x35\x32\x39\x30\x35\x30\x30\x33\x39\x5A\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4A\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0A\x13\x1C\x53\x45\x43\x4F\x4D\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6D\x73\x20\x43\x4F\x2E\x2C\x4C\x54\x44\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6F\x6D\x6D\x75\x6E\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x43\x41\x32\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD0\x15\x39\x52\xB1\x52\xB3\xBA\xC5\x59\x82\xC4\x5D\x52\xAE\x3A\x43\x65\x80\x4B\xC7\xF2\x96\xBC\xDB\x36\x97\xD6\xA6\x64\x8C\xA8\x5E\xF0\xE3\x0A\x1C\xF7\xDF\x97\x3D\x4B\xAE\xF6\x5D\xEC\x21\xB5\x41\xAB\xCD\xB9\x7E\x76\x9F\xBE\xF9\x3E\x36\x34\xA0\x3B\xC1\xF6\x31\x11\x45\x74\x93\x3D\x57\x80\xC5\xF9\x89\x99\xCA\xE5\xAB\x6A\xD4\xB5\xDA\x41\x90\x10\xC1\xD6\xD6\x42\x89\xC2\xBF\xF4\x38\x12\x95\x4C\x54\x05\xF7\x36\xE4\x45\x83\x7B\x14\x65\xD6\xDC\x0C\x4D\xD1\xDE\x7E\x0C\xAB\x3B\xC4\x15\xBE\x3A\x56\xA6\x5A\x6F\x76\x69\x52\xA9\x7A\xB9\xC8\xEB\x6A\x9A\x5D\x52\xD0\x2D\x0A\x6B\x35\x16\x09\x10\x84\xD0\x6A\xCA\x3A\x06\x00\x37\x47\xE4\x7E\x57\x4F\x3F\x8B\xEB\x67\xB8\x88\xAA\xC5\xBE\x53\x55\xB2\x91\xC4\x7D\xB9\xB0\x85\x19\x06\x78\x2E\xDB\x61\x1A\xFA\x85\xF5\x4A\x91\xA1\xE7\x16\xD5\x8E\xA2\x39\xDF\x94\xB8\x70\x1F\x28\x3F\x8B\xFC\x40\x5E\x63\x83\x3C\x83\x2A\x1A\x99\x6B\xCF\xDE\x59\x6A\x3B\xFC\x6F\x16\xD7\x1F\xFD\x4A\x10\xEB\x4E\x82\x16\x3A\xAC\x27\x0C\x53\xF1\xAD\xD5\x24\xB0\x6B\x03\x50\xC1\x2D\x3C\x16\xDD\x44\x34\x27\x1A\x75\xFB\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x0A\x85\xA9\x77\x65\x05\x98\x7C\x40\x81\xF8\x0F\x97\x2C\x38\xF1\x0A\xEC\x3C\xCF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4C\x3A\xA3\x44\xAC\xB9\x45\xB1\xC7\x93\x7E\xC8\x0B\x0A\x42\xDF\x64\xEA\x1C\xEE\x59\x6C\x08\xBA\x89\x5F\x6A\xCA\x4A\x95\x9E\x7A\x8F\x07\xC5\xDA\x45\x72\x82\x71\x0E\x3A\xD2\xCC\x6F\xA7\xB4\xA1\x23\xBB\xF6\x24\x9F\xCB\x17\xFE\x8C\xA6\xCE\xC2\xD2\xDB\xCC\x8D\xFC\x71\xFC\x03\x29\xC1\x6C\x5D\x33\x5F\x64\xB6\x65\x3B\x89\x6F\x18\x76\x78\xF5\xDC\xA2\x48\x1F\x19\x3F\x8E\x93\xEB\xF1\xFA\x17\xEE\xCD\x4E\xE3\x04\x12\x55\xD6\xE5\xE4\xDD\xFB\x3E\x05\x7C\xE2\x1D\x5E\xC6\xA7\xBC\x97\x4F\x68\x3A\xF5\xE9\x2E\x0A\x43\xB6\xAF\x57\x5C\x62\x68\x7C\xB7\xFD\xA3\x8A\x84\xA0\xAC\x62\xBE\x2B\x09\x87\x34\xF0\x6A\x01\xBB\x9B\x29\x56\x3C\xFE\x00\x37\xCF\x23\x6C\xF1\x4E\xAA\xB6\x74\x46\x12\x6C\x91\xEE\x34\xD5\xEC\x9A\x91\xE7\x44\xBE\x90\x31\x72\xD5\x49\x02\xF6\x02\xE5\xF4\x1F\xEB\x7C\xD9\x96\x55\xA9\xFF\xEC\x8A\xF9\x99\x47\xFF\x35\x5A\x02\xAA\x04\xCB\x8A\x5B\x87\x71\x29\x91\xBD\xA4\xB4\x7A\x0D\xBD\x9A\xF5\x57\x23\x00\x07\x21\x17\x3F\x4A\x39\xD1\x05\x49\x0B\xA7\xB6\x37\x81\xA5\x5D\x8C\xAA\x33\x5E\x81\x28\x7C\xA7\x7D\x27\xEB\x00\xAE\x8D\x37", + ["CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES"] = "\x30\x82\x05\x56\x30\x82\x04\x3E\xA0\x03\x02\x01\x02\x02\x10\xEE\x2B\x3D\xEB\xD4\x21\xDE\x14\xA8\x62\xAC\x04\xF3\xDD\xC4\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xF3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x3B\x30\x39\x06\x03\x55\x04\x0A\x13\x32\x41\x67\x65\x6E\x63\x69\x61\x20\x43\x61\x74\x61\x6C\x61\x6E\x61\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x28\x4E\x49\x46\x20\x51\x2D\x30\x38\x30\x31\x31\x37\x36\x2D\x49\x29\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x72\x76\x65\x69\x73\x20\x50\x75\x62\x6C\x69\x63\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x28\x63\x29\x30\x33\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x4A\x65\x72\x61\x72\x71\x75\x69\x61\x20\x45\x6E\x74\x69\x74\x61\x74\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x43\x61\x74\x61\x6C\x61\x6E\x65\x73\x31\x0F\x30\x0D\x06\x03\x55\x04\x03\x13\x06\x45\x43\x2D\x41\x43\x43\x30\x1E\x17\x0D\x30\x33\x30\x31\x30\x37\x32\x33\x30\x30\x30\x30\x5A\x17\x0D\x33\x31\x30\x31\x30\x37\x32\x32\x35\x39\x35\x39\x5A\x30\x81\xF3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x3B\x30\x39\x06\x03\x55\x04\x0A\x13\x32\x41\x67\x65\x6E\x63\x69\x61\x20\x43\x61\x74\x61\x6C\x61\x6E\x61\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x28\x4E\x49\x46\x20\x51\x2D\x30\x38\x30\x31\x31\x37\x36\x2D\x49\x29\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x53\x65\x72\x76\x65\x69\x73\x20\x50\x75\x62\x6C\x69\x63\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x28\x63\x29\x30\x33\x31\x35\x30\x33\x06\x03\x55\x04\x0B\x13\x2C\x4A\x65\x72\x61\x72\x71\x75\x69\x61\x20\x45\x6E\x74\x69\x74\x61\x74\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x20\x43\x61\x74\x61\x6C\x61\x6E\x65\x73\x31\x0F\x30\x0D\x06\x03\x55\x04\x03\x13\x06\x45\x43\x2D\x41\x43\x43\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB3\x22\xC7\x4F\xE2\x97\x42\x95\x88\x47\x83\x40\xF6\x1D\x17\xF3\x83\x73\x24\x1E\x51\xF3\x98\x8A\xC3\x92\xB8\xFF\x40\x90\x05\x70\x87\x60\xC9\x00\xA9\xB5\x94\x65\x19\x22\x15\x17\xC2\x43\x6C\x66\x44\x9A\x0D\x04\x3E\x39\x6F\xA5\x4B\x7A\xAA\x63\xB7\x8A\x44\x9D\xD9\x63\x91\x84\x66\xE0\x28\x0F\xBA\x42\xE3\x6E\x8E\xF7\x14\x27\x93\x69\xEE\x91\x0E\xA3\x5F\x0E\xB1\xEB\x66\xA2\x72\x4F\x12\x13\x86\x65\x7A\x3E\xDB\x4F\x07\xF4\xA7\x09\x60\xDA\x3A\x42\x99\xC7\xB2\x7F\xB3\x16\x95\x1C\xC7\xF9\x34\xB5\x94\x85\xD5\x99\x5E\xA0\x48\xA0\x7E\xE7\x17\x65\xB8\xA2\x75\xB8\x1E\xF3\xE5\x42\x7D\xAF\xED\xF3\x8A\x48\x64\x5D\x82\x14\x93\xD8\xC0\xE4\xFF\xB3\x50\x72\xF2\x76\xF6\xB3\x5D\x42\x50\x79\xD0\x94\x3E\x6B\x0C\x00\xBE\xD8\x6B\x0E\x4E\x2A\xEC\x3E\xD2\xCC\x82\xA2\x18\x65\x33\x13\x77\x9E\x9A\x5D\x1A\x13\xD8\xC3\xDB\x3D\xC8\x97\x7A\xEE\x70\xED\xA7\xE6\x7C\xDB\x71\xCF\x2D\x94\x62\xDF\x6D\xD6\xF5\x38\xBE\x3F\xA5\x85\x0A\x19\xB8\xA8\xD8\x09\x75\x42\x70\xC4\xEA\xEF\xCB\x0E\xC8\x34\xA8\x12\x22\x98\x0C\xB8\x13\x94\xB6\x4B\xEC\xF0\xD0\x90\xE7\x27\x02\x03\x01\x00\x01\xA3\x81\xE3\x30\x81\xE0\x30\x1D\x06\x03\x55\x1D\x11\x04\x16\x30\x14\x81\x12\x65\x63\x5F\x61\x63\x63\x40\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA0\xC3\x8B\x44\xAA\x37\xA5\x45\xBF\x97\x80\x5A\xD1\xF1\x78\xA2\x9B\xE9\x5D\x8D\x30\x7F\x06\x03\x55\x1D\x20\x04\x78\x30\x76\x30\x74\x06\x0B\x2B\x06\x01\x04\x01\xF5\x78\x01\x03\x01\x0A\x30\x65\x30\x2C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x30\x35\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x29\x1A\x27\x56\x65\x67\x65\x75\x20\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x74\x63\x65\x72\x74\x2E\x6E\x65\x74\x2F\x76\x65\x72\x61\x72\x72\x65\x6C\x20\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA0\x48\x5B\x82\x01\xF6\x4D\x48\xB8\x39\x55\x35\x9C\x80\x7A\x53\x99\xD5\x5A\xFF\xB1\x71\x3B\xCC\x39\x09\x94\x5E\xD6\xDA\xEF\xBE\x01\x5B\x5D\xD3\x1E\xD8\xFD\x7D\x4F\xCD\xA0\x41\xE0\x34\x93\xBF\xCB\xE2\x86\x9C\x37\x92\x90\x56\x1C\xDC\xEB\x29\x05\xE5\xC4\x9E\xC7\x35\xDF\x8A\x0C\xCD\xC5\x21\x43\xE9\xAA\x88\xE5\x35\xC0\x19\x42\x63\x5A\x02\x5E\xA4\x48\x18\x3A\x85\x6F\xDC\x9D\xBC\x3F\x9D\x9C\xC1\x87\xB8\x7A\x61\x08\xE9\x77\x0B\x7F\x70\xAB\x7A\xDD\xD9\x97\x2C\x64\x1E\x85\xBF\xBC\x74\x96\xA1\xC3\x7A\x12\xEC\x0C\x1A\x6E\x83\x0C\x3C\xE8\x72\x46\x9F\xFB\x48\xD5\x5E\x97\xE6\xB1\xA1\xF8\xE4\xEF\x46\x25\x94\x9C\x89\xDB\x69\x38\xBE\xEC\x5C\x0E\x56\xC7\x65\x51\xE5\x50\x88\x88\xBF\x42\xD5\x2B\x3D\xE5\xF9\xBA\x9E\x2E\xB3\xCA\xF4\x73\x92\x02\x0B\xBE\x4C\x66\xEB\x20\xFE\xB9\xCB\xB5\x99\x7F\xE6\xB6\x13\xFA\xCA\x4B\x4D\xD9\xEE\x53\x46\x06\x3B\xC6\x4E\xAD\x93\x5A\x81\x7E\x6C\x2A\x4B\x6A\x05\x45\x8C\xF2\x21\xA4\x31\x90\x87\x6C\x65\x9C\x9D\xA5\x60\x95\x3A\x52\x7F\xF5\xD1\xAB\x08\x6E\xF3\xEE\x5B\xF9\x88\x3D\x7E\xB8\x6F\x6E\x03\xE4\x42", + ["CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR"] = "\x30\x82\x04\x31\x30\x82\x03\x19\xA0\x03\x02\x01\x02\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x95\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52\x31\x44\x30\x42\x06\x03\x55\x04\x0A\x13\x3B\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x2E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x40\x30\x3E\x06\x03\x55\x04\x03\x13\x37\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x52\x6F\x6F\x74\x43\x41\x20\x32\x30\x31\x31\x30\x1E\x17\x0D\x31\x31\x31\x32\x30\x36\x31\x33\x34\x39\x35\x32\x5A\x17\x0D\x33\x31\x31\x32\x30\x31\x31\x33\x34\x39\x35\x32\x5A\x30\x81\x95\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52\x31\x44\x30\x42\x06\x03\x55\x04\x0A\x13\x3B\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x43\x65\x72\x74\x2E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x40\x30\x3E\x06\x03\x55\x04\x03\x13\x37\x48\x65\x6C\x6C\x65\x6E\x69\x63\x20\x41\x63\x61\x64\x65\x6D\x69\x63\x20\x61\x6E\x64\x20\x52\x65\x73\x65\x61\x72\x63\x68\x20\x49\x6E\x73\x74\x69\x74\x75\x74\x69\x6F\x6E\x73\x20\x52\x6F\x6F\x74\x43\x41\x20\x32\x30\x31\x31\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA9\x53\x00\xE3\x2E\xA6\xF6\x8E\xFA\x60\xD8\x2D\x95\x3E\xF8\x2C\x2A\x54\x4E\xCD\xB9\x84\x61\x94\x58\x4F\x8F\x3D\x8B\xE4\x43\xF3\x75\x89\x8D\x51\xE4\xC3\x37\xD2\x8A\x88\x4D\x79\x1E\xB7\x12\xDD\x43\x78\x4A\x8A\x92\xE6\xD7\x48\xD5\x0F\xA4\x3A\x29\x44\x35\xB8\x07\xF6\x68\x1D\x55\xCD\x38\x51\xF0\x8C\x24\x31\x85\xAF\x83\xC9\x7D\xE9\x77\xAF\xED\x1A\x7B\x9D\x17\xF9\xB3\x9D\x38\x50\x0F\xA6\x5A\x79\x91\x80\xAF\x37\xAE\xA6\xD3\x31\xFB\xB5\x26\x09\x9D\x3C\x5A\xEF\x51\xC5\x2B\xDF\x96\x5D\xEB\x32\x1E\x02\xDA\x70\x49\xEC\x6E\x0C\xC8\x9A\x37\x8D\xF7\xF1\x36\x60\x4B\x26\x2C\x82\x9E\xD0\x78\xF3\x0D\x0F\x63\xA4\x51\x30\xE1\xF9\x2B\x27\x12\x07\xD8\xEA\xBD\x18\x62\x98\xB0\x59\x37\x7D\xBE\xEE\xF3\x20\x51\x42\x5A\x83\xEF\x93\xBA\x69\x15\xF1\x62\x9D\x9F\x99\x39\x82\xA1\xB7\x74\x2E\x8B\xD4\xC5\x0B\x7B\x2F\xF0\xC8\x0A\xDA\x3D\x79\x0A\x9A\x93\x1C\xA5\x28\x72\x73\x91\x43\x9A\xA7\xD1\x4D\x85\x84\xB9\xA9\x74\x8F\x14\x40\xC7\xDC\xDE\xAC\x41\x64\x6C\xB4\x19\x9B\x02\x63\x6D\x24\x64\x8F\x44\xB2\x25\xEA\xCE\x5D\x74\x0C\x63\x32\x5C\x8D\x87\xE5\x02\x03\x01\x00\x01\xA3\x81\x89\x30\x81\x86\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xA6\x91\x42\xFD\x13\x61\x4A\x23\x9E\x08\xA4\x29\xE5\xD8\x13\x04\x23\xEE\x41\x25\x30\x47\x06\x03\x55\x1D\x1E\x04\x40\x30\x3E\xA0\x3C\x30\x05\x82\x03\x2E\x67\x72\x30\x05\x82\x03\x2E\x65\x75\x30\x06\x82\x04\x2E\x65\x64\x75\x30\x06\x82\x04\x2E\x6F\x72\x67\x30\x05\x81\x03\x2E\x67\x72\x30\x05\x81\x03\x2E\x65\x75\x30\x06\x81\x04\x2E\x65\x64\x75\x30\x06\x81\x04\x2E\x6F\x72\x67\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1F\xEF\x79\x41\xE1\x7B\x6E\x3F\xB2\x8C\x86\x37\x42\x4A\x4E\x1C\x37\x1E\x8D\x66\xBA\x24\x81\xC9\x4F\x12\x0F\x21\xC0\x03\x97\x86\x25\x6D\x5D\xD3\x22\x29\xA8\x6C\xA2\x0D\xA9\xEB\x3D\x06\x5B\x99\x3A\xC7\xCC\xC3\x9A\x34\x7F\xAB\x0E\xC8\x4E\x1C\xE1\xFA\xE4\xDC\xCD\x0D\xBE\xBF\x24\xFE\x6C\xE7\x6B\xC2\x0D\xC8\x06\x9E\x4E\x8D\x61\x28\xA6\x6A\xFD\xE5\xF6\x62\xEA\x18\x3C\x4E\xA0\x53\x9D\xB2\x3A\x9C\xEB\xA5\x9C\x91\x16\xB6\x4D\x82\xE0\x0C\x05\x48\xA9\x6C\xF5\xCC\xF8\xCB\x9D\x49\xB4\xF0\x02\xA5\xFD\x70\x03\xED\x8A\x21\xA5\xAE\x13\x86\x49\xC3\x33\x73\xBE\x87\x3B\x74\x8B\x17\x45\x26\x4C\x16\x91\x83\xFE\x67\x7D\xCD\x4D\x63\x67\xFA\xF3\x03\x12\x96\x78\x06\x8D\xB1\x67\xED\x8E\x3F\xBE\x9F\x4F\x02\xF5\xB3\x09\x2F\xF3\x4C\x87\xDF\x2A\xCB\x95\x7C\x01\xCC\xAC\x36\x7A\xBF\xA2\x73\x7A\xF7\x8F\xC1\xB5\x9A\xA1\x14\xB2\x8F\x33\x9F\x0D\xEF\x22\xDC\x66\x7B\x84\xBD\x45\x17\x06\x3D\x3C\xCA\xB9\x77\x34\x8F\xCA\xEA\xCF\x3F\x31\x3E\xE3\x88\xE3\x80\x49\x25\xC8\x97\xB5\x9D\x9A\x99\x4D\xB0\x3C\xF8\x4A\x00\x9B\x64\xDD\x9F\x39\x4B\xD1\x27\xD7\xB8", + ["CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT"] = "\x30\x82\x05\xBB\x30\x82\x03\xA3\xA0\x03\x02\x01\x02\x02\x08\x57\x0A\x11\x97\x42\xC4\xE3\xCC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x0C\x05\x4D\x69\x6C\x61\x6E\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x41\x63\x74\x61\x6C\x69\x73\x20\x53\x2E\x70\x2E\x41\x2E\x2F\x30\x33\x33\x35\x38\x35\x32\x30\x39\x36\x37\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x41\x63\x74\x61\x6C\x69\x73\x20\x41\x75\x74\x68\x65\x6E\x74\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x31\x30\x39\x32\x32\x31\x31\x32\x32\x30\x32\x5A\x17\x0D\x33\x30\x30\x39\x32\x32\x31\x31\x32\x32\x30\x32\x5A\x30\x6B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x0C\x05\x4D\x69\x6C\x61\x6E\x31\x23\x30\x21\x06\x03\x55\x04\x0A\x0C\x1A\x41\x63\x74\x61\x6C\x69\x73\x20\x53\x2E\x70\x2E\x41\x2E\x2F\x30\x33\x33\x35\x38\x35\x32\x30\x39\x36\x37\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x41\x63\x74\x61\x6C\x69\x73\x20\x41\x75\x74\x68\x65\x6E\x74\x69\x63\x61\x74\x69\x6F\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA7\xC6\xC4\xA5\x29\xA4\x2C\xEF\xE5\x18\xC5\xB0\x50\xA3\x6F\x51\x3B\x9F\x0A\x5A\xC9\xC2\x48\x38\x0A\xC2\x1C\xA0\x18\x7F\x91\xB5\x87\xB9\x40\x3F\xDD\x1D\x68\x1F\x08\x83\xD5\x2D\x1E\x88\xA0\xF8\x8F\x56\x8F\x6D\x99\x02\x92\x90\x16\xD5\x5F\x08\x6C\x89\xD7\xE1\xAC\xBC\x20\xC2\xB1\xE0\x83\x51\x8A\x69\x4D\x00\x96\x5A\x6F\x2F\xC0\x44\x7E\xA3\x0E\xE4\x91\xCD\x58\xEE\xDC\xFB\xC7\x1E\x45\x47\xDD\x27\xB9\x08\x01\x9F\xA6\x21\x1D\xF5\x41\x2D\x2F\x4C\xFD\x28\xAD\xE0\x8A\xAD\x22\xB4\x56\x65\x8E\x86\x54\x8F\x93\x43\x29\xDE\x39\x46\x78\xA3\x30\x23\xBA\xCD\xF0\x7D\x13\x57\xC0\x5D\xD2\x83\x6B\x48\x4C\xC4\xAB\x9F\x80\x5A\x5B\x3A\xBD\xC9\xA7\x22\x3F\x80\x27\x33\x5B\x0E\xB7\x8A\x0C\x5D\x07\x37\x08\xCB\x6C\xD2\x7A\x47\x22\x44\x35\xC5\xCC\xCC\x2E\x8E\xDD\x2A\xED\xB7\x7D\x66\x0D\x5F\x61\x51\x22\x55\x1B\xE3\x46\xE3\xE3\x3D\xD0\x35\x62\x9A\xDB\xAF\x14\xC8\x5B\xA1\xCC\x89\x1B\xE1\x30\x26\xFC\xA0\x9B\x1F\x81\xA7\x47\x1F\x04\xEB\xA3\x39\x92\x06\x9F\x99\xD3\xBF\xD3\xEA\x4F\x50\x9C\x19\xFE\x96\x87\x1E\x3C\x65\xF6\xA3\x18\x24\x83\x86\x10\xE7\x54\x3E\xA8\x3A\x76\x24\x4F\x81\x21\xC5\xE3\x0F\x02\xF8\x93\x94\x47\x20\xBB\xFE\xD4\x0E\xD3\x68\xB9\xDD\xC4\x7A\x84\x82\xE3\x53\x54\x79\xDD\xDB\x9C\xD2\xF2\x07\x9B\x2E\xB6\xBC\x3E\xED\x85\x6D\xEF\x25\x11\xF2\x97\x1A\x42\x61\xF7\x4A\x97\xE8\x8B\xB1\x10\x07\xFA\x65\x81\xB2\xA2\x39\xCF\xF7\x3C\xFF\x18\xFB\xC6\xF1\x5A\x8B\x59\xE2\x02\xAC\x7B\x92\xD0\x4E\x14\x4F\x59\x45\xF6\x0C\x5E\x28\x5F\xB0\xE8\x3F\x45\xCF\xCF\xAF\x9B\x6F\xFB\x84\xD3\x77\x5A\x95\x6F\xAC\x94\x84\x9E\xEE\xBC\xC0\x4A\x8F\x4A\x93\xF8\x44\x21\xE2\x31\x45\x61\x50\x4E\x10\xD8\xE3\x35\x7C\x4C\x19\xB4\xDE\x05\xBF\xA3\x06\x9F\xC8\xB5\xCD\xE4\x1F\xD7\x17\x06\x0D\x7A\x95\x74\x55\x0D\x68\x1A\xFC\x10\x1B\x62\x64\x9D\x6D\xE0\x95\xA0\xC3\x94\x07\x57\x0D\x14\xE6\xBD\x05\xFB\xB8\x9F\xE6\xDF\x8B\xE2\xC6\xE7\x7E\x96\xF6\x53\xC5\x80\x34\x50\x28\x58\xF0\x12\x50\x71\x17\x30\xBA\xE6\x78\x63\xBC\xF4\xB2\xAD\x9B\x2B\xB2\xFE\xE1\x39\x8C\x5E\xBA\x0B\x20\x94\xDE\x7B\x83\xB8\xFF\xE3\x56\x8D\xB7\x11\xE9\x3B\x8C\xF2\xB1\xC1\x5D\x9D\xA4\x0B\x4C\x2B\xD9\xB2\x18\xF5\xB5\x9F\x4B\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x52\xD8\x88\x3A\xC8\x9F\x78\x66\xED\x89\xF3\x7B\x38\x70\x94\xC9\x02\x02\x36\xD0\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x52\xD8\x88\x3A\xC8\x9F\x78\x66\xED\x89\xF3\x7B\x38\x70\x94\xC9\x02\x02\x36\xD0\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x0B\x7B\x72\x87\xC0\x60\xA6\x49\x4C\x88\x58\xE6\x1D\x88\xF7\x14\x64\x48\xA6\xD8\x58\x0A\x0E\x4F\x13\x35\xDF\x35\x1D\xD4\xED\x06\x31\xC8\x81\x3E\x6A\xD5\xDD\x3B\x1A\x32\xEE\x90\x3D\x11\xD2\x2E\xF4\x8E\xC3\x63\x2E\x23\x66\xB0\x67\xBE\x6F\xB6\xC0\x13\x39\x60\xAA\xA2\x34\x25\x93\x75\x52\xDE\xA7\x9D\xAD\x0E\x87\x89\x52\x71\x6A\x16\x3C\x19\x1D\x83\xF8\x9A\x29\x65\xBE\xF4\x3F\x9A\xD9\xF0\xF3\x5A\x87\x21\x71\x80\x4D\xCB\xE0\x38\x9B\x3F\xBB\xFA\xE0\x30\x4D\xCF\x86\xD3\x65\x10\x19\x18\xD1\x97\x02\xB1\x2B\x72\x42\x68\xAC\xA0\xBD\x4E\x5A\xDA\x18\xBF\x6B\x98\x81\xD0\xFD\x9A\xBE\x5E\x15\x48\xCD\x11\x15\xB9\xC0\x29\x5C\xB4\xE8\x88\xF7\x3E\x36\xAE\xB7\x62\xFD\x1E\x62\xDE\x70\x78\x10\x1C\x48\x5B\xDA\xBC\xA4\x38\xBA\x67\xED\x55\x3E\x5E\x57\xDF\xD4\x03\x40\x4C\x81\xA4\xD2\x4F\x63\xA7\x09\x42\x09\x14\xFC\x00\xA9\xC2\x80\x73\x4F\x2E\xC0\x40\xD9\x11\x7B\x48\xEA\x7A\x02\xC0\xD3\xEB\x28\x01\x26\x58\x74\xC1\xC0\x73\x22\x6D\x93\x95\xFD\x39\x7D\xBB\x2A\xE3\xF6\x82\xE3\x2C\x97\x5F\x4E\x1F\x91\x94\xFA\xFE\x2C\xA3\xD8\x76\x1A\xB8\x4D\xB2\x38\x4F\x9B\xFA\x1D\x48\x60\x79\x26\xE2\xF3\xFD\xA9\xD0\x9A\xE8\x70\x8F\x49\x7A\xD6\xE5\xBD\x0A\x0E\xDB\x2D\xF3\x8D\xBF\xEB\xE3\xA4\x7D\xCB\xC7\x95\x71\xE8\xDA\xA3\x7C\xC5\xC2\xF8\x74\x92\x04\x1B\x86\xAC\xA4\x22\x53\x40\xB6\xAC\xFE\x4C\x76\xCF\xFB\x94\x32\xC0\x35\x9F\x76\x3F\x6E\xE5\x90\x6E\xA0\xA6\x26\xA2\xB8\x2C\xBE\xD1\x2B\x85\xFD\xA7\x68\xC8\xBA\x01\x2B\xB1\x6C\x74\x1D\xB8\x73\x95\xE7\xEE\xB7\xC7\x25\xF0\x00\x4C\x00\xB2\x7E\xB6\x0B\x8B\x1C\xF3\xC0\x50\x9E\x25\xB9\xE0\x08\xDE\x36\x66\xFF\x37\xA5\xD1\xBB\x54\x64\x2C\xC9\x27\xB5\x4B\x92\x7E\x65\xFF\xD3\x2D\xE1\xB9\x4E\xBC\x7F\xA4\x41\x21\x90\x41\x77\xA6\x39\x1F\xEA\x9E\xE3\x9F\xD0\x66\x6F\x05\xEC\xAA\x76\x7E\xBF\x6B\x16\xA0\xEB\xB5\xC7\xFC\x92\x54\x2F\x2B\x11\x27\x25\x37\x78\x4C\x51\x6A\xB0\xF3\xCC\x58\x5D\x14\xF1\x6A\x48\x15\xFF\xC2\x07\xB6\xB1\x8D\x0F\x8E\x5C\x50\x46\xB3\x3D\xBF\x01\x98\x4F\xB2\x59\x54\x47\x3E\x34\x7B\x78\x6D\x56\x93\x2E\x73\xEA\x66\x28\x78\xCD\x1D\x14\xBF\xA0\x8F\x2F\x2E\xB8\x2E\x8E\xF2\x14\x8A\xCC\xE9\xB5\x7C\xFB\x6C\x9D\x0C\xA5\xE1\x96", + ["OU=Trustis FPS Root CA,O=Trustis Limited,C=GB"] = "\x30\x82\x03\x67\x30\x82\x02\x4F\xA0\x03\x02\x01\x02\x02\x10\x1B\x1F\xAD\xB6\x20\xF9\x24\xD3\x36\x6B\xF7\xC7\xF1\x8C\xA0\x59\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x54\x72\x75\x73\x74\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x13\x13\x54\x72\x75\x73\x74\x69\x73\x20\x46\x50\x53\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x33\x31\x32\x32\x33\x31\x32\x31\x34\x30\x36\x5A\x17\x0D\x32\x34\x30\x31\x32\x31\x31\x31\x33\x36\x35\x34\x5A\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x54\x72\x75\x73\x74\x69\x73\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x1C\x30\x1A\x06\x03\x55\x04\x0B\x13\x13\x54\x72\x75\x73\x74\x69\x73\x20\x46\x50\x53\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC5\x50\x7B\x9E\x3B\x35\xD0\xDF\xC4\x8C\xCD\x8E\x9B\xED\xA3\xC0\x36\x99\xF4\x42\xEA\xA7\x3E\x80\x83\x0F\xA6\xA7\x59\x87\xC9\x90\x45\x43\x7E\x00\xEA\x86\x79\x2A\x03\xBD\x3D\x37\x99\x89\x66\xB7\xE5\x8A\x56\x86\x93\x9C\x68\x4B\x68\x04\x8C\x93\x93\x02\x3E\x30\xD2\x37\x3A\x22\x61\x89\x1C\x85\x4E\x7D\x8F\xD5\xAF\x7B\x35\xF6\x7E\x28\x47\x89\x31\xDC\x0E\x79\x64\x1F\x99\xD2\x5B\xBA\xFE\x7F\x60\xBF\xAD\xEB\xE7\x3C\x38\x29\x6A\x2F\xE5\x91\x0B\x55\xFF\xEC\x6F\x58\xD5\x2D\xC9\xDE\x4C\x66\x71\x8F\x0C\xD7\x04\xDA\x07\xE6\x1E\x18\xE3\xBD\x29\x02\xA8\xFA\x1C\xE1\x5B\xB9\x83\xA8\x41\x48\xBC\x1A\x71\x8D\xE7\x62\xE5\x2D\xB2\xEB\xDF\x7C\xCF\xDB\xAB\x5A\xCA\x31\xF1\x4C\x22\xF3\x05\x13\xF7\x82\xF9\x73\x79\x0C\xBE\xD7\x4B\x1C\xC0\xD1\x15\x3C\x93\x41\x64\xD1\xE6\xBE\x23\x17\x22\x00\x89\x5E\x1F\x6B\xA5\xAC\x6E\xA7\x4B\x8C\xED\xA3\x72\xE6\xAF\x63\x4D\x2F\x85\xD2\x14\x35\x9A\x2E\x4E\x8C\xEA\x32\x98\x28\x86\xA1\x91\x09\x41\x3A\xB4\xE1\xE3\xF2\xFA\xF0\xC9\x0A\xA2\x41\xDD\xA9\xE3\x03\xC7\x88\x15\x3B\x1C\xD4\x1A\x94\xD7\x9F\x64\x59\x12\x6D\x02\x03\x01\x00\x01\xA3\x53\x30\x51\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xBA\xFA\x71\x25\x79\x8B\x57\x41\x25\x21\x86\x0B\x71\xEB\xB2\x64\x0E\x8B\x21\x67\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBA\xFA\x71\x25\x79\x8B\x57\x41\x25\x21\x86\x0B\x71\xEB\xB2\x64\x0E\x8B\x21\x67\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7E\x58\xFF\xFD\x35\x19\x7D\x9C\x18\x4F\x9E\xB0\x2B\xBC\x8E\x8C\x14\xFF\x2C\xA0\xDA\x47\x5B\xC3\xEF\x81\x2D\xAF\x05\xEA\x74\x48\x5B\xF3\x3E\x4E\x07\xC7\x6D\xC5\xB3\x93\xCF\x22\x35\x5C\xB6\x3F\x75\x27\x5F\x09\x96\xCD\xA0\xFE\xBE\x40\x0C\x5C\x12\x55\xF8\x93\x82\xCA\x29\xE9\x5E\x3F\x56\x57\x8B\x38\x36\xF7\x45\x1A\x4C\x28\xCD\x9E\x41\xB8\xED\x56\x4C\x84\xA4\x40\xC8\xB8\xB0\xA5\x2B\x69\x70\x04\x6A\xC3\xF8\xD4\x12\x32\xF9\x0E\xC3\xB1\xDC\x32\x84\x44\x2C\x6F\xCB\x46\x0F\xEA\x66\x41\x0F\x4F\xF1\x58\xA5\xA6\x0D\x0D\x0F\x61\xDE\xA5\x9E\x5D\x7D\x65\xA1\x3C\x17\xE7\xA8\x55\x4E\xEF\xA0\xC7\xED\xC6\x44\x7F\x54\xF5\xA3\xE0\x8F\xF0\x7C\x55\x22\x8F\x29\xB6\x81\xA3\xE1\x6D\x4E\x2C\x1B\x80\x67\xEC\xAD\x20\x9F\x0C\x62\x61\xD5\x97\xFF\x43\xED\x2D\xC1\xDA\x5D\x29\x2A\x85\x3F\xAC\x65\xEE\x86\x0F\x05\x8D\x90\x5F\xDF\xEE\x9F\xF4\xBF\xEE\x1D\xFB\x98\xE4\x7F\x90\x2B\x84\x78\x10\x0E\x6C\x49\x53\xEF\x15\x5B\x65\x46\x4A\x5D\xAF\xBA\xFB\x3A\x72\x1D\xCD\xF6\x25\x88\x1E\x97\xCC\x21\x9C\x29\x01\x0D\x65\xEB\x57\xD9\xF3\x57\x96\xBB\x48\xCD\x81", + ["CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL"] = "\x30\x82\x05\x63\x30\x82\x03\x4B\xA0\x03\x02\x01\x02\x02\x01\x3B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x1E\x17\x0D\x31\x30\x30\x31\x30\x31\x30\x31\x30\x30\x30\x31\x5A\x17\x0D\x33\x39\x31\x32\x33\x31\x32\x33\x35\x39\x30\x31\x5A\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB6\x89\x36\x5B\x07\xB7\x20\x36\xBD\x82\xBB\xE1\x16\x20\x03\x95\x7A\xAF\x0E\xA3\x55\xC9\x25\x99\x4A\xC5\xD0\x56\x41\x87\x90\x4D\x21\x60\xA4\x14\x87\x3B\xCD\xFD\xB2\x3E\xB4\x67\x03\x6A\xED\xE1\x0F\x4B\xC0\x91\x85\x70\x45\xE0\x42\x9E\xDE\x29\x23\xD4\x01\x0D\xA0\x10\x79\xB8\xDB\x03\xBD\xF3\xA9\x2F\xD1\xC6\xE0\x0F\xCB\x9E\x8A\x14\x0A\xB8\xBD\xF6\x56\x62\xF1\xC5\x72\xB6\x32\x25\xD9\xB2\xF3\xBD\x65\xC5\x0D\x2C\x6E\xD5\x92\x6F\x18\x8B\x00\x41\x14\x82\x6F\x40\x20\x26\x7A\x28\x0F\xF5\x1E\x7F\x27\xF7\x94\xB1\x37\x3D\xB7\xC7\x91\xF7\xE2\x01\xEC\xFD\x94\x89\xE1\xCC\x6E\xD3\x36\xD6\x0A\x19\x79\xAE\xD7\x34\x82\x65\xFF\x7C\x42\xBB\xB6\xDD\x0B\xA6\x34\xAF\x4B\x60\xFE\x7F\x43\x49\x06\x8B\x8C\x43\xB8\x56\xF2\xD9\x7F\x21\x43\x17\xEA\xA7\x48\x95\x01\x75\x75\xEA\x2B\xA5\x43\x95\xEA\x15\x84\x9D\x08\x8D\x26\x6E\x55\x9B\xAB\xDC\xD2\x39\xD2\x31\x1D\x60\xE2\xAC\xCC\x56\x45\x24\xF5\x1C\x54\xAB\xEE\x86\xDD\x96\x32\x85\xF8\x4C\x4F\xE8\x95\x76\xB6\x05\xDD\x36\x23\x67\xBC\xFF\x15\xE2\xCA\x3B\xE6\xA6\xEC\x3B\xEC\x26\x11\x34\x48\x8D\xF6\x80\x2B\x1A\x23\x02\xEB\x8A\x1C\x3A\x76\x2A\x7B\x56\x16\x1C\x72\x2A\xB3\xAA\xE3\x60\xA5\x00\x9F\x04\x9B\xE2\x6F\x1E\x14\x58\x5B\xA5\x6C\x8B\x58\x3C\xC3\xBA\x4E\x3A\x5C\xF7\xE1\x96\x2B\x3E\xEF\x07\xBC\xA4\xE5\x5D\xCC\x4D\x9F\x0D\xE1\xDC\xAA\xBB\xE1\x6E\x1A\xEC\x8F\xE1\xB6\x4C\x4D\x79\x72\x5D\x17\x35\x0B\x1D\xD7\xC1\x47\xDA\x96\x24\xE0\xD0\x72\xA8\x5A\x5F\x66\x2D\x10\xDC\x2F\x2A\x13\xAE\x26\xFE\x0A\x1C\x19\xCC\xD0\x3E\x0B\x9C\xC8\x09\x2E\xF9\x5B\x96\x7A\x47\x9C\xE9\x7A\xF3\x05\x50\x74\x95\x73\x9E\x30\x09\xF3\x97\x82\x5E\xE6\x8F\x39\x08\x1E\x59\xE5\x35\x14\x42\x13\xFF\x00\x9C\xF7\xBE\xAA\x50\xCF\xE2\x51\x48\xD7\xB8\x6F\xAF\xF8\x4E\x7E\x33\x98\x92\x14\x62\x3A\x75\x63\xCF\x7B\xFA\xDE\x82\x3B\xA9\xBB\x39\xE2\xC4\xBD\x2C\x00\x0E\xC8\x17\xAC\x13\xEF\x4D\x25\x8E\xD8\xB3\x90\x2F\xA9\xDA\x29\x7D\x1D\xAF\x74\x3A\xB2\x27\xC0\xC1\x1E\x3E\x75\xA3\x16\xA9\xAF\x7A\x22\x5D\x9F\x13\x1A\xCF\xA7\xA0\xEB\xE3\x86\x0A\xD3\xFD\xE6\x96\x95\xD7\x23\xC8\x37\xDD\xC4\x7C\xAA\x36\xAC\x98\x1A\x12\xB1\xE0\x4E\xE8\xB1\x3B\xF5\xD6\x6F\xF1\x30\xD7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4B\xC5\xB4\x40\x6B\xAD\x1C\xB3\xA5\x1C\x65\x6E\x46\x36\x89\x87\x05\x0C\x0E\xB6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x73\x57\x3F\x2C\xD5\x95\x32\x7E\x37\xDB\x96\x92\xEB\x19\x5E\x7E\x53\xE7\x41\xEC\x11\xB6\x47\xEF\xB5\xDE\xED\x74\x5C\xC5\xF1\x8E\x49\xE0\xFC\x6E\x99\x13\xCD\x9F\x8A\xDA\xCD\x3A\x0A\xD8\x3A\x5A\x09\x3F\x5F\x34\xD0\x2F\x03\xD2\x66\x1D\x1A\xBD\x9C\x90\x37\xC8\x0C\x8E\x07\x5A\x94\x45\x46\x2A\xE6\xBE\x7A\xDA\xA1\xA9\xA4\x69\x12\x92\xB0\x7D\x36\xD4\x44\x87\xD7\x51\xF1\x29\x63\xD6\x75\xCD\x16\xE4\x27\x89\x1D\xF8\xC2\x32\x48\xFD\xDB\x99\xD0\x8F\x5F\x54\x74\xCC\xAC\x67\x34\x11\x62\xD9\x0C\x0A\x37\x87\xD1\xA3\x17\x48\x8E\xD2\x17\x1D\xF6\xD7\xFD\xDB\x65\xEB\xFD\xA8\xD4\xF5\xD6\x4F\xA4\x5B\x75\xE8\xC5\xD2\x60\xB2\xDB\x09\x7E\x25\x8B\x7B\xBA\x52\x92\x9E\x3E\xE8\xC5\x77\xA1\x3C\xE0\x4A\x73\x6B\x61\xCF\x86\xDC\x43\xFF\xFF\x21\xFE\x23\x5D\x24\x4A\xF5\xD3\x6D\x0F\x62\x04\x05\x57\x82\xDA\x6E\xA4\x33\x25\x79\x4B\x2E\x54\x19\x8B\xCC\x2C\x3D\x30\xE9\xD1\x06\xFF\xE8\x32\x46\xBE\xB5\x33\x76\x77\xA8\x01\x5D\x96\xC1\xC1\xD5\xBE\xAE\x25\xC0\xC9\x1E\x0A\x09\x20\x88\xA1\x0E\xC9\xF3\x6F\x4D\x82\x54\x00\x20\xA7\xD2\x8F\xE4\x39\x54\x17\x2E\x8D\x1E\xB8\x1B\xBB\x1B\xBD\x9A\x4E\x3B\x10\x34\xDC\x9C\x88\x53\xEF\xA2\x31\x5B\x58\x4F\x91\x62\xC8\xC2\x9A\x9A\xCD\x15\x5D\x38\xA9\xD6\xBE\xF8\x13\xB5\x9F\x12\x69\xF2\x50\x62\xAC\xFB\x17\x37\xF4\xEE\xB8\x75\x67\x60\x10\xFB\x83\x50\xF9\x44\xB5\x75\x9C\x40\x17\xB2\xFE\xFD\x79\x5D\x6E\x58\x58\x5F\x30\xFC\x00\xAE\xAF\x33\xC1\x0E\x4E\x6C\xBA\xA7\xA6\xA1\x7F\x32\xDB\x38\xE0\xB1\x72\x17\x0A\x2B\x91\xEC\x6A\x63\x26\xED\x89\xD4\x78\xCC\x74\x1E\x05\xF8\x6B\xFE\x8C\x6A\x76\x39\x29\xAE\x65\x23\x12\x95\x08\x22\x1C\x97\xCE\x5B\x06\xEE\x0C\xE2\xBB\xBC\x1F\x44\x93\xF6\xD8\x38\x45\x05\x21\xED\xE4\xAD\xAB\x12\xB6\x03\xA4\x42\x2E\x2D\xC4\x09\x3A\x03\x67\x69\x84\x9A\xE1\x59\x90\x8A\x28\x85\xD5\x5D\x74\xB1\xD1\x0E\x20\x58\x9B\x13\xA5\xB0\x63\xA6\xED\x7B\x47\xFD\x45\x55\x30\xA4\xEE\x9A\xD4\xE6\xE2\x87\xEF\x98\xC9\x32\x82\x11\x29\x22\xBC\x00\x0A\x31\x5E\x2D\x0F\xC0\x8E\xE9\x6B\xB2\x8F\x2E\x06\xD8\xD1\x91\xC7\xC6\x12\xF4\x4C\xFD\x30\x17\xC3\xC1\xDA\x38\x5B\xE3\xA9\xEA\xE6\xA1\xBA\x79\xEF\x73\xD8\xB6\x53\x57\x2D\xF6\xD0\xE1\xD7\x48", + ["CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD7\xC7\x5E\xF7\xC1\x07\xD4\x77\xFB\x43\x21\xF4\xF4\xF5\x69\xE4\xEE\x32\x01\xDB\xA3\x86\x1F\xE4\x59\x0D\xBA\xE7\x75\x83\x52\xEB\xEA\x1C\x61\x15\x48\xBB\x1D\x07\xCA\x8C\xAE\xB0\xDC\x96\x9D\xEA\xC3\x60\x92\x86\x82\x28\x73\x9C\x56\x06\xFF\x4B\x64\xF0\x0C\x2A\x37\x49\xB5\xE5\xCF\x0C\x7C\xEE\xF1\x4A\xBB\x73\x30\x65\xF3\xD5\x2F\x83\xB6\x7E\xE3\xE7\xF5\x9E\xAB\x60\xF9\xD3\xF1\x9D\x92\x74\x8A\xE4\x1C\x96\xAC\x5B\x80\xE9\xB5\xF4\x31\x87\xA3\x51\xFC\xC7\x7E\xA1\x6F\x8E\x53\x77\xD4\x97\xC1\x55\x33\x92\x3E\x18\x2F\x75\xD4\xAD\x86\x49\xCB\x95\xAF\x54\x06\x6C\xD8\x06\x13\x8D\x5B\xFF\xE1\x26\x19\x59\xC0\x24\xBA\x81\x71\x79\x90\x44\x50\x68\x24\x94\x5F\xB8\xB3\x11\xF1\x29\x41\x61\xA3\x41\xCB\x23\x36\xD5\xC1\xF1\x32\x50\x10\x4E\x7F\xF4\x86\x93\xEC\x84\xD3\x8E\xBC\x4B\xBF\x5C\x01\x4E\x07\x3D\xDC\x14\x8A\x94\x0A\xA4\xEA\x73\xFB\x0B\x51\xE8\x13\x07\x18\xFA\x0E\xF1\x2B\xD1\x54\x15\x7D\x3C\xE1\xF7\xB4\x19\x42\x67\x62\x5E\x77\xE0\xA2\x55\xEC\xB6\xD9\x69\x17\xD5\x3A\xAF\x44\xED\x4A\xC5\x9E\xE4\x7A\x27\x7C\xE5\x75\xD7\xAA\xCB\x25\xE7\xDF\x6B\x0A\xDB\x0F\x4D\x93\x4E\xA8\xA0\xCD\x7B\x2E\xF2\x59\x01\x6A\xB7\x0D\xB8\x07\x81\x7E\x8B\x38\x1B\x38\xE6\x0A\x57\x99\x3D\xEE\x21\xE8\xA3\xF5\x0C\x16\xDD\x8B\xEC\x34\x8E\x9C\x2A\x1C\x00\x15\x17\x8D\x68\x83\xD2\x70\x9F\x18\x08\xCD\x11\x68\xD5\xC9\x6B\x52\xCD\xC4\x46\x8F\xDC\xB5\xF3\xD8\x57\x73\x1E\xE9\x94\x39\x04\xBF\xD3\xDE\x38\xDE\xB4\x53\xEC\x69\x1C\xA2\x7E\xC4\x8F\xE4\x1B\x70\xAD\xF2\xA2\xF9\xFB\xF7\x16\x64\x66\x69\x9F\x49\x51\xA2\xE2\x15\x18\x67\x06\x4A\x7F\xD5\x6C\xB5\x4D\xB3\x33\xE0\x61\xEB\x5D\xBE\xE9\x98\x0F\x32\xD7\x1D\x4B\x3C\x2E\x5A\x01\x52\x91\x09\xF2\xDF\xEA\x8D\xD8\x06\x40\x63\xAA\x11\xE4\xFE\xC3\x37\x9E\x14\x52\x3F\xF4\xE2\xCC\xF2\x61\x93\xD1\xFD\x67\x6B\xD7\x52\xAE\xBF\x68\xAB\x40\x43\xA0\x57\x35\x53\x78\xF0\x53\xF8\x61\x42\x07\x64\xC6\xD7\x6F\x9B\x4C\x38\x0D\x63\xAC\x62\xAF\x36\x8B\xA2\x73\x0A\x0D\xF5\x21\xBD\x74\xAA\x4D\xEA\x72\x03\x49\xDB\xC7\x5F\x1D\x62\x63\xC7\xFD\xDD\x91\xEC\x33\xEE\xF5\x6D\xB4\x6E\x30\x68\xDE\xC8\xD6\x26\xB0\x75\x5E\x7B\xB4\x07\x20\x98\xA1\x76\x32\xB8\x4D\x6C\x4F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC9\x80\x77\xE0\x62\x92\x82\xF5\x46\x9C\xF3\xBA\xF7\x4C\xC3\xDE\xB8\xA3\xAD\x39\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x53\x5F\x21\xF5\xBA\xB0\x3A\x52\x39\x2C\x92\xB0\x6C\x00\xC9\xEF\xCE\x20\xEF\x06\xF2\x96\x9E\xE9\xA4\x74\x7F\x7A\x16\xFC\xB7\xF5\xB6\xFB\x15\x1B\x3F\xAB\xA6\xC0\x72\x5D\x10\xB1\x71\xEE\xBC\x4F\xE3\xAD\xAC\x03\x6D\x2E\x71\x2E\xAF\xC4\xE3\xAD\xA3\xBD\x0C\x11\xA7\xB4\xFF\x4A\xB2\x7B\x10\x10\x1F\xA7\x57\x41\xB2\xC0\xAE\xF4\x2C\x59\xD6\x47\x10\x88\xF3\x21\x51\x29\x30\xCA\x60\x86\xAF\x46\xAB\x1D\xED\x3A\x5B\xB0\x94\xDE\x44\xE3\x41\x08\xA2\xC1\xEC\x1D\xD6\xFD\x4F\xB6\xD6\x47\xD0\x14\x0B\xCA\xE6\xCA\xB5\x7B\x77\x7E\x41\x1F\x5E\x83\xC7\xB6\x8C\x39\x96\xB0\x3F\x96\x81\x41\x6F\x60\x90\xE2\xE8\xF9\xFB\x22\x71\xD9\x7D\xB3\x3D\x46\xBF\xB4\x84\xAF\x90\x1C\x0F\x8F\x12\x6A\xAF\xEF\xEE\x1E\x7A\xAE\x02\x4A\x8A\x17\x2B\x76\xFE\xAC\x54\x89\x24\x2C\x4F\x3F\xB6\xB2\xA7\x4E\x8C\xA8\x91\x97\xFB\x29\xC6\x7B\x5C\x2D\xB9\xCB\x66\xB6\xB7\xA8\x5B\x12\x51\x85\xB5\x09\x7E\x62\x78\x70\xFE\xA9\x6A\x60\xB6\x1D\x0E\x79\x0C\xFD\xCA\xEA\x24\x80\x72\xC3\x97\x3F\xF2\x77\xAB\x43\x22\x0A\xC7\xEB\xB6\x0C\x84\x82\x2C\x80\x6B\x41\x8A\x08\xC0\xEB\xA5\x6B\xDF\x99\x12\xCB\x8A\xD5\x5E\x80\x0C\x91\xE0\x26\x08\x36\x48\xC5\xFA\x38\x11\x35\xFF\x25\x83\x2D\xF2\x7A\xBF\xDA\xFD\x8E\xFE\xA5\xCB\x45\x2C\x1F\xC4\x88\x53\xAE\x77\x0E\xD9\x9A\x76\xC5\x8E\x2C\x1D\xA3\xBA\xD5\xEC\x32\xAE\xC0\xAA\xAC\xF7\xD1\x7A\x4D\xEB\xD4\x07\xE2\x48\xF7\x22\x8E\xB0\xA4\x9F\x6A\xCE\x8E\xB2\xB2\x60\xF4\xA3\x22\xD0\x23\xEB\x94\x5A\x7A\x69\xDD\x0F\xBF\x40\x57\xAC\x6B\x59\x50\xD9\xA3\x99\xE1\x6E\xFE\x8D\x01\x79\x27\x23\x15\xDE\x92\x9D\x7B\x09\x4D\x5A\xE7\x4B\x48\x30\x5A\x18\xE6\x0A\x6D\xE6\x8F\xE0\xD2\xBB\xE6\xDF\x7C\x6E\x21\x82\xC1\x68\x39\x4D\xB4\x98\x58\x66\x62\xCC\x4A\x90\x5E\xC3\xFA\x27\x04\xB1\x79\x15\x74\x99\xCC\xBE\xAD\x20\xDE\x26\x60\x1C\xEB\x56\x51\xA6\xA3\xEA\xE4\xA3\x3F\xA7\xFF\x61\xDC\xF1\x5A\x4D\x6C\x32\x23\x43\xEE\xAC\xA8\xEE\xEE\x4A\x12\x09\x3C\x5D\x71\xC2\xBE\x79\xFA\xC2\x87\x68\x1D\x0B\xFD\x5C\x69\xCC\x06\xD0\x9A\x7D\x54\x99\x2A\xC9\x39\x1A\x19\xAF\x4B\x2A\x43\xF3\x63\x5D\x5A\x58\xE2\x2F\xE3\x1D\xE4\xA9\xD6\xD0\x0A\xD0\x9E\xBF\xD7\x81\x09\xF1\xC9\xC7\x26\x0D\xAC\x98\x16\x56\xA0", + ["CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA5\xDA\x0A\x95\x16\x50\xE3\x95\xF2\x5E\x9D\x76\x31\x06\x32\x7A\x9B\xF1\x10\x76\xB8\x00\x9A\xB5\x52\x36\xCD\x24\x47\xB0\x9F\x18\x64\xBC\x9A\xF6\xFA\xD5\x79\xD8\x90\x62\x4C\x22\x2F\xDE\x38\x3D\xD6\xE0\xA8\xE9\x1C\x2C\xDB\x78\x11\xE9\x8E\x68\x51\x15\x72\xC7\xF3\x33\x87\xE4\xA0\x5D\x0B\x5C\xE0\x57\x07\x2A\x30\xF5\xCD\xC4\x37\x77\x28\x4D\x18\x91\xE6\xBF\xD5\x52\xFD\x71\x2D\x70\x3E\xE7\xC6\xC4\x8A\xE3\xF0\x28\x0B\xF4\x76\x98\xA1\x8B\x87\x55\xB2\x3A\x13\xFC\xB7\x3E\x27\x37\x8E\x22\xE3\xA8\x4F\x2A\xEF\x60\xBB\x3D\xB7\x39\xC3\x0E\x01\x47\x99\x5D\x12\x4F\xDB\x43\xFA\x57\xA1\xED\xF9\x9D\xBE\x11\x47\x26\x5B\x13\x98\xAB\x5D\x16\x8A\xB0\x37\x1C\x57\x9D\x45\xFF\x88\x96\x36\xBF\xBB\xCA\x07\x7B\x6F\x87\x63\xD7\xD0\x32\x6A\xD6\x5D\x6C\x0C\xF1\xB3\x6E\x39\xE2\x6B\x31\x2E\x39\x00\x27\x14\xDE\x38\xC0\xEC\x19\x66\x86\x12\xE8\x9D\x72\x16\x13\x64\x52\xC7\xA9\x37\x1C\xFD\x82\x30\xED\x84\x18\x1D\xF4\xAE\x5C\xFF\x70\x13\x00\xEB\xB1\xF5\x33\x7A\x4B\xD6\x55\xF8\x05\x8D\x4B\x69\xB0\xF5\xB3\x28\x36\x5C\x14\xC4\x51\x73\x4D\x6B\x0B\xF1\x34\x07\xDB\x17\x39\xD7\xDC\x28\x7B\x6B\xF5\x9F\xF3\x2E\xC1\x4F\x17\x2A\x10\xF3\xCC\xCA\xE8\xEB\xFD\x6B\xAB\x2E\x9A\x9F\x2D\x82\x6E\x04\xD4\x52\x01\x93\x2D\x3D\x86\xFC\x7E\xFC\xDF\xEF\x42\x1D\xA6\x6B\xEF\xB9\x20\xC6\xF7\xBD\xA0\xA7\x95\xFD\xA7\xE6\x89\x24\xD8\xCC\x8C\x34\x6C\xE2\x23\x2F\xD9\x12\x1A\x21\xB9\x55\x91\x6F\x0B\x91\x79\x19\x0C\xAD\x40\x88\x0B\x70\xE2\x7A\xD2\x0E\xD8\x68\x48\xBB\x82\x13\x39\x10\x58\xE9\xD8\x2A\x07\xC6\x12\xDB\x58\xDB\xD2\x3B\x55\x10\x47\x05\x15\x67\x62\x7E\x18\x63\xA6\x46\x3F\x09\x0E\x54\x32\x5E\xBF\x0D\x62\x7A\x27\xEF\x80\xE8\xDB\xD9\x4B\x06\x5A\x37\x5A\x25\xD0\x08\x12\x77\xD4\x6F\x09\x50\x97\x3D\xC8\x1D\xC3\xDF\x8C\x45\x30\x56\xC6\xD3\x64\xAB\x66\xF3\xC0\x5E\x96\x9C\xC3\xC4\xEF\xC3\x7C\x6B\x8B\x3A\x79\x7F\xB3\x49\xCF\x3D\xE2\x89\x9F\xA0\x30\x4B\x85\xB9\x9C\x94\x24\x79\x8F\x7D\x6B\xA9\x45\x68\x0F\x2B\xD0\xF1\xDA\x1C\xCB\x69\xB8\xCA\x49\x62\x6D\xC8\xD0\x63\x62\xDD\x60\x0F\x58\xAA\x8F\xA1\xBC\x05\xA5\x66\xA2\xCF\x1B\x76\xB2\x84\x64\xB1\x4C\x39\x52\xC0\x30\xBA\xF0\x8C\x4B\x02\xB0\xB6\xB7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x47\xB8\xCD\xFF\xE5\x6F\xEE\xF8\xB2\xEC\x2F\x4E\x0E\xF9\x25\xB0\x8E\x3C\x6B\xC3\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x00\x20\x23\x41\x35\x04\x90\xC2\x40\x62\x60\xEF\xE2\x35\x4C\xD7\x3F\xAC\xE2\x34\x90\xB8\xA1\x6F\x76\xFA\x16\x16\xA4\x48\x37\x2C\xE9\x90\xC2\xF2\x3C\xF8\x0A\x9F\xD8\x81\xE5\xBB\x5B\xDA\x25\x2C\xA4\xA7\x55\x71\x24\x32\xF6\xC8\x0B\xF2\xBC\x6A\xF8\x93\xAC\xB2\x07\xC2\x5F\x9F\xDB\xCC\xC8\x8A\xAA\xBE\x6A\x6F\xE1\x49\x10\xCC\x31\xD7\x80\xBB\xBB\xC8\xD8\xA2\x0E\x64\x57\xEA\xA2\xF5\xC2\xA9\x31\x15\xD2\x20\x6A\xEC\xFC\x22\x01\x28\xCF\x86\xB8\x80\x1E\xA9\xCC\x11\xA5\x3C\xF2\x16\xB3\x47\x9D\xFC\xD2\x80\x21\xC4\xCB\xD0\x47\x70\x41\xA1\xCA\x83\x19\x08\x2C\x6D\xF2\x5D\x77\x9C\x8A\x14\x13\xD4\x36\x1C\x92\xF0\xE5\x06\x37\xDC\xA6\xE6\x90\x9B\x38\x8F\x5C\x6B\x1B\x46\x86\x43\x42\x5F\x3E\x01\x07\x53\x54\x5D\x65\x7D\xF7\x8A\x73\xA1\x9A\x54\x5A\x1F\x29\x43\x14\x27\xC2\x85\x0F\xB5\x88\x7B\x1A\x3B\x94\xB7\x1D\x60\xA7\xB5\x9C\xE7\x29\x69\x57\x5A\x9B\x93\x7A\x43\x30\x1B\x03\xD7\x62\xC8\x40\xA6\xAA\xFC\x64\xE4\x4A\xD7\x91\x53\x01\xA8\x20\x88\x6E\x9C\x5F\x44\xB9\xCB\x60\x81\x34\xEC\x6F\xD3\x7D\xDA\x48\x5F\xEB\xB4\x90\xBC\x2D\xA9\x1C\x0B\xAC\x1C\xD5\xA2\x68\x20\x80\x04\xD6\xFC\xB1\x8F\x2F\xBB\x4A\x31\x0D\x4A\x86\x1C\xEB\xE2\x36\x29\x26\xF5\xDA\xD8\xC4\xF2\x75\x61\xCF\x7E\xAE\x76\x63\x4A\x7A\x40\x65\x93\x87\xF8\x1E\x80\x8C\x86\xE5\x86\xD6\x8F\x0E\xFC\x53\x2C\x60\xE8\x16\x61\x1A\xA2\x3E\x43\x7B\xCD\x39\x60\x54\x6A\xF5\xF2\x89\x26\x01\x68\x83\x48\xA2\x33\xE8\xC9\x04\x91\xB2\x11\x34\x11\x3E\xEA\xD0\x43\x19\x1F\x03\x93\x90\x0C\xFF\x51\x3D\x57\xF4\x41\x6E\xE1\xCB\xA0\xBE\xEB\xC9\x63\xCD\x6D\xCC\xE4\xF8\x36\xAA\x68\x9D\xED\xBD\x5D\x97\x70\x44\x0D\xB6\x0E\x35\xDC\xE1\x0C\x5D\xBB\xA0\x51\x94\xCB\x7E\x16\xEB\x11\x2F\xA3\x92\x45\xC8\x4C\x71\xD9\xBC\xC9\x99\x52\x57\x46\x2F\x50\xCF\xBD\x35\x69\xF4\x3D\x15\xCE\x06\xA5\x2C\x0F\x3E\xF6\x81\xBA\x94\xBB\xC3\xBB\xBF\x65\x78\xD2\x86\x79\xFF\x49\x3B\x1A\x83\x0C\xF0\xDE\x78\xEC\xC8\xF2\x4D\x4C\x1A\xDE\x82\x29\xF8\xC1\x5A\xDA\xED\xEE\xE6\x27\x5E\xE8\x45\xD0\x9D\x1C\x51\xA8\x68\xAB\x44\xE3\xD0\x8B\x6A\xE3\xF8\x3B\xBB\xDC\x4D\xD7\x64\xF2\x51\xBE\xE6\xAA\xAB\x5A\xE9\x31\xEE\x06\xBC\x73\xBF\x13\x62\x0A\x9F\xC7\xB9\x97", }; From 750e1ddf69d9f3375801615e872ec42b8a8d5a6d Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 16 Jul 2012 15:51:47 -0400 Subject: [PATCH 067/120] Fixed a couple of init-time mem leaks. --- src/DPM.cc | 1 + src/Scope.cc | 11 +++++------ src/scan.l | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/DPM.cc b/src/DPM.cc index d7e5cd25ef..6ecf3b1336 100644 --- a/src/DPM.cc +++ b/src/DPM.cc @@ -117,6 +117,7 @@ void DPM::AddConfig(const Analyzer::Config& cfg) desc.SP(); #endif } + Unref(plist); } } diff --git a/src/Scope.cc b/src/Scope.cc index 4916cdbfce..731ced93b7 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -50,7 +50,7 @@ Scope::~Scope() ID* Scope::GenerateTemporary(const char* name) { - return new ID(copy_string(name), SCOPE_FUNCTION, false); + return new ID(name, SCOPE_FUNCTION, false); } id_list* Scope::GetInits() @@ -166,16 +166,15 @@ ID* install_ID(const char* name, const char* module_name, else scope = SCOPE_FUNCTION; - string full_name_str = make_full_var_name(module_name, name); - char* full_name = copy_string(full_name_str.c_str()); + string full_name = make_full_var_name(module_name, name); - ID* id = new ID(full_name, scope, is_export); + ID* id = new ID(full_name.c_str(), scope, is_export); if ( SCOPE_FUNCTION != scope ) - global_scope()->Insert(full_name, id); + global_scope()->Insert(full_name.c_str(), id); else { id->SetOffset(top_scope->Length()); - top_scope->Insert(full_name, id); + top_scope->Insert(full_name.c_str(), id); } return id; diff --git a/src/scan.l b/src/scan.l index 645ce659cd..d90501dd55 100644 --- a/src/scan.l +++ b/src/scan.l @@ -776,7 +776,7 @@ void add_input_file(const char* file) if ( ! filename ) (void) load_files(file); else - input_files.append(copy_string(file)); + input_files.append((char*) file); } void add_to_name_list(char* s, char delim, name_list& nl) From 5d04d583854efd592495d6678895a042cf03e698 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 17 Jul 2012 13:57:23 -0400 Subject: [PATCH 068/120] Fixed small elasticsearch problem in configure output. --- CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 14cf66ac19..bd6bf95737 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -122,13 +122,15 @@ if (LINTEL_FOUND AND DATASERIES_FOUND AND LIBXML2_FOUND) list(APPEND OPTLIBS ${LibXML2_LIBRARIES}) endif() +set(USE_ELASTICSEARCH false) set(USE_CURL false) find_package(CURL) + if (CURL_FOUND) + set(USE_ELASTICSEARCH true) set(USE_CURL true) include_directories(BEFORE ${CURL_INCLUDE_DIR}) list(APPEND OPTLIBS ${CURL_LIBRARIES}) - set(USE_ELASTICSEARCH true) endif() if (ENABLE_PERFTOOLS_DEBUG) From 81edec8b2eeef682c4bb2639a0b191e12bc2f561 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Tue, 17 Jul 2012 14:16:15 -0700 Subject: [PATCH 069/120] Fix bug, where in dns.log rcode always was set to 0/NOERROR when no reply package was seen. In the fixed version rcode is only set when a reply packet was seen. Updates for the baseline have been commited separately in the topic/bernhard/dns-fix branch. --- scripts/base/protocols/dns/main.bro | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro index 600de4beaf..c951ff4fd2 100644 --- a/scripts/base/protocols/dns/main.bro +++ b/scripts/base/protocols/dns/main.bro @@ -162,11 +162,11 @@ function set_session(c: connection, msg: dns_msg, is_query: bool) c$dns = c$dns_state$pending[msg$id]; - c$dns$rcode = msg$rcode; - c$dns$rcode_name = base_errors[msg$rcode]; - if ( ! is_query ) { + c$dns$rcode = msg$rcode; + c$dns$rcode_name = base_errors[msg$rcode]; + if ( ! c$dns?$total_answers ) c$dns$total_answers = msg$num_answers; From 1fa182c16918d258cbda6bfc69b3394103d4313f Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 18 Jul 2012 00:00:31 -0400 Subject: [PATCH 070/120] Some better elasticsearch reliability. - Added a configurable option for timing out ES HTTP requests. - Stop sending reporter messages after one message for one failure. --- .../logging/writers/elasticsearch.bro | 3 ++ src/logging.bif | 1 + src/logging/writers/ElasticSearch.cc | 38 ++++++++++++++----- src/logging/writers/ElasticSearch.h | 2 + 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro index 93c6c98705..adc675e487 100644 --- a/scripts/base/frameworks/logging/writers/elasticsearch.bro +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -17,6 +17,9 @@ export { ## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc. const type_prefix = "" &redef; + ## The time before an ElasticSearch transfer will timeout. + const transfer_timeout = 2secs; + ## The batch size is the number of messages that will be queued up before ## they are sent to be bulk indexed. ## Note: this is mainly a memory usage parameter. diff --git a/src/logging.bif b/src/logging.bif index 3cdb414d80..7e50a9d285 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -91,6 +91,7 @@ const server_host: string; const server_port: count; const index_prefix: string; const type_prefix: string; +const transfer_timeout: interval; const max_batch_size: count; const max_batch_interval: interval; const max_byte_size: count; diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 1b8dfa495d..71be036a72 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -42,7 +42,10 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) current_index = string(); prev_index = string(); last_send = current_time(); + failing = false; + transfer_timeout = BifConst::LogElasticSearch::transfer_timeout * 1000; + curl_handle = HTTPSetup(); } @@ -77,12 +80,13 @@ bool ElasticSearch::BatchIndex() curl_easy_setopt(curl_handle, CURLOPT_POST, 1); curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)buffer.Len()); curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, buffer.Bytes()); - HTTPSend(curl_handle); - + failing = ! HTTPSend(curl_handle); + + // We are currently throwing the data out regardless of if the send failed. Fire and forget! buffer.Clear(); counter = 0; last_send = current_time(); - + return true; } @@ -347,6 +351,8 @@ bool ElasticSearch::HTTPSend(CURL *handle) // HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. // The best (only?) way to disable that is to just use HTTP 1.0 curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); + + curl_easy_setopt(handle, CURLOPT_TIMEOUT_MS, transfer_timeout); CURLcode return_code = curl_easy_perform(handle); @@ -355,21 +361,35 @@ bool ElasticSearch::HTTPSend(CURL *handle) case CURLE_COULDNT_CONNECT: case CURLE_COULDNT_RESOLVE_HOST: case CURLE_WRITE_ERROR: - return false; + case CURLE_RECV_ERROR: + { + if ( ! failing ) + Error(Fmt("ElasticSearch server may not be accessible.")); + } + + case CURLE_OPERATION_TIMEDOUT: + { + if ( ! failing ) + Warning(Fmt("HTTP operation with elasticsearch server timed out at %" PRIu64 " msecs.", transfer_timeout)); + } case CURLE_OK: { uint http_code = 0; curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_code); - if ( http_code != 200 ) - Error(Fmt("Received a non-successful status code back from ElasticSearch server.")); - - return true; + if ( http_code == 200 ) + // Hopefully everything goes through here. + return true; + else if ( ! failing ) + Error(Fmt("Received a non-successful status code back from ElasticSearch server, check the elasticsearch server log.")); } default: - return true; + { + } } + // The "successful" return happens above + return false; } #endif diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h index 375845b002..60977f7737 100644 --- a/src/logging/writers/ElasticSearch.h +++ b/src/logging/writers/ElasticSearch.h @@ -65,6 +65,8 @@ private: string path; string index_prefix; + uint64 transfer_timeout; + bool failing; uint64 batch_size; }; From 50f5f8131df7691643209ccf2d058ab98a4ba6ad Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 18 Jul 2012 07:29:01 -0700 Subject: [PATCH 071/120] Revert "Fixed a couple of init-time mem leaks." This reverts commit 750e1ddf69d9f3375801615e872ec42b8a8d5a6d. --- src/DPM.cc | 1 - src/Scope.cc | 11 ++++++----- src/scan.l | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/DPM.cc b/src/DPM.cc index 6ecf3b1336..d7e5cd25ef 100644 --- a/src/DPM.cc +++ b/src/DPM.cc @@ -117,7 +117,6 @@ void DPM::AddConfig(const Analyzer::Config& cfg) desc.SP(); #endif } - Unref(plist); } } diff --git a/src/Scope.cc b/src/Scope.cc index 731ced93b7..4916cdbfce 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -50,7 +50,7 @@ Scope::~Scope() ID* Scope::GenerateTemporary(const char* name) { - return new ID(name, SCOPE_FUNCTION, false); + return new ID(copy_string(name), SCOPE_FUNCTION, false); } id_list* Scope::GetInits() @@ -166,15 +166,16 @@ ID* install_ID(const char* name, const char* module_name, else scope = SCOPE_FUNCTION; - string full_name = make_full_var_name(module_name, name); + string full_name_str = make_full_var_name(module_name, name); + char* full_name = copy_string(full_name_str.c_str()); - ID* id = new ID(full_name.c_str(), scope, is_export); + ID* id = new ID(full_name, scope, is_export); if ( SCOPE_FUNCTION != scope ) - global_scope()->Insert(full_name.c_str(), id); + global_scope()->Insert(full_name, id); else { id->SetOffset(top_scope->Length()); - top_scope->Insert(full_name.c_str(), id); + top_scope->Insert(full_name, id); } return id; diff --git a/src/scan.l b/src/scan.l index d90501dd55..645ce659cd 100644 --- a/src/scan.l +++ b/src/scan.l @@ -776,7 +776,7 @@ void add_input_file(const char* file) if ( ! filename ) (void) load_files(file); else - input_files.append((char*) file); + input_files.append(copy_string(file)); } void add_to_name_list(char* s, char delim, name_list& nl) From 43507b1bb9b2ff484716e2e8f151a5fdc8974951 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 18 Jul 2012 11:28:41 -0400 Subject: [PATCH 072/120] New script for easily duplicating logs to ElasticSearch. --- .../policy/tuning/logs-to-elasticsearch.bro | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 scripts/policy/tuning/logs-to-elasticsearch.bro diff --git a/scripts/policy/tuning/logs-to-elasticsearch.bro b/scripts/policy/tuning/logs-to-elasticsearch.bro new file mode 100644 index 0000000000..c3cc9d5002 --- /dev/null +++ b/scripts/policy/tuning/logs-to-elasticsearch.bro @@ -0,0 +1,45 @@ +##! Load this script to enable global log output to an ElasticSearch database. + +module LogElasticSearch; + +export { + ## An elasticsearch specific rotation interval. + const rotation_interval = 24hr &redef; + + ## Optionally ignore any :bro:enum:`Log::ID` from being sent to + ## ElasticSearch with this script. + const excluded_log_ids: set[string] = set("Communication::LOG") &redef; + + ## If you want to explicitly only send certain :bro:enum:`Log::ID` + ## streams, add them to this set. If the set remains empty, all will + ## be sent. The :bro:id:`excluded_log_ids` option will remain in + ## effect as well. + const send_logs: set[string] = set() &redef; +} + +module Log; + +event bro_init() &priority=-5 + { + local my_filters: table[ID, string] of Filter = table(); + + for ( [id, name] in filters ) + { + local filter = filters[id, name]; + if ( fmt("%s", id) in LogElasticSearch::excluded_log_ids || + (|LogElasticSearch::send_logs| > 0 && fmt("%s", id) !in LogElasticSearch::send_logs) ) + next; + + filter$name = cat(name, "-es"); + filter$writer = Log::WRITER_ELASTICSEARCH; + filter$interv = LogElasticSearch::rotation_interval; + my_filters[id, name] = filter; + } + + # This had to be done separately to avoid an ever growing filters list + # where the for loop would never end. + for ( [id, name] in my_filters ) + { + Log::add_filter(id, filter); + } + } \ No newline at end of file From 6335dbb5e1cf694afea3c306012a258614d13880 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 18 Jul 2012 11:32:14 -0400 Subject: [PATCH 073/120] Fixing calc_next_rotate to use UTC based time functions. --- src/util.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util.cc b/src/util.cc index 3cfa5fca1c..abbea3e906 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1112,9 +1112,9 @@ double calc_next_rotate(double current, double interval, double base) time_t teatime = time_t(current); struct tm t; - t = *localtime_r(&teatime, &t); + t = *gmtime_r(&teatime, &t); t.tm_hour = t.tm_min = t.tm_sec = 0; - double startofday = mktime(&t); + double startofday = timegm(&t); if ( base < 0 ) // No base time given. To get nice timestamps, we round From 18268273594900cdeabc811d1a9cf6562caf2687 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 18 Jul 2012 15:42:23 -0400 Subject: [PATCH 074/120] Changed ES index names to localtime and added a meta index. --- src/logging/writers/ElasticSearch.cc | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 71be036a72..2095ed62df 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -263,11 +263,28 @@ bool ElasticSearch::UpdateIndex(double now, double rinterval, double rbase) struct tm tm; char buf[128]; time_t teatime = (time_t)interval_beginning; - gmtime_r(&teatime, &tm); + localtime_r(&teatime, &tm); strftime(buf, sizeof(buf), "%Y%m%d%H%M", &tm); prev_index = current_index; current_index = index_prefix + "-" + buf; + + // Send some metadata about this index. + buffer.AddRaw("{\"index\":{\"_index\":\"@", 21); + buffer.Add(index_prefix); + buffer.AddRaw("-meta\",\"_type\":\"index\",\"_id\":\"", 30); + buffer.Add(current_index); + buffer.AddRaw("-", 1); + buffer.Add(Info().rotation_base); + buffer.AddRaw("-", 1); + buffer.Add(Info().rotation_interval); + buffer.AddRaw("\"}}\n{\"name\":\"", 13); + buffer.Add(current_index); + buffer.AddRaw("\",\"start\":", 10); + buffer.Add(interval_beginning); + buffer.AddRaw(",\"end\":", 7); + buffer.Add(interval_beginning+rinterval); + buffer.AddRaw("}\n", 2); } //printf("%s - prev:%s current:%s\n", Info().path.c_str(), prev_index.c_str(), current_index.c_str()); From 0c4c5ff33571c9f5cec67d432dd401fc1770e0d4 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 19 Jul 2012 12:14:13 -0400 Subject: [PATCH 075/120] Temporarily removing the ES timeout because it works with signals and is incompatible with Bro threads. --- src/logging/writers/ElasticSearch.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index 2095ed62df..1ae81dfde8 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -369,7 +369,7 @@ bool ElasticSearch::HTTPSend(CURL *handle) // The best (only?) way to disable that is to just use HTTP 1.0 curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); - curl_easy_setopt(handle, CURLOPT_TIMEOUT_MS, transfer_timeout); + //curl_easy_setopt(handle, CURLOPT_TIMEOUT_MS, transfer_timeout); CURLcode return_code = curl_easy_perform(handle); From f73eb3b086c1ae88c122434613501af950a9dba0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 12 Jul 2012 13:44:24 -0700 Subject: [PATCH 076/120] Reworking thread termination logic. Turns out the finish methods weren't called correctly, caused by a mess up with method names which all sounded too similar and the wrong one ended up being called. I've reworked this by changing the thread/writer/reader interfaces, which actually also simplifies them by getting rid of the requirement for writer backends to call their parent methods (i.e., less opportunity for errors). This commit also includes the following (because I noticed the problem above when working on some of these): - The ASCII log writer now includes "#start " and "#end lines in the each file. The latter supersedes Bernhard's "EOF" patch. This required a number of tests updates. The standard canonifier removes the timestamps, but some tests compare files directly, which doesn't work if they aren't printing out the same timestamps (like the comm tests). - The above required yet another change to the writer API to network_time to methods. - Renamed ASCII logger "header" options to "meta". - Fixes #763 "Escape # when first character in log file line". All btests pass for me on Linux FC15. Will try MacOS next. --- NEWS | 5 + .../base/frameworks/logging/writers/ascii.bro | 11 ++- src/input/Manager.cc | 2 - src/input/ReaderBackend.cc | 9 +- src/input/ReaderBackend.h | 25 ++--- src/input/ReaderFrontend.cc | 26 ----- src/input/readers/Ascii.cc | 2 - src/input/readers/Benchmark.cc | 1 - src/input/readers/Raw.cc | 2 - src/logging.bif | 4 +- src/logging/Manager.cc | 3 +- src/logging/WriterBackend.cc | 16 +-- src/logging/WriterBackend.h | 32 ++++-- src/logging/WriterFrontend.cc | 33 ++----- src/logging/WriterFrontend.h | 8 +- src/logging/writers/Ascii.cc | 97 ++++++++++++++----- src/logging/writers/Ascii.h | 13 ++- src/logging/writers/DataSeries.cc | 14 ++- src/logging/writers/DataSeries.h | 5 +- src/logging/writers/None.h | 5 +- src/threading/BasicThread.cc | 35 ++----- src/threading/BasicThread.h | 8 ++ src/threading/MsgThread.cc | 31 ++++-- src/threading/MsgThread.h | 34 ++++--- .../ssh-filtered.log | 12 +++ .../ssh.log | 12 --- .../test.log | 12 +++ testing/btest/core/expr-exception.bro | 2 +- testing/btest/istate/events-ssl.bro | 9 +- testing/btest/istate/events.bro | 9 +- .../base/frameworks/logging/ascii-empty.bro | 5 +- .../logging/ascii-line-like-comment.bro | 23 +++++ .../base/frameworks/logging/ascii-options.bro | 2 +- .../base/frameworks/logging/remote-types.bro | 8 +- .../base/frameworks/logging/remote.bro | 8 +- .../notice/default-policy-order.test | 6 +- testing/scripts/diff-remove-timestamps | 7 +- 37 files changed, 313 insertions(+), 223 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log delete mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log create mode 100644 testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro diff --git a/NEWS b/NEWS index d9410e1c7c..0798920d8a 100644 --- a/NEWS +++ b/NEWS @@ -140,6 +140,11 @@ the full set. Bro now supports decapsulating tunnels directly for protocols it understands. +- ASCII logs now record the time when they were opened/closed at the + beginning and end of the file, respectively. The options + LogAscii::header_prefix and LogAscii::include_header have been + renamed to LogAscii::meta_prefix and LogAscii::include_meta, + respectively. Bro 2.0 ------- diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.bro index fa1fcd6797..bacb0996d0 100644 --- a/scripts/base/frameworks/logging/writers/ascii.bro +++ b/scripts/base/frameworks/logging/writers/ascii.bro @@ -8,12 +8,13 @@ export { ## into files. This is primarily for debugging purposes. const output_to_stdout = F &redef; - ## If true, include a header line with column names and description - ## of the other ASCII logging options that were used. - const include_header = T &redef; + ## If true, include lines with log meta information such as column names with + ## types, the values of ASCII logging options that in use, and the time when the + ## file was opened and closes (the latter at the end). + const include_meta = T &redef; - ## Prefix for the header line if included. - const header_prefix = "#" &redef; + ## Prefix for lines with meta information. + const meta_prefix = "#" &redef; ## Separator between fields. const separator = "\t" &redef; diff --git a/src/input/Manager.cc b/src/input/Manager.cc index fc68343813..1c6b69e8ec 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -726,8 +726,6 @@ bool Manager::RemoveStream(Stream *i) i->removed = true; - i->reader->Close(); - DBG_LOG(DBG_INPUT, "Successfully queued removal of stream %s", i->name.c_str()); diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc index dea554251e..84106a3c94 100644 --- a/src/input/ReaderBackend.cc +++ b/src/input/ReaderBackend.cc @@ -207,7 +207,7 @@ bool ReaderBackend::Init(const ReaderInfo& arg_info, const int arg_num_fields, return success; } -void ReaderBackend::Close() +bool ReaderBackend::OnFinish(double network_time) { DoClose(); disabled = true; // frontend disables itself when it gets the Close-message. @@ -221,6 +221,8 @@ void ReaderBackend::Close() delete [] (fields); fields = 0; } + + return true; } bool ReaderBackend::Update() @@ -243,10 +245,9 @@ void ReaderBackend::DisableFrontend() SendOut(new DisableMessage(frontend)); } -bool ReaderBackend::DoHeartbeat(double network_time, double current_time) +bool ReaderBackend::OnHeartbeat(double network_time, double current_time) { - MsgThread::DoHeartbeat(network_time, current_time); - return true; + return DoHeartbeat(network_time, current_time); } TransportProto ReaderBackend::StringToProto(const string &proto) diff --git a/src/input/ReaderBackend.h b/src/input/ReaderBackend.h index 820633254a..1e77a61f37 100644 --- a/src/input/ReaderBackend.h +++ b/src/input/ReaderBackend.h @@ -108,15 +108,6 @@ public: */ bool Init(const ReaderInfo& info, int num_fields, const threading::Field* const* fields); - /** - * Finishes reading from this input stream in a regular fashion. Must - * not be called if an error has been indicated earlier. After - * calling this, no further reading from the stream can be performed. - * - * @return False if an error occured. - */ - void Close(); - /** * Force trigger an update of the input stream. The action that will * be taken depends on the current read mode and the individual input @@ -149,6 +140,9 @@ public: */ int NumFields() const { return num_fields; } + // Overridden from MsgThread. + virtual bool OnHeartbeat(double network_time, double current_time); + virtual bool OnFinish(double network_time); protected: // Methods that have to be overwritten by the individual readers @@ -200,6 +194,11 @@ protected: */ virtual bool DoUpdate() = 0; + /** + * Triggered by regular heartbeat messages from the main thread. + */ + virtual bool DoHeartbeat(double network_time, double current_time) = 0; + /** * Method allowing a reader to send a specified Bro event. Vals must * match the values expected by the bro event. @@ -271,14 +270,6 @@ protected: */ void EndCurrentSend(); - /** - * Triggered by regular heartbeat messages from the main thread. - * - * This method can be overridden but once must call - * ReaderBackend::DoHeartbeat(). - */ - virtual bool DoHeartbeat(double network_time, double current_time); - /** * Convert a string into a TransportProto. This is just a utility * function for Readers. diff --git a/src/input/ReaderFrontend.cc b/src/input/ReaderFrontend.cc index e489147d36..7e4ef201b1 100644 --- a/src/input/ReaderFrontend.cc +++ b/src/input/ReaderFrontend.cc @@ -37,17 +37,6 @@ public: virtual bool Process() { return Object()->Update(); } }; -class CloseMessage : public threading::InputMessage -{ -public: - CloseMessage(ReaderBackend* backend) - : threading::InputMessage("Close", backend) - { } - - virtual bool Process() { Object()->Close(); return true; } -}; - - ReaderFrontend::ReaderFrontend(bro_int_t type) { disabled = initialized = false; @@ -93,21 +82,6 @@ void ReaderFrontend::Update() backend->SendIn(new UpdateMessage(backend)); } -void ReaderFrontend::Close() - { - if ( disabled ) - return; - - if ( ! initialized ) - { - reporter->Error("Tried to call finish on uninitialized reader"); - return; - } - - disabled = true; - backend->SendIn(new CloseMessage(backend)); - } - string ReaderFrontend::Name() const { if ( ! info.source.size() ) diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index dd1e742e5e..7f93a3138c 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -506,8 +506,6 @@ bool Ascii::DoUpdate() bool Ascii::DoHeartbeat(double network_time, double current_time) { - ReaderBackend::DoHeartbeat(network_time, current_time); - switch ( Info().mode ) { case MODE_MANUAL: // yay, we do nothing :) diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc index d71901fa66..28afdc1c89 100644 --- a/src/input/readers/Benchmark.cc +++ b/src/input/readers/Benchmark.cc @@ -222,7 +222,6 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) bool Benchmark::DoHeartbeat(double network_time, double current_time) { - ReaderBackend::DoHeartbeat(network_time, current_time); num_lines = (int) ( (double) num_lines*multiplication_factor); num_lines += add; heartbeatstarttime = CurrTime(); diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index 1bae6cfa0c..f62e966883 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -252,8 +252,6 @@ bool Raw::DoUpdate() bool Raw::DoHeartbeat(double network_time, double current_time) { - ReaderBackend::DoHeartbeat(network_time, current_time); - switch ( Info().mode ) { case MODE_MANUAL: // yay, we do nothing :) diff --git a/src/logging.bif b/src/logging.bif index d25e89c33c..48e0edbb06 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -65,8 +65,8 @@ function Log::__flush%(id: Log::ID%): bool module LogAscii; const output_to_stdout: bool; -const include_header: bool; -const header_prefix: string; +const include_meta: bool; +const meta_prefix: string; const separator: string; const set_separator: string; const empty_field: string; diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 0fea3d577d..1808b83738 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -771,6 +771,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) WriterBackend::WriterInfo info; info.path = path; + info.network_time = network_time; HashKey* k; IterCookie* c = filter->config->AsTable()->InitForIteration(); @@ -1156,7 +1157,7 @@ bool Manager::Flush(EnumVal* id) for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) - i->second->writer->Flush(); + i->second->writer->Flush(network_time); RemoveDisabledWriters(stream); diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 00590208d5..68b0b506a1 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -18,7 +18,7 @@ namespace logging { class RotationFinishedMessage : public threading::OutputMessage { public: - RotationFinishedMessage(WriterFrontend* writer, string new_name, string old_name, + RotationFinishedMessage(WriterFrontend* writer, string new_name, string old_name, double open, double close, bool terminating) : threading::OutputMessage("RotationFinished", writer), new_name(new_name), old_name(old_name), open(open), @@ -260,9 +260,9 @@ bool WriterBackend::Rotate(string rotated_path, double open, return true; } -bool WriterBackend::Flush() +bool WriterBackend::Flush(double network_time) { - if ( ! DoFlush() ) + if ( ! DoFlush(network_time) ) { DisableFrontend(); return false; @@ -271,13 +271,15 @@ bool WriterBackend::Flush() return true; } -bool WriterBackend::DoHeartbeat(double network_time, double current_time) +bool WriterBackend::OnFinish(double network_time) { - MsgThread::DoHeartbeat(network_time, current_time); + return DoFinish(network_time); + } +bool WriterBackend::OnHeartbeat(double network_time, double current_time) + { SendOut(new FlushWriteBufferMessage(frontend)); - - return true; + return DoHeartbeat(network_time, current_time); } string WriterBackend::Render(const threading::Value::addr_t& addr) const diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 6e65a8151a..33cde8679e 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -67,6 +67,11 @@ public: */ double rotation_base; + /** + * The network time when the writer is created. + */ + double network_time; + /** * A map of key/value pairs corresponding to the relevant * filter's "config" table. @@ -129,9 +134,11 @@ public: * Flushes any currently buffered output, assuming the writer * supports that. (If not, it will be ignored). * + * @param network_time The network time when the flush was triggered. + * * @return False if an error occured. */ - bool Flush(); + bool Flush(double network_time); /** * Triggers rotation, if the writer supports that. (If not, it will @@ -213,6 +220,10 @@ public: */ string Render(double d) const; + // Overridden from MsgThread. + virtual bool OnHeartbeat(double network_time, double current_time); + virtual bool OnFinish(double network_time); + protected: friend class FinishMessage; @@ -272,8 +283,10 @@ protected: * will then be disabled and eventually deleted. When returning * false, an implementation should also call Error() to indicate what * happened. + * + * @param network_time The network time when the flush was triggered. */ - virtual bool DoFlush() = 0; + virtual bool DoFlush(double network_time) = 0; /** * Writer-specific method implementing log rotation. Most directly @@ -314,20 +327,19 @@ protected: /** * Writer-specific method called just before the threading system is - * going to shutdown. + * going to shutdown. It is assumed that once this messages returns, + * the thread can be safely terminated. * - * This method can be overridden but one must call - * WriterBackend::DoFinish(). + * @param network_time The network time when the finish is triggered. */ - virtual bool DoFinish() { return MsgThread::DoFinish(); } - + virtual bool DoFinish(double network_time) = 0; /** * Triggered by regular heartbeat messages from the main thread. * - * This method can be overridden but one must call - * WriterBackend::DoHeartbeat(). + * This method can be overridden. Default implementation does + * nothing. */ - virtual bool DoHeartbeat(double network_time, double current_time); + virtual bool DoHeartbeat(double network_time, double current_time) = 0; private: /** diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 21bde0d43c..577003926b 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -81,19 +81,13 @@ private: class FlushMessage : public threading::InputMessage { public: - FlushMessage(WriterBackend* backend) - : threading::InputMessage("Flush", backend) {} + FlushMessage(WriterBackend* backend, double network_time) + : threading::InputMessage("Flush", backend), + network_time(network_time) {} - virtual bool Process() { return Object()->Flush(); } -}; - -class FinishMessage : public threading::InputMessage -{ -public: - FinishMessage(WriterBackend* backend) - : threading::InputMessage("Finish", backend) {} - - virtual bool Process() { return Object()->DoFinish(); } + virtual bool Process() { return Object()->Flush(network_time); } +private: + double network_time; }; } @@ -240,7 +234,7 @@ void WriterFrontend::SetBuf(bool enabled) FlushWriteBuffer(); } -void WriterFrontend::Flush() +void WriterFrontend::Flush(double network_time) { if ( disabled ) return; @@ -248,7 +242,7 @@ void WriterFrontend::Flush() FlushWriteBuffer(); if ( backend ) - backend->SendIn(new FlushMessage(backend)); + backend->SendIn(new FlushMessage(backend, network_time)); } void WriterFrontend::Rotate(string rotated_path, double open, double close, bool terminating) @@ -266,17 +260,6 @@ void WriterFrontend::Rotate(string rotated_path, double open, double close, bool log_mgr->FinishedRotation(0, "", rotated_path, open, close, terminating); } -void WriterFrontend::Finish() - { - if ( disabled ) - return; - - FlushWriteBuffer(); - - if ( backend ) - backend->SendIn(new FinishMessage(backend)); - } - void WriterFrontend::DeleteVals(Value** vals) { // Note this code is duplicated in Manager::DeleteVals(). diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h index 8a0dce4645..6581fb1c1b 100644 --- a/src/logging/WriterFrontend.h +++ b/src/logging/WriterFrontend.h @@ -114,8 +114,10 @@ public: * message back that will asynchronously call Disable(). * * This method must only be called from the main thread. + * + * @param network_time The network time when the flush was triggered. */ - void Flush(); + void Flush(double network_time); /** * Triggers log rotation. @@ -138,8 +140,10 @@ public: * sends a message back that will asynchronously call Disable(). * * This method must only be called from the main thread. + * + * @param network_time The network time when the finish was triggered. */ - void Finish(); + void Finish(double network_time); /** * Explicitly triggers a transfer of all potentially buffered Write() diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 6e5ceef678..ab68cd77d8 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -18,7 +18,7 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) file = 0; output_to_stdout = BifConst::LogAscii::output_to_stdout; - include_header = BifConst::LogAscii::include_header; + include_meta = BifConst::LogAscii::include_meta; separator_len = BifConst::LogAscii::separator->Len(); separator = new char[separator_len]; @@ -40,10 +40,10 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) memcpy(unset_field, BifConst::LogAscii::unset_field->Bytes(), unset_field_len); - header_prefix_len = BifConst::LogAscii::header_prefix->Len(); - header_prefix = new char[header_prefix_len]; - memcpy(header_prefix, BifConst::LogAscii::header_prefix->Bytes(), - header_prefix_len); + meta_prefix_len = BifConst::LogAscii::meta_prefix->Len(); + meta_prefix = new char[meta_prefix_len]; + memcpy(meta_prefix, BifConst::LogAscii::meta_prefix->Bytes(), + meta_prefix_len); desc.EnableEscaping(); desc.AddEscapeSequence(separator, separator_len); @@ -51,24 +51,39 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) Ascii::~Ascii() { + // Normally, the file will be closed here already via the Finish() + // message. But when we terminate abnormally, we may still have it + // open. if ( file ) - fclose(file); + CloseFile(0); delete [] separator; delete [] set_separator; delete [] empty_field; delete [] unset_field; - delete [] header_prefix; + delete [] meta_prefix; } bool Ascii::WriteHeaderField(const string& key, const string& val) { - string str = string(header_prefix, header_prefix_len) + + string str = string(meta_prefix, meta_prefix_len) + key + string(separator, separator_len) + val + "\n"; return (fwrite(str.c_str(), str.length(), 1, file) == 1); } +void Ascii::CloseFile(double t) + { + if ( ! file ) + return; + + if ( include_meta ) + WriteHeaderField("end", t ? Timestamp(t) : ""); + + fclose(file); + file = 0; + } + bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * fields) { string path = info.path; @@ -81,17 +96,17 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * if ( ! (file = fopen(fname.c_str(), "w")) ) { Error(Fmt("cannot open %s: %s", fname.c_str(), - strerror(errno))); + Strerror(errno))); return false; } - if ( include_header ) + if ( include_meta ) { string names; string types; - string str = string(header_prefix, header_prefix_len) + string str = string(meta_prefix, meta_prefix_len) + "separator " // Always use space as separator here. + get_escaped_string(string(separator, separator_len), false) + "\n"; @@ -105,8 +120,9 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * string(empty_field, empty_field_len), false)) && WriteHeaderField("unset_field", get_escaped_string( string(unset_field, unset_field_len), false)) && - WriteHeaderField("path", get_escaped_string(path, false))) ) - goto write_error; + WriteHeaderField("path", get_escaped_string(path, false)) && + WriteHeaderField("start", Timestamp(info.network_time))) ) + goto write_error; for ( int i = 0; i < num_fields; ++i ) { @@ -128,21 +144,23 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * return true; write_error: - Error(Fmt("error writing to %s: %s", fname.c_str(), strerror(errno))); + Error(Fmt("error writing to %s: %s", fname.c_str(), Strerror(errno))); return false; } -bool Ascii::DoFlush() +bool Ascii::DoFlush(double network_time) { fflush(file); return true; } -bool Ascii::DoFinish() +bool Ascii::DoFinish(double network_time) { - return WriterBackend::DoFinish(); + CloseFile(network_time); + return true; } + bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field) { if ( ! val->present ) @@ -307,16 +325,33 @@ bool Ascii::DoWrite(int num_fields, const Field* const * fields, desc.AddRaw("\n", 1); - if ( fwrite(desc.Bytes(), desc.Len(), 1, file) != 1 ) + const char* bytes = (const char*)desc.Bytes(); + int len = desc.Len(); + + // Make sure the line doesn't look like meta information. + if ( strncmp(bytes, meta_prefix, meta_prefix_len) == 0 ) { - Error(Fmt("error writing to %s: %s", fname.c_str(), strerror(errno))); - return false; + // It would so escape the first character. + char buf[16]; + snprintf(buf, sizeof(buf), "\\x%02x", bytes[0]); + if ( fwrite(buf, strlen(buf), 1, file) != 1 ) + goto write_error; + + ++bytes; + --len; } + if ( fwrite(bytes, len, 1, file) != 1 ) + goto write_error; + if ( IsBuf() ) fflush(file); return true; + +write_error: + Error(Fmt("error writing to %s: %s", fname.c_str(), Strerror(errno))); + return false; } bool Ascii::DoRotate(string rotated_path, double open, double close, bool terminating) @@ -325,8 +360,7 @@ bool Ascii::DoRotate(string rotated_path, double open, double close, bool termin if ( ! file || IsSpecial(Info().path) ) return true; - fclose(file); - file = 0; + CloseFile(close); string nname = rotated_path + "." + LogExt(); rename(fname.c_str(), nname.c_str()); @@ -346,9 +380,28 @@ bool Ascii::DoSetBuf(bool enabled) return true; } +bool Ascii::DoHeartbeat(double network_time, double current_time) + { + // Nothing to do. + return true; + } + string Ascii::LogExt() { const char* ext = getenv("BRO_LOG_SUFFIX"); if ( ! ext ) ext = "log"; return ext; } + +string Ascii::Timestamp(double t) + { + struct tm tm; + char buf[128]; + const char* const date_fmt = "%Y-%m-%d-%H-%M-%S"; + time_t teatime = time_t(t); + + localtime_r(&teatime, &tm); + strftime(buf, sizeof(buf), date_fmt, &tm); + return buf; + } + diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h index a95e644d49..857954ce37 100644 --- a/src/logging/writers/Ascii.h +++ b/src/logging/writers/Ascii.h @@ -26,13 +26,16 @@ protected: virtual bool DoSetBuf(bool enabled); virtual bool DoRotate(string rotated_path, double open, double close, bool terminating); - virtual bool DoFlush(); - virtual bool DoFinish(); + virtual bool DoFlush(double network_time); + virtual bool DoFinish(double network_time); + virtual bool DoHeartbeat(double network_time, double current_time); private: bool IsSpecial(string path) { return path.find("/dev/") == 0; } bool DoWriteOne(ODesc* desc, threading::Value* val, const threading::Field* field); bool WriteHeaderField(const string& key, const string& value); + void CloseFile(double t); + string Timestamp(double t); FILE* file; string fname; @@ -40,7 +43,7 @@ private: // Options set from the script-level. bool output_to_stdout; - bool include_header; + bool include_meta; char* separator; int separator_len; @@ -54,8 +57,8 @@ private: char* unset_field; int unset_field_len; - char* header_prefix; - int header_prefix_len; + char* meta_prefix; + int meta_prefix_len; }; } diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index b34ea3412a..1978a8b781 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -311,7 +311,7 @@ bool DataSeries::DoInit(const WriterInfo& info, int num_fields, const threading: } else - Error(Fmt("cannot dump schema: %s", strerror(errno))); + Error(Fmt("cannot dump schema: %s", Strerror(errno))); } compress_type = Extent::compress_all; @@ -343,7 +343,7 @@ bool DataSeries::DoInit(const WriterInfo& info, int num_fields, const threading: return OpenLog(info.path); } -bool DataSeries::DoFlush() +bool DataSeries::DoFlush(double network_time) { // Flushing is handled by DataSeries automatically, so this function // doesn't do anything. @@ -366,11 +366,10 @@ void DataSeries::CloseLog() log_file = 0; } -bool DataSeries::DoFinish() +bool DataSeries::DoFinish(double network_time) { CloseLog(); - - return WriterBackend::DoFinish(); + return true; } bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields, @@ -420,4 +419,9 @@ bool DataSeries::DoSetBuf(bool enabled) return true; } +bool DataSeries::DoHeartbeat(double network_time, double current_time) +{ + return true; +} + #endif /* USE_DATASERIES */ diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h index 0ae3572b76..31d17a1a7b 100644 --- a/src/logging/writers/DataSeries.h +++ b/src/logging/writers/DataSeries.h @@ -34,8 +34,9 @@ protected: virtual bool DoSetBuf(bool enabled); virtual bool DoRotate(string rotated_path, double open, double close, bool terminating); - virtual bool DoFlush(); - virtual bool DoFinish(); + virtual bool DoFlush(double network_time); + virtual bool DoFinish(double network_time); + virtual bool DoHeartbeat(double network_time, double current_time); private: static const size_t ROW_MIN = 2048; // Minimum extent size. diff --git a/src/logging/writers/None.h b/src/logging/writers/None.h index 7e2e4ef4eb..c6d7cba56a 100644 --- a/src/logging/writers/None.h +++ b/src/logging/writers/None.h @@ -26,8 +26,9 @@ protected: virtual bool DoSetBuf(bool enabled) { return true; } virtual bool DoRotate(string rotated_path, double open, double close, bool terminating); - virtual bool DoFlush() { return true; } - virtual bool DoFinish() { WriterBackend::DoFinish(); return true; } + virtual bool DoFlush(double network_time) { return true; } + virtual bool DoFinish(double network_time) { return true; } + virtual bool DoHeartbeat(double network_time, double current_time) { return true; } }; } diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index dfa4c28eda..88c4ac0965 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -78,24 +78,22 @@ const char* BasicThread::Fmt(const char* format, ...) return buf; } +const char* BasicThread::Strerror(int err) + { + static char buf[128] = ""; + strerror_r(err, buf, sizeof(buf)); + return buf; + } + void BasicThread::Start() { if ( started ) return; - int err = pthread_mutex_init(&terminate, 0); - if ( err != 0 ) - reporter->FatalError("Cannot create terminate mutex for thread %s: %s", name.c_str(), strerror(err)); - - // We use this like a binary semaphore and acquire it immediately. - err = pthread_mutex_lock(&terminate); + int err = pthread_create(&pthread, 0, BasicThread::launcher, this); if ( err != 0 ) - reporter->FatalError("Cannot aquire terminate mutex for thread %s: %s", name.c_str(), strerror(err)); - - err = pthread_create(&pthread, 0, BasicThread::launcher, this); - if ( err != 0 ) - reporter->FatalError("Cannot create thread %s:%s", name.c_str(), strerror(err)); + reporter->FatalError("Cannot create thread %s:%s", name.c_str(), Strerror(err)); DBG_LOG(DBG_THREADING, "Started thread %s", name.c_str()); @@ -114,12 +112,6 @@ void BasicThread::Stop() DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name.c_str()); - // Signal that it's ok for the thread to exit now by unlocking the - // mutex. - int err = pthread_mutex_unlock(&terminate); - if ( err != 0 ) - reporter->FatalError("Failure flagging terminate condition for thread %s: %s", name.c_str(), strerror(err)); - terminating = true; OnStop(); @@ -130,16 +122,13 @@ void BasicThread::Join() if ( ! started ) return; - if ( ! terminating ) - Stop(); + assert(terminating); DBG_LOG(DBG_THREADING, "Joining thread %s ...", name.c_str()); if ( pthread_join(pthread, 0) != 0 ) reporter->FatalError("Failure joining thread %s", name.c_str()); - pthread_mutex_destroy(&terminate); - DBG_LOG(DBG_THREADING, "Done with thread %s", name.c_str()); pthread = 0; @@ -178,10 +167,6 @@ void* BasicThread::launcher(void *arg) // Run thread's main function. thread->Run(); - // Wait until somebody actually wants us to terminate. - if ( pthread_mutex_lock(&thread->terminate) != 0 ) - reporter->FatalError("Failure acquiring terminate mutex at end of thread %s", thread->Name().c_str()); - return 0; } diff --git a/src/threading/BasicThread.h b/src/threading/BasicThread.h index cc87ae03bc..d47eb5c3c3 100644 --- a/src/threading/BasicThread.h +++ b/src/threading/BasicThread.h @@ -96,6 +96,14 @@ public: */ const char* Fmt(const char* format, ...); + /** + * A version of strerror() that the thread can safely use. This is + * essentially a wrapper around strerror_r(). Note that it keeps a + * single static buffer internally so the result remains valid only + * until the next call. + */ + const char* Strerror(int err); + protected: friend class Manager; diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index 6a3d496325..81ef123661 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -16,9 +16,17 @@ namespace threading { class FinishMessage : public InputMessage { public: - FinishMessage(MsgThread* thread) : InputMessage("Finish", thread) { } + FinishMessage(MsgThread* thread, double network_time) : InputMessage("Finish", thread), + network_time(network_time) { } - virtual bool Process() { return Object()->DoFinish(); } + virtual bool Process() { + bool result = Object()->OnFinish(network_time); + Object()->Finished(); + return result; + } + +private: + double network_time; }; // A dummy message that's only purpose is unblock the current read operation @@ -39,7 +47,10 @@ public: : InputMessage("Heartbeat", thread) { network_time = arg_network_time; current_time = arg_current_time; } - virtual bool Process() { return Object()->DoHeartbeat(network_time, current_time); } + virtual bool Process() { + Object()->HeartbeatInChild(); + return Object()->OnHeartbeat(network_time, current_time); + } private: double network_time; @@ -146,8 +157,11 @@ MsgThread::MsgThread() : BasicThread() void MsgThread::OnStop() { + if ( finished ) + return; + // Signal thread to terminate and wait until it has acknowledged. - SendIn(new FinishMessage(this), true); + SendIn(new FinishMessage(this, network_time), true); int cnt = 0; while ( ! finished ) @@ -161,6 +175,8 @@ void MsgThread::OnStop() usleep(1000); } + Finished(); + // One more message to make sure the current queue read operation unblocks. SendIn(new UnblockMessage(this), true); } @@ -170,7 +186,7 @@ void MsgThread::Heartbeat() SendIn(new HeartbeatMessage(this, network_time, current_time())); } -bool MsgThread::DoHeartbeat(double network_time, double current_time) +void MsgThread::HeartbeatInChild() { string n = Name(); @@ -179,16 +195,13 @@ bool MsgThread::DoHeartbeat(double network_time, double current_time) cnt_sent_out - queue_out.Size()); SetOSName(n.c_str()); - - return true; } -bool MsgThread::DoFinish() +void MsgThread::Finished() { // This is thread-safe "enough", we're the only one ever writing // there. finished = true; - return true; } void MsgThread::Info(const char* msg) diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h index a917f54396..67ab9517c5 100644 --- a/src/threading/MsgThread.h +++ b/src/threading/MsgThread.h @@ -189,39 +189,45 @@ protected: * * This is method is called regularly by the threading::Manager. * - * Can be overriden in derived classed to hook into the heart beat, - * but must call the parent implementation. Note that this method is - * always called by the main thread and must not access data of the - * child thread directly. See DoHeartbeat() if you want to do - * something on the child-side. + * Can be overriden in derived classed to hook into the heart beat + * sending, but must call the parent implementation. Note that this + * method is always called by the main thread and must not access + * data of the child thread directly. Implement OnHeartbeat() if you + * want to do something on the child-side. */ virtual void Heartbeat(); - /** - * Overriden from BasicThread. - * + /** Flags that the child process has finished processing. Called from child. */ - virtual void Run(); - virtual void OnStop(); + void Finished(); + + /** Internal heartbeat processing. Called from child. + */ + void HeartbeatInChild(); /** * Regulatly triggered for execution in the child thread. * - * When overriding, one must call the parent class' implementation. - * * network_time: The network_time when the heartbeat was trigger by * the main thread. * * current_time: Wall clock when the heartbeat was trigger by the * main thread. */ - virtual bool DoHeartbeat(double network_time, double current_time); + virtual bool OnHeartbeat(double network_time, double current_time) = 0; /** Triggered for execution in the child thread just before shutting threads down. * The child thread should finish its operations and then *must* * call this class' implementation. */ - virtual bool DoFinish(); + virtual bool OnFinish(double network_time) = 0; + + /** + * Overriden from BasicThread. + * + */ + virtual void Run(); + virtual void OnStop(); private: /** diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log new file mode 100644 index 0000000000..a2610bb522 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log @@ -0,0 +1,12 @@ +PREFIX<>separator | +PREFIX<>set_separator|, +PREFIX<>empty_field|EMPTY +PREFIX<>unset_field|NOT-SET +PREFIX<>path|ssh +PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b +PREFIX<>types|time|addr|port|addr|port|string|string|bool +1342126762.852986|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET +1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET +1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET +1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET +1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log deleted file mode 100644 index 10275205a5..0000000000 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log +++ /dev/null @@ -1,12 +0,0 @@ -PREFIX<>separator | -PREFIX<>set_separator|, -PREFIX<>empty_field|EMPTY -PREFIX<>unset_field|NOT-SET -PREFIX<>path|ssh -PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b -PREFIX<>types|time|addr|port|addr|port|string|string|bool -1324314313.345323|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET -1324314313.345323|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET -1324314313.345323|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET -1324314313.345323|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET -1324314313.345323|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log new file mode 100644 index 0000000000..72df0d73d4 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log @@ -0,0 +1,12 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path test +#start 2012-07-12-21-00-27 +#fields data c +#types string count +Test1 42 +\x23Kaputt 42 +Test2 42 +#end 2012-07-12-21-00-27 diff --git a/testing/btest/core/expr-exception.bro b/testing/btest/core/expr-exception.bro index 66f9b78c4b..9e84717935 100644 --- a/testing/btest/core/expr-exception.bro +++ b/testing/btest/core/expr-exception.bro @@ -2,7 +2,7 @@ # shouldn't abort Bro entirely, but just return from the function body. # # @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log # @TEST-EXEC: btest-diff output event connection_established(c: connection) diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro index d87d014a21..afbee3f6d9 100644 --- a/testing/btest/istate/events-ssl.bro +++ b/testing/btest/istate/events-ssl.bro @@ -6,10 +6,13 @@ # # @TEST-EXEC: btest-diff sender/http.log # @TEST-EXEC: btest-diff receiver/http.log -# @TEST-EXEC: cmp sender/http.log receiver/http.log # -# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log -# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log +# @TEST-EXEC: cat sender/http.log $SCRIPTS/diff-remove-timestamps >sender.http.log +# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log +# @TEST-EXEC: cmp sender.http.log receiver.http.log +# +# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log +# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.rec.log # @TEST-EXEC: btest-diff events.rec.log # @TEST-EXEC: btest-diff events.snd.log # @TEST-EXEC: cmp events.rec.log events.snd.log diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro index fe588b5c3b..1f05dfc729 100644 --- a/testing/btest/istate/events.bro +++ b/testing/btest/istate/events.bro @@ -1,12 +1,15 @@ # @TEST-SERIALIZE: comm # -# @TEST-EXEC: btest-bg-run sender bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro -# @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro +# @TEST-EXEC: btest-bg-run sender bro -Bthreading,logging,comm -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro +# @TEST-EXEC: btest-bg-run receiver bro -Bthreading,logging,comm ../receiver.bro # @TEST-EXEC: btest-bg-wait -k 20 # # @TEST-EXEC: btest-diff sender/http.log # @TEST-EXEC: btest-diff receiver/http.log -# @TEST-EXEC: cmp sender/http.log receiver/http.log +# +# @TEST-EXEC: cat sender/http.log $SCRIPTS/diff-remove-timestamps >sender.http.log +# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log +# @TEST-EXEC: cmp sender.http.log receiver.http.log # # @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log # @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro index 9dace5d52a..0bb5900e30 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro @@ -1,12 +1,13 @@ # # @TEST-EXEC: bro -b %INPUT -# @TEST-EXEC: btest-diff ssh.log +# @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log +# @TEST-EXEC: btest-diff ssh-filtered.log redef LogAscii::output_to_stdout = F; redef LogAscii::separator = "|"; redef LogAscii::empty_field = "EMPTY"; redef LogAscii::unset_field = "NOT-SET"; -redef LogAscii::header_prefix = "PREFIX<>"; +redef LogAscii::meta_prefix = "PREFIX<>"; module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro new file mode 100644 index 0000000000..4670811b2a --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.bro @@ -0,0 +1,23 @@ +# +# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: btest-diff test.log + +module Test; + +export { + redef enum Log::ID += { LOG }; + + type Info: record { + data: string &log; + c: count &log &default=42; + }; +} + +event bro_init() +{ + Log::create_stream(Test::LOG, [$columns=Info]); + Log::write(Test::LOG, [$data="Test1"]); + Log::write(Test::LOG, [$data="#Kaputt"]); + Log::write(Test::LOG, [$data="Test2"]); +} + diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-options.bro b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro index 8c228c1384..474b179536 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-options.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro @@ -4,7 +4,7 @@ redef LogAscii::output_to_stdout = F; redef LogAscii::separator = "|"; -redef LogAscii::include_header = F; +redef LogAscii::include_meta = F; module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/remote-types.bro b/testing/btest/scripts/base/frameworks/logging/remote-types.bro index f1ef4f0c31..3f102e6319 100644 --- a/testing/btest/scripts/base/frameworks/logging/remote-types.bro +++ b/testing/btest/scripts/base/frameworks/logging/remote-types.bro @@ -1,10 +1,12 @@ # @TEST-SERIALIZE: comm # -# @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro -# @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro +# @TEST-EXEC: btest-bg-run sender bro -B threading,logging --pseudo-realtime %INPUT ../sender.bro +# @TEST-EXEC: btest-bg-run receiver bro -B threading,logging --pseudo-realtime %INPUT ../receiver.bro # @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-diff receiver/test.log -# @TEST-EXEC: cmp receiver/test.log sender/test.log +# @TEST-EXEC: cat receiver/test.log | egrep -v '#start|#end' >r.log +# @TEST-EXEC: cat sender/test.log | egrep -v '#start|#end' >s.log +# @TEST-EXEC: cmp r.log s.log # Remote version testing all types. diff --git a/testing/btest/scripts/base/frameworks/logging/remote.bro b/testing/btest/scripts/base/frameworks/logging/remote.bro index 8375d7915a..48683148f5 100644 --- a/testing/btest/scripts/base/frameworks/logging/remote.bro +++ b/testing/btest/scripts/base/frameworks/logging/remote.bro @@ -8,9 +8,11 @@ # @TEST-EXEC: btest-diff sender/test.log # @TEST-EXEC: btest-diff sender/test.failure.log # @TEST-EXEC: btest-diff sender/test.success.log -# @TEST-EXEC: cmp receiver/test.log sender/test.log -# @TEST-EXEC: cmp receiver/test.failure.log sender/test.failure.log -# @TEST-EXEC: cmp receiver/test.success.log sender/test.success.log +# @TEST-EXEC: ( cd sender && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done ) +# @TEST-EXEC: ( cd receiver && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done ) +# @TEST-EXEC: cmp receiver/c.test.log sender/c.test.log +# @TEST-EXEC: cmp receiver/c.test.failure.log sender/c.test.failure.log +# @TEST-EXEC: cmp receiver/c.test.success.log sender/c.test.success.log # This is the common part loaded by both sender and receiver. module Test; diff --git a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test index 6e53bd3b54..d5d3f4c3fa 100644 --- a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test +++ b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test @@ -1,10 +1,10 @@ # This test checks that the default notice policy ordering does not # change from run to run. # @TEST-EXEC: bro -e '' -# @TEST-EXEC: mv notice_policy.log notice_policy.log.1 +# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.1 # @TEST-EXEC: bro -e '' -# @TEST-EXEC: mv notice_policy.log notice_policy.log.2 +# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.2 # @TEST-EXEC: bro -e '' -# @TEST-EXEC: mv notice_policy.log notice_policy.log.3 +# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.3 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.2 # @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.3 diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps index 063f1e4900..2b029789de 100755 --- a/testing/scripts/diff-remove-timestamps +++ b/testing/scripts/diff-remove-timestamps @@ -1,5 +1,8 @@ #! /usr/bin/env bash # -# Replace anything which looks like timestamps with XXXs. +# Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs). + +sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \ +sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' | \ +grep -v '#start' | grep -v '#end' -sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' From 1ca0d970fc8c3972511067cfbdf9314a6c35d0eb Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Jul 2012 13:39:19 -0700 Subject: [PATCH 077/120] Removing the thread kill functionality. Wasn't really used and has potential for trouble. --- src/main.cc | 6 ------ src/threading/Manager.cc | 8 -------- src/threading/Manager.h | 9 --------- 3 files changed, 23 deletions(-) diff --git a/src/main.cc b/src/main.cc index d94a32df63..d3937b3449 100644 --- a/src/main.cc +++ b/src/main.cc @@ -361,12 +361,6 @@ RETSIGTYPE sig_handler(int signo) set_processing_status("TERMINATING", "sig_handler"); signal_val = signo; - if ( thread_mgr->Terminating() && (signal_val == SIGTERM || signal_val == SIGINT) ) - // If the thread manager is already terminating (i.e., - // waiting for child threads to exit), another term signal - // will send the threads a kill. - thread_mgr->KillThreads(); - return RETSIGVAL; } diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc index d8f3936037..8e0610a056 100644 --- a/src/threading/Manager.cc +++ b/src/threading/Manager.cc @@ -48,14 +48,6 @@ void Manager::Terminate() terminating = false; } -void Manager::KillThreads() - { - DBG_LOG(DBG_THREADING, "Killing threads ..."); - - for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ ) - (*i)->Kill(); - } - void Manager::AddThread(BasicThread* thread) { DBG_LOG(DBG_THREADING, "Adding thread %s ...", thread->Name().c_str()); diff --git a/src/threading/Manager.h b/src/threading/Manager.h index 1afd115da0..1c7914fcde 100644 --- a/src/threading/Manager.h +++ b/src/threading/Manager.h @@ -49,15 +49,6 @@ public: */ bool Terminating() const { return terminating; } - /** - * Immediately kills all child threads. It does however not yet join - * them, one still needs to call Terminate() for that. - * - * This method is safe to call from a signal handler, and can in fact - * be called while Terminate() is already in progress. - */ - void KillThreads(); - typedef std::list > msg_stats_list; /** From c8789cff94c5200674ad08199a1f800882aabf72 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Jul 2012 13:40:19 -0700 Subject: [PATCH 078/120] If a thread doesn't terminate, we log that but not longer proceed (because it could hang later still). Also logging to stderr as well to make sure one sees it. Also adding code to the ASCII writer to catch termination inconsistencies. --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- cmake | 2 +- src/logging/writers/Ascii.cc | 14 ++++++++++++++ src/logging/writers/Ascii.h | 1 + src/threading/MsgThread.cc | 8 +++----- 8 files changed, 23 insertions(+), 10 deletions(-) diff --git a/aux/binpac b/aux/binpac index 4ad8d15b63..b4094cb75e 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 4ad8d15b6395925c9875c9d2912a6cc3b4918e0a +Subproject commit b4094cb75e0a7769123f7db1f5d73f3f9f1c3977 diff --git a/aux/bro-aux b/aux/bro-aux index c691c01e9c..2038e3de04 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit c691c01e9cefae5a79bcd4b0f84ca387c8c587a7 +Subproject commit 2038e3de042115c3caa706426e16c830c1fd1e9e diff --git a/aux/broccoli b/aux/broccoli index 8234b8903c..07866915a1 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 8234b8903cbc775f341bdb6a1c0159981d88d27b +Subproject commit 07866915a1450ddd25b888917f494b4824b0cc3f diff --git a/aux/broctl b/aux/broctl index d5ecd1a42c..892b60edb9 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit d5ecd1a42c04b0dca332edc31811e5a6d0f7f2fb +Subproject commit 892b60edb967bb456872638f22ba994e84530137 diff --git a/cmake b/cmake index 2a72c5e08e..96f3d92aca 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 2a72c5e08e018cf632033af3920432d5f684e130 +Subproject commit 96f3d92acadbe1ae64f410e974c5ff503903394b diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index ab68cd77d8..a0d4504d64 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -16,6 +16,7 @@ using threading::Field; Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) { file = 0; + ascii_done = false; output_to_stdout = BifConst::LogAscii::output_to_stdout; include_meta = BifConst::LogAscii::include_meta; @@ -51,6 +52,12 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) Ascii::~Ascii() { + if ( ! ascii_done ) + { + fprintf(stderr, "missing finish message\n"); + abort(); + } + // Normally, the file will be closed here already via the Finish() // message. But when we terminate abnormally, we may still have it // open. @@ -156,6 +163,13 @@ bool Ascii::DoFlush(double network_time) bool Ascii::DoFinish(double network_time) { + if ( ascii_done ) + { + fprintf(stderr, "duplicate finish message\n"); + abort(); + } + + ascii_done = true; CloseFile(network_time); return true; } diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h index 857954ce37..c2cd33f203 100644 --- a/src/logging/writers/Ascii.h +++ b/src/logging/writers/Ascii.h @@ -40,6 +40,7 @@ private: FILE* file; string fname; ODesc desc; + bool ascii_done; // Options set from the script-level. bool output_to_stdout; diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index 81ef123661..e4cda1e84d 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -166,17 +166,15 @@ void MsgThread::OnStop() int cnt = 0; while ( ! finished ) { - if ( ++cnt > 1000 ) // Insurance against broken threads ... + if ( ++cnt % 2000 == 0 ) // Insurance against broken threads ... { - reporter->Warning("thread %s didn't finish in time", Name().c_str()); - break; + reporter->Warning("thread %s has not yet terminated ...", Name().c_str()); + fprintf(stderr, "warning: thread %s has not yet terminated ...", Name().c_str()); } usleep(1000); } - Finished(); - // One more message to make sure the current queue read operation unblocks. SendIn(new UnblockMessage(this), true); } From f7a6407ab1213d95f074e47c39061f541f630944 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 12 Jul 2012 13:44:24 -0700 Subject: [PATCH 079/120] Reworking thread termination logic. Turns out the finish methods weren't called correctly, caused by a mess up with method names which all sounded too similar and the wrong one ended up being called. I've reworked this by changing the thread/writer/reader interfaces, which actually also simplifies them by getting rid of the requirement for writer backends to call their parent methods (i.e., less opportunity for errors). This commit also includes the following (because I noticed the problem above when working on some of these): - The ASCII log writer now includes "#start " and "#end lines in the each file. The latter supersedes Bernhard's "EOF" patch. This required a number of tests updates. The standard canonifier removes the timestamps, but some tests compare files directly, which doesn't work if they aren't printing out the same timestamps (like the comm tests). - The above required yet another change to the writer API to network_time to methods. - Renamed ASCII logger "header" options to "meta". - Fixes #763 "Escape # when first character in log file line". All btests pass for me on Linux FC15. Will try MacOS next. --- src/logging/writers/Ascii.cc | 7 +------ src/threading/MsgThread.cc | 2 ++ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index a0d4504d64..3bc4ef4b38 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -52,12 +52,6 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) Ascii::~Ascii() { - if ( ! ascii_done ) - { - fprintf(stderr, "missing finish message\n"); - abort(); - } - // Normally, the file will be closed here already via the Finish() // message. But when we terminate abnormally, we may still have it // open. @@ -170,6 +164,7 @@ bool Ascii::DoFinish(double network_time) } ascii_done = true; + CloseFile(network_time); return true; } diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index e4cda1e84d..45fbf6afa5 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -175,6 +175,8 @@ void MsgThread::OnStop() usleep(1000); } + Finished(); + // One more message to make sure the current queue read operation unblocks. SendIn(new UnblockMessage(this), true); } From f6b883bafc71840e146768b966d37a9229559c18 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Jul 2012 17:09:49 -0700 Subject: [PATCH 080/120] Further reworking the thread API. --- src/logging/WriterFrontend.cc | 3 --- src/logging/WriterFrontend.h | 2 +- src/threading/MsgThread.cc | 13 +++++-------- src/threading/MsgThread.h | 1 + src/util.cc | 22 ++++++++++++++++++++++ src/util.h | 6 ++++++ testing/scripts/diff-canonifier | 2 +- 7 files changed, 36 insertions(+), 13 deletions(-) diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 577003926b..b816327e9c 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -141,9 +141,6 @@ void WriterFrontend::Stop() { FlushWriteBuffer(); SetDisable(); - - if ( backend ) - backend->Stop(); } void WriterFrontend::Init(const WriterBackend::WriterInfo& arg_info, int arg_num_fields, const Field* const * arg_fields) diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h index 6581fb1c1b..e8f3d06d6c 100644 --- a/src/logging/WriterFrontend.h +++ b/src/logging/WriterFrontend.h @@ -50,7 +50,7 @@ public: /** * Stops all output to this writer. Calling this methods disables all - * message forwarding to the backend and stops the backend thread. + * message forwarding to the backend. * * This method must only be called from the main thread. */ diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index 45fbf6afa5..f101d0ca3c 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -152,12 +152,13 @@ MsgThread::MsgThread() : BasicThread() { cnt_sent_in = cnt_sent_out = 0; finished = false; + stopped = false; thread_mgr->AddMsgThread(this); } void MsgThread::OnStop() { - if ( finished ) + if ( stopped ) return; // Signal thread to terminate and wait until it has acknowledged. @@ -303,13 +304,8 @@ BasicInputMessage* MsgThread::RetrieveIn() void MsgThread::Run() { - while ( true ) + while ( ! finished ) { - // When requested to terminate, we only do so when - // all input has been processed. - if ( Terminating() && ! queue_in.Ready() ) - break; - BasicInputMessage* msg = RetrieveIn(); bool result = msg->Process(); @@ -318,12 +314,13 @@ void MsgThread::Run() { string s = msg->Name() + " failed, terminating thread (MsgThread)"; Error(s.c_str()); - Stop(); break; } delete msg; } + + Finished(); } void MsgThread::GetStats(Stats* stats) diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h index 67ab9517c5..d929c1f806 100644 --- a/src/threading/MsgThread.h +++ b/src/threading/MsgThread.h @@ -293,6 +293,7 @@ private: uint64_t cnt_sent_out; // Counts message sent by child. bool finished; // Set to true by Finished message. + bool stopped; // Set to true by OnStop(). }; /** diff --git a/src/util.cc b/src/util.cc index 3cfa5fca1c..b7a4683597 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1290,6 +1290,28 @@ uint64 calculate_unique_id(size_t pool) return HashKey::HashBytes(&(uid_pool[pool].key), sizeof(uid_pool[pool].key)); } +bool safe_write(int fd, const char* data, int len) + { + return true; + while ( len > 0 ) + { + int n = write(fd, data, len); + + if ( n < 0 ) + { + if ( errno == EINTR ) + continue; + + return false; + } + + data += n; + len -= n; + } + + return true; + } + void out_of_memory(const char* where) { reporter->FatalError("out of memory in %s.\n", where); diff --git a/src/util.h b/src/util.h index e4c995f45f..075c2af7c2 100644 --- a/src/util.h +++ b/src/util.h @@ -289,6 +289,11 @@ inline size_t pad_size(size_t size) #define padded_sizeof(x) (pad_size(sizeof(x))) +// Like write() but handles interrupted system calls by restarting. Returns +// true if the write was successful, otherwise sets errno. This function is +// thread-safe as long as no two threads write to the same descriptor. +extern bool safe_write(int fd, const char* data, int len); + extern void out_of_memory(const char* where); inline void* safe_realloc(void* ptr, size_t size) @@ -338,4 +343,5 @@ inline int safe_vsnprintf(char* str, size_t size, const char* format, va_list al // handed out by malloc. extern void get_memory_usage(unsigned int* total, unsigned int* malloced); + #endif diff --git a/testing/scripts/diff-canonifier b/testing/scripts/diff-canonifier index 3cb213a3f7..4d04b3372c 100755 --- a/testing/scripts/diff-canonifier +++ b/testing/scripts/diff-canonifier @@ -2,4 +2,4 @@ # # Default canonifier used with the tests in testing/btest/*. -`dirname $0`/diff-remove-timestamps +`dirname $0`/diff-remove-timestamps | grep -v XXX From e90918aa509c6c44078707d147144e62dc4bc4d4 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Jul 2012 19:02:36 -0700 Subject: [PATCH 081/120] Moving the ASCII writer over to use UNIX I/O rather than stdio. --- src/logging/writers/Ascii.cc | 40 +++++++++++++++++++----------------- src/logging/writers/Ascii.h | 2 +- src/threading/BasicThread.cc | 5 ++--- src/util.cc | 1 - 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 3bc4ef4b38..c1f307fb4e 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -15,7 +15,7 @@ using threading::Field; Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) { - file = 0; + fd = 0; ascii_done = false; output_to_stdout = BifConst::LogAscii::output_to_stdout; @@ -53,9 +53,8 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) Ascii::~Ascii() { // Normally, the file will be closed here already via the Finish() - // message. But when we terminate abnormally, we may still have it - // open. - if ( file ) + // message. But when we terminate abnormally, we may still have it open. + if ( fd ) CloseFile(0); delete [] separator; @@ -70,23 +69,25 @@ bool Ascii::WriteHeaderField(const string& key, const string& val) string str = string(meta_prefix, meta_prefix_len) + key + string(separator, separator_len) + val + "\n"; - return (fwrite(str.c_str(), str.length(), 1, file) == 1); + return safe_write(fd, str.c_str(), str.length()); } void Ascii::CloseFile(double t) { - if ( ! file ) + if ( ! fd) return; if ( include_meta ) WriteHeaderField("end", t ? Timestamp(t) : ""); - fclose(file); - file = 0; + close(fd); + fd = 0; } bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * fields) { + assert(! fd); + string path = info.path; if ( output_to_stdout ) @@ -94,11 +95,13 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * fname = IsSpecial(path) ? path : path + "." + LogExt(); - if ( ! (file = fopen(fname.c_str(), "w")) ) + fd = open(fname.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0777); + + if ( fd < 0 ) { Error(Fmt("cannot open %s: %s", fname.c_str(), Strerror(errno))); - + fd = 0; return false; } @@ -112,7 +115,7 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * + get_escaped_string(string(separator, separator_len), false) + "\n"; - if( fwrite(str.c_str(), str.length(), 1, file) != 1 ) + if ( ! safe_write(fd, str.c_str(), str.length()) ) goto write_error; if ( ! (WriteHeaderField("set_separator", get_escaped_string( @@ -151,7 +154,7 @@ write_error: bool Ascii::DoFlush(double network_time) { - fflush(file); + fsync(fd); return true; } @@ -318,7 +321,7 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field) bool Ascii::DoWrite(int num_fields, const Field* const * fields, Value** vals) { - if ( ! file ) + if ( ! fd ) DoInit(Info(), NumFields(), Fields()); desc.Clear(); @@ -337,24 +340,23 @@ bool Ascii::DoWrite(int num_fields, const Field* const * fields, const char* bytes = (const char*)desc.Bytes(); int len = desc.Len(); - // Make sure the line doesn't look like meta information. if ( strncmp(bytes, meta_prefix, meta_prefix_len) == 0 ) { // It would so escape the first character. char buf[16]; snprintf(buf, sizeof(buf), "\\x%02x", bytes[0]); - if ( fwrite(buf, strlen(buf), 1, file) != 1 ) + if ( ! safe_write(fd, buf, strlen(buf)) ) goto write_error; ++bytes; --len; } - if ( fwrite(bytes, len, 1, file) != 1 ) + if ( ! safe_write(fd, bytes, len) ) goto write_error; - if ( IsBuf() ) - fflush(file); + if ( IsBuf() ) + fsync(fd); return true; @@ -366,7 +368,7 @@ write_error: bool Ascii::DoRotate(string rotated_path, double open, double close, bool terminating) { // Don't rotate special files or if there's not one currently open. - if ( ! file || IsSpecial(Info().path) ) + if ( ! fd || IsSpecial(Info().path) ) return true; CloseFile(close); diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h index c2cd33f203..371ded4344 100644 --- a/src/logging/writers/Ascii.h +++ b/src/logging/writers/Ascii.h @@ -37,7 +37,7 @@ private: void CloseFile(double t); string Timestamp(double t); - FILE* file; + int fd; string fname; ODesc desc; bool ascii_done; diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index 88c4ac0965..075581e9db 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -87,18 +87,17 @@ const char* BasicThread::Strerror(int err) void BasicThread::Start() { - if ( started ) return; + started = true; + int err = pthread_create(&pthread, 0, BasicThread::launcher, this); if ( err != 0 ) reporter->FatalError("Cannot create thread %s:%s", name.c_str(), Strerror(err)); DBG_LOG(DBG_THREADING, "Started thread %s", name.c_str()); - started = true; - OnStart(); } diff --git a/src/util.cc b/src/util.cc index b7a4683597..553944c69c 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1292,7 +1292,6 @@ uint64 calculate_unique_id(size_t pool) bool safe_write(int fd, const char* data, int len) { - return true; while ( len > 0 ) { int n = write(fd, data, len); From 490859cfeff6b8747a09e31122ec0afc60e318d0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Jul 2012 19:36:30 -0700 Subject: [PATCH 082/120] Reworking forceful thread termination. Ctrl-C now kills a thread even if it hangs at termination. And readded a (rather long) timeout to kill threads automatically that don't shutdown. --- src/logging/WriterBackend.cc | 4 +--- src/logging/writers/Ascii.cc | 1 + src/threading/BasicThread.cc | 10 +++++----- src/threading/Manager.cc | 8 ++++++++ src/threading/Manager.h | 7 +++++++ src/threading/MsgThread.cc | 32 ++++++++++++++++++++++++++++---- 6 files changed, 50 insertions(+), 12 deletions(-) diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 68b0b506a1..a284c56201 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -162,9 +162,7 @@ bool WriterBackend::Init(const WriterInfo& arg_info, int arg_num_fields, const F num_fields = arg_num_fields; fields = arg_fields; - string name = Fmt("%s/%s", info.path.c_str(), frontend_name.c_str()); - - SetName(name); + SetName(frontend->Name()); if ( ! DoInit(arg_info, arg_num_fields, arg_fields) ) { diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index c1f307fb4e..20963d1535 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -169,6 +169,7 @@ bool Ascii::DoFinish(double network_time) ascii_done = true; CloseFile(network_time); + return true; } diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index 075581e9db..e7fb3f4c84 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -125,7 +125,7 @@ void BasicThread::Join() DBG_LOG(DBG_THREADING, "Joining thread %s ...", name.c_str()); - if ( pthread_join(pthread, 0) != 0 ) + if ( pthread && pthread_join(pthread, 0) != 0 ) reporter->FatalError("Failure joining thread %s", name.c_str()); DBG_LOG(DBG_THREADING, "Done with thread %s", name.c_str()); @@ -135,13 +135,13 @@ void BasicThread::Join() void BasicThread::Kill() { + terminating = true; + if ( ! (started && pthread) ) return; - // I believe this is safe to call from a signal handler ... Not error - // checking so that killing doesn't bail out if we have already - // terminated. - pthread_kill(pthread, SIGKILL); + pthread = 0; + pthread_kill(pthread, SIGTERM); } void* BasicThread::launcher(void *arg) diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc index 8e0610a056..f1f9307b03 100644 --- a/src/threading/Manager.cc +++ b/src/threading/Manager.cc @@ -83,6 +83,14 @@ double Manager::NextTimestamp(double* network_time) return -1.0; } +void Manager::KillThreads() + { + DBG_LOG(DBG_THREADING, "Killing threads ..."); + + for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ ) + (*i)->Kill(); + } + void Manager::Process() { bool do_beat = false; diff --git a/src/threading/Manager.h b/src/threading/Manager.h index 1c7914fcde..be81c69ba0 100644 --- a/src/threading/Manager.h +++ b/src/threading/Manager.h @@ -106,6 +106,13 @@ protected: */ virtual double NextTimestamp(double* network_time); + /** + * Kills all thread immediately. Note that this may cause race conditions + * if a child thread currently holds a lock that might block somebody + * else. + */ + virtual void KillThreads(); + /** * Part of the IOSource interface. */ diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index f101d0ca3c..3913624654 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -156,6 +156,9 @@ MsgThread::MsgThread() : BasicThread() thread_mgr->AddMsgThread(this); } +// Set by Bro's main signal handler. +extern int signal_val; + void MsgThread::OnStop() { if ( stopped ) @@ -164,13 +167,31 @@ void MsgThread::OnStop() // Signal thread to terminate and wait until it has acknowledged. SendIn(new FinishMessage(this, network_time), true); + int old_signal_val = signal_val; + signal_val = 0; + int cnt = 0; + bool aborted = 0; + while ( ! finished ) { - if ( ++cnt % 2000 == 0 ) // Insurance against broken threads ... + // Terminate if we get another kill signal. + if ( signal_val == SIGTERM || signal_val == SIGINT ) { - reporter->Warning("thread %s has not yet terminated ...", Name().c_str()); - fprintf(stderr, "warning: thread %s has not yet terminated ...", Name().c_str()); + // Abort all threads here so that we won't hang next + // on another one. + fprintf(stderr, "received signal while waiting for thread %s, aborting all ...\n", Name().c_str()); + thread_mgr->KillThreads(); + aborted = true; + break; + } + + if ( ++cnt % 10000 == 0 ) // Insurance against broken threads ... + { + fprintf(stderr, "killing thread %s ...\n", Name().c_str()); + Kill(); + aborted = true; + break; } usleep(1000); @@ -178,8 +199,11 @@ void MsgThread::OnStop() Finished(); + signal_val = old_signal_val; + // One more message to make sure the current queue read operation unblocks. - SendIn(new UnblockMessage(this), true); + if ( ! aborted ) + SendIn(new UnblockMessage(this), true); } void MsgThread::Heartbeat() From 87e10b5f97a897f8c5fac2f983379a8c8966dcae Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 18 Jul 2012 12:47:13 -0700 Subject: [PATCH 083/120] Further threading and API restructuring for logging and input frameworks. There were a number of cases that weren't thread-safe. In particular, we don't use std::string anymore for anything that's passed between threads (but instead plain old const char*, with manual memmory managmenet). This is still a check-point commit, I'll do more testing. --- src/RemoteSerializer.cc | 4 +- src/input/Manager.cc | 68 ++++++------ src/input/ReaderBackend.cc | 21 ++-- src/input/ReaderBackend.h | 49 +++++++-- src/input/ReaderFrontend.cc | 30 +++--- src/input/ReaderFrontend.h | 27 ++--- src/input/readers/Ascii.cc | 23 +++-- src/input/readers/Benchmark.cc | 8 +- src/input/readers/Raw.cc | 10 +- src/logging/Manager.cc | 89 +++++++++------- src/logging/Manager.h | 6 +- src/logging/WriterBackend.cc | 40 +++++--- src/logging/WriterBackend.h | 51 +++++++-- src/logging/WriterFrontend.cc | 46 ++++----- src/logging/WriterFrontend.h | 18 ++-- src/logging/writers/Ascii.cc | 45 ++++---- src/logging/writers/Ascii.h | 2 +- src/logging/writers/DataSeries.cc | 15 +-- src/logging/writers/DataSeries.h | 2 +- src/logging/writers/None.cc | 21 +++- src/logging/writers/None.h | 2 +- src/threading/BasicThread.cc | 95 ++++++++++++----- src/threading/BasicThread.h | 55 ++++++++-- src/threading/Manager.cc | 19 +++- src/threading/MsgThread.cc | 137 +++++++++++++------------ src/threading/MsgThread.h | 18 ++-- src/threading/Queue.h | 82 ++++++++++++--- src/threading/SerialTypes.cc | 48 +++++++-- src/threading/SerialTypes.h | 34 ++++-- testing/btest/istate/events.bro | 4 +- testing/scripts/diff-remove-timestamps | 4 +- 31 files changed, 692 insertions(+), 381 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 9409a34634..7ed8b9318e 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -2692,12 +2692,12 @@ bool RemoteSerializer::ProcessLogCreateWriter() int id, writer; int num_fields; - logging::WriterBackend::WriterInfo info; + logging::WriterBackend::WriterInfo* info = new logging::WriterBackend::WriterInfo(); bool success = fmt.Read(&id, "id") && fmt.Read(&writer, "writer") && fmt.Read(&num_fields, "num_fields") && - info.Read(&fmt); + info->Read(&fmt); if ( ! success ) goto error; diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 1c6b69e8ec..f38613a6f8 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -71,7 +71,7 @@ declare(PDict, InputHash); class Manager::Stream { public: string name; - ReaderBackend::ReaderInfo info; + ReaderBackend::ReaderInfo* info; bool removed; StreamType stream_type; // to distinguish between event and table streams @@ -257,7 +257,6 @@ ReaderBackend* Manager::CreateBackend(ReaderFrontend* frontend, bro_int_t type) assert(ir->factory); - frontend->SetTypeName(ir->name); ReaderBackend* backend = (*ir->factory)(frontend); assert(backend); @@ -291,9 +290,6 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) EnumVal* reader = description->LookupWithDefault(rtype->FieldOffset("reader"))->AsEnumVal(); - ReaderFrontend* reader_obj = new ReaderFrontend(reader->InternalInt()); - assert(reader_obj); - // get the source ... Val* sourceval = description->LookupWithDefault(rtype->FieldOffset("source")); assert ( sourceval != 0 ); @@ -301,21 +297,22 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) string source((const char*) bsource->Bytes(), bsource->Len()); Unref(sourceval); - EnumVal* mode = description->LookupWithDefault(rtype->FieldOffset("mode"))->AsEnumVal(); - Val* config = description->LookupWithDefault(rtype->FieldOffset("config")); + ReaderBackend::ReaderInfo* rinfo = new ReaderBackend::ReaderInfo(); + rinfo->source = copy_string(source.c_str()); + EnumVal* mode = description->LookupWithDefault(rtype->FieldOffset("mode"))->AsEnumVal(); switch ( mode->InternalInt() ) { case 0: - info->info.mode = MODE_MANUAL; + rinfo->mode = MODE_MANUAL; break; case 1: - info->info.mode = MODE_REREAD; + rinfo->mode = MODE_REREAD; break; case 2: - info->info.mode = MODE_STREAM; + rinfo->mode = MODE_STREAM; break; default: @@ -324,12 +321,16 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) Unref(mode); + Val* config = description->LookupWithDefault(rtype->FieldOffset("config")); + + ReaderFrontend* reader_obj = new ReaderFrontend(*rinfo, reader); + assert(reader_obj); + info->reader = reader_obj; info->type = reader->AsEnumVal(); // ref'd by lookupwithdefault info->name = name; info->config = config->AsTableVal(); // ref'd by LookupWithDefault - - info->info.source = source; + info->info = rinfo; Ref(description); info->description = description; @@ -344,7 +345,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) ListVal* index = info->config->RecoverIndex(k); string key = index->Index(0)->AsString()->CheckString(); string value = v->Value()->AsString()->CheckString(); - info->info.config.insert(std::make_pair(key, value)); + info->info->config.insert(std::make_pair(copy_string(key.c_str()), copy_string(value.c_str()))); Unref(index); delete k; } @@ -475,7 +476,7 @@ bool Manager::CreateEventStream(RecordVal* fval) assert(stream->reader); - stream->reader->Init(stream->info, stream->num_fields, logf ); + stream->reader->Init(stream->num_fields, logf ); readers[stream->reader] = stream; @@ -652,7 +653,7 @@ bool Manager::CreateTableStream(RecordVal* fval) assert(stream->reader); - stream->reader->Init(stream->info, fieldsV.size(), fields ); + stream->reader->Init(fieldsV.size(), fields ); readers[stream->reader] = stream; @@ -791,17 +792,19 @@ bool Manager::UnrollRecordType(vector *fields, else { - Field* field = new Field(); - field->name = nameprepend + rec->FieldName(i); - field->type = rec->FieldType(i)->Tag(); + string name = nameprepend + rec->FieldName(i); + const char* secondary = 0; + TypeTag ty = rec->FieldType(i)->Tag(); + TypeTag st = TYPE_VOID; + bool optional = false; - if ( field->type == TYPE_TABLE ) - field->subtype = rec->FieldType(i)->AsSetType()->Indices()->PureType()->Tag(); + if ( ty == TYPE_TABLE ) + st = rec->FieldType(i)->AsSetType()->Indices()->PureType()->Tag(); - else if ( field->type == TYPE_VECTOR ) - field->subtype = rec->FieldType(i)->AsVectorType()->YieldType()->Tag(); + else if ( ty == TYPE_VECTOR ) + st = rec->FieldType(i)->AsVectorType()->YieldType()->Tag(); - else if ( field->type == TYPE_PORT && + else if ( ty == TYPE_PORT && rec->FieldDecl(i)->FindAttr(ATTR_TYPE_COLUMN) ) { // we have an annotation for the second column @@ -811,12 +814,13 @@ bool Manager::UnrollRecordType(vector *fields, assert(c); assert(c->Type()->Tag() == TYPE_STRING); - field->secondary_name = c->AsStringVal()->AsString()->CheckString(); + secondary = c->AsStringVal()->AsString()->CheckString(); } if ( rec->FieldDecl(i)->FindAttr(ATTR_OPTIONAL ) ) - field->optional = true; + optional = true; + Field* field = new Field(name.c_str(), secondary, ty, st, optional); fields->push_back(field); } } @@ -1230,7 +1234,7 @@ void Manager::EndCurrentSend(ReaderFrontend* reader) #endif // Send event that the current update is indeed finished. - SendEvent(update_finished, 2, new StringVal(i->name.c_str()), new StringVal(i->info.source.c_str())); + SendEvent(update_finished, 2, new StringVal(i->name.c_str()), new StringVal(i->info->source)); } void Manager::Put(ReaderFrontend* reader, Value* *vals) @@ -1707,7 +1711,7 @@ int Manager::GetValueLength(const Value* val) { case TYPE_STRING: case TYPE_ENUM: { - length += val->val.string_val->size(); + length += val->val.string_val.length; break; } @@ -1806,8 +1810,8 @@ int Manager::CopyValue(char *data, const int startpos, const Value* val) case TYPE_STRING: case TYPE_ENUM: { - memcpy(data+startpos, val->val.string_val->c_str(), val->val.string_val->length()); - return val->val.string_val->size(); + memcpy(data+startpos, val->val.string_val.data, val->val.string_val.length); + return val->val.string_val.length; } case TYPE_ADDR: @@ -1955,7 +1959,7 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) case TYPE_STRING: { - BroString *s = new BroString(*(val->val.string_val)); + BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 0); return new StringVal(s); } @@ -2039,8 +2043,8 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) case TYPE_ENUM: { // well, this is kind of stupid, because EnumType just mangles the module name and the var name together again... // but well - string module = extract_module_name(val->val.string_val->c_str()); - string var = extract_var_name(val->val.string_val->c_str()); + string module = extract_module_name(val->val.string_val.data); + string var = extract_var_name(val->val.string_val.data); bro_int_t index = request_type->AsEnumType()->Lookup(module, var.c_str()); if ( index == -1 ) reporter->InternalError("Value not found in enum mappimg. Module: %s, var: %s", diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc index 84106a3c94..88a78c3cd7 100644 --- a/src/input/ReaderBackend.cc +++ b/src/input/ReaderBackend.cc @@ -56,22 +56,24 @@ private: class SendEventMessage : public threading::OutputMessage { public: - SendEventMessage(ReaderFrontend* reader, const string& name, const int num_vals, Value* *val) + SendEventMessage(ReaderFrontend* reader, const char* name, const int num_vals, Value* *val) : threading::OutputMessage("SendEvent", reader), - name(name), num_vals(num_vals), val(val) {} + name(copy_string(name)), num_vals(num_vals), val(val) {} + + virtual ~SendEventMessage() { delete [] name; } virtual bool Process() { bool success = input_mgr->SendEvent(name, num_vals, val); if ( ! success ) - reporter->Error("SendEvent for event %s failed", name.c_str()); + reporter->Error("SendEvent for event %s failed", name); return true; // We do not want to die if sendEvent fails because the event did not return. } private: - const string name; + const char* name; const int num_vals; Value* *val; }; @@ -146,12 +148,14 @@ ReaderBackend::ReaderBackend(ReaderFrontend* arg_frontend) : MsgThread() { disabled = true; // disabled will be set correcty in init. frontend = arg_frontend; + info = new ReaderInfo(frontend->Info()); SetName(frontend->Name()); } ReaderBackend::~ReaderBackend() { + delete info; } void ReaderBackend::Put(Value* *val) @@ -169,7 +173,7 @@ void ReaderBackend::Clear() SendOut(new ClearMessage(frontend)); } -void ReaderBackend::SendEvent(const string& name, const int num_vals, Value* *vals) +void ReaderBackend::SendEvent(const char* name, const int num_vals, Value* *vals) { SendOut(new SendEventMessage(frontend, name, num_vals, vals)); } @@ -184,17 +188,14 @@ void ReaderBackend::SendEntry(Value* *vals) SendOut(new SendEntryMessage(frontend, vals)); } -bool ReaderBackend::Init(const ReaderInfo& arg_info, const int arg_num_fields, +bool ReaderBackend::Init(const int arg_num_fields, const threading::Field* const* arg_fields) { - info = arg_info; num_fields = arg_num_fields; fields = arg_fields; - SetName("InputReader/"+info.source); - // disable if DoInit returns error. - int success = DoInit(arg_info, arg_num_fields, arg_fields); + int success = DoInit(*info, arg_num_fields, arg_fields); if ( ! success ) { diff --git a/src/input/ReaderBackend.h b/src/input/ReaderBackend.h index 1e77a61f37..7626cc25ed 100644 --- a/src/input/ReaderBackend.h +++ b/src/input/ReaderBackend.h @@ -34,7 +34,10 @@ enum ReaderMode { * for new appended data. When new data is appended is has to be sent * using the Put api functions. */ - MODE_STREAM + MODE_STREAM, + + /** Internal dummy mode for initialization. */ + MODE_NONE }; class ReaderFrontend; @@ -70,14 +73,17 @@ public: */ struct ReaderInfo { - typedef std::map config_map; + // Structure takes ownership of the strings. + typedef std::map config_map; /** * A string left to the interpretation of the reader * implementation; it corresponds to the value configured on * the script-level for the logging filter. + * + * Structure takes ownership of the string. */ - string source; + const char* source; /** * A map of key/value pairs corresponding to the relevant @@ -89,6 +95,35 @@ public: * The opening mode for the input source. */ ReaderMode mode; + + ReaderInfo() + { + source = 0; + mode = MODE_NONE; + } + + ReaderInfo(const ReaderInfo& other) + { + source = other.source ? copy_string(other.source) : 0; + mode = other.mode; + + for ( config_map::const_iterator i = other.config.begin(); i != other.config.end(); i++ ) + config.insert(std::make_pair(copy_string(i->first), copy_string(i->second))); + } + + ~ReaderInfo() + { + delete [] source; + + for ( config_map::iterator i = config.begin(); i != config.end(); i++ ) + { + delete [] i->first; + delete [] i->second; + } + } + + private: + const ReaderInfo& operator=(const ReaderInfo& other); // Disable. }; /** @@ -106,7 +141,7 @@ public: * * @return False if an error occured. */ - bool Init(const ReaderInfo& info, int num_fields, const threading::Field* const* fields); + bool Init(int num_fields, const threading::Field* const* fields); /** * Force trigger an update of the input stream. The action that will @@ -133,7 +168,7 @@ public: /** * Returns the additional reader information into the constructor. */ - const ReaderInfo& Info() const { return info; } + const ReaderInfo& Info() const { return *info; } /** * Returns the number of log fields as passed into the constructor. @@ -209,7 +244,7 @@ protected: * * @param vals the values to be given to the event */ - void SendEvent(const string& name, const int num_vals, threading::Value* *vals); + void SendEvent(const char* name, const int num_vals, threading::Value* *vals); // Content-sending-functions (simple mode). Include table-specific // functionality that simply is not used if we have no table. @@ -291,7 +326,7 @@ private: // from this class, it's running in a different thread! ReaderFrontend* frontend; - ReaderInfo info; + ReaderInfo* info; unsigned int num_fields; const threading::Field* const * fields; // raw mapping diff --git a/src/input/ReaderFrontend.cc b/src/input/ReaderFrontend.cc index 7e4ef201b1..a8528c002d 100644 --- a/src/input/ReaderFrontend.cc +++ b/src/input/ReaderFrontend.cc @@ -11,18 +11,17 @@ namespace input { class InitMessage : public threading::InputMessage { public: - InitMessage(ReaderBackend* backend, const ReaderBackend::ReaderInfo& info, + InitMessage(ReaderBackend* backend, const int num_fields, const threading::Field* const* fields) : threading::InputMessage("Init", backend), - info(info), num_fields(num_fields), fields(fields) { } + num_fields(num_fields), fields(fields) { } virtual bool Process() { - return Object()->Init(info, num_fields, fields); + return Object()->Init(num_fields, fields); } private: - const ReaderBackend::ReaderInfo info; const int num_fields; const threading::Field* const* fields; }; @@ -37,21 +36,26 @@ public: virtual bool Process() { return Object()->Update(); } }; -ReaderFrontend::ReaderFrontend(bro_int_t type) +ReaderFrontend::ReaderFrontend(const ReaderBackend::ReaderInfo& arg_info, EnumVal* type) { disabled = initialized = false; - ty_name = ""; - backend = input_mgr->CreateBackend(this, type); + info = new ReaderBackend::ReaderInfo(arg_info); + const char* t = type->Type()->AsEnumType()->Lookup(type->InternalInt()); + name = copy_string(fmt("%s/%s", arg_info.source, t)); + + backend = input_mgr->CreateBackend(this, type->InternalInt()); assert(backend); backend->Start(); } ReaderFrontend::~ReaderFrontend() { + delete [] name; + delete info; } -void ReaderFrontend::Init(const ReaderBackend::ReaderInfo& arg_info, const int arg_num_fields, +void ReaderFrontend::Init(const int arg_num_fields, const threading::Field* const* arg_fields) { if ( disabled ) @@ -60,12 +64,11 @@ void ReaderFrontend::Init(const ReaderBackend::ReaderInfo& arg_info, const int a if ( initialized ) reporter->InternalError("reader initialize twice"); - info = arg_info; num_fields = arg_num_fields; fields = arg_fields; initialized = true; - backend->SendIn(new InitMessage(backend, info, num_fields, fields)); + backend->SendIn(new InitMessage(backend, num_fields, fields)); } void ReaderFrontend::Update() @@ -82,12 +85,9 @@ void ReaderFrontend::Update() backend->SendIn(new UpdateMessage(backend)); } -string ReaderFrontend::Name() const +const char* ReaderFrontend::Name() const { - if ( ! info.source.size() ) - return ty_name; - - return ty_name + "/" + info.source; + return name; } } diff --git a/src/input/ReaderFrontend.h b/src/input/ReaderFrontend.h index 93e416e65b..a93f7703ac 100644 --- a/src/input/ReaderFrontend.h +++ b/src/input/ReaderFrontend.h @@ -4,10 +4,11 @@ #define INPUT_READERFRONTEND_H #include "ReaderBackend.h" - #include "threading/MsgThread.h" #include "threading/SerialTypes.h" +#include "Val.h" + namespace input { class Manager; @@ -25,6 +26,8 @@ public: /** * Constructor. * + * info: The meta information struct for the writer. + * * type: The backend writer type, with the value corresponding to the * script-level \c Input::Reader enum (e.g., \a READER_ASCII). The * frontend will internally instantiate a ReaderBackend of the @@ -32,7 +35,7 @@ public: * * Frontends must only be instantiated by the main thread. */ - ReaderFrontend(bro_int_t type); + ReaderFrontend(const ReaderBackend::ReaderInfo& info, EnumVal* type); /** * Destructor. @@ -52,7 +55,7 @@ public: * * This method must only be called from the main thread. */ - void Init(const ReaderBackend::ReaderInfo& info, const int arg_num_fields, const threading::Field* const* fields); + void Init(const int arg_num_fields, const threading::Field* const* fields); /** * Force an update of the current input source. Actual action depends @@ -100,12 +103,12 @@ public: * * This method is safe to call from any thread. */ - string Name() const; + const char* Name() const; /** * Returns the additional reader information passed into the constructor. */ - const ReaderBackend::ReaderInfo& Info() const { return info; } + const ReaderBackend::ReaderInfo& Info() const { assert(info); return *info; } /** * Returns the number of log fields as passed into the constructor. @@ -120,24 +123,14 @@ public: protected: friend class Manager; - /** - * Returns the name of the backend's type. - */ - const string& TypeName() const { return ty_name; } - - /** - * Sets the name of the backend's type. - */ - void SetTypeName(const string& name) { ty_name = name; } - private: ReaderBackend* backend; // The backend we have instanatiated. - ReaderBackend::ReaderInfo info; // Meta information as passed to Init(). + ReaderBackend::ReaderInfo* info; // Meta information. const threading::Field* const* fields; // The input fields. int num_fields; // Information as passed to Init(). - string ty_name; // Backend type, set by manager. bool disabled; // True if disabled. bool initialized; // True if initialized. + const char* name; // Descriptive name. }; } diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index 7f93a3138c..73821d7cb6 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -87,10 +87,10 @@ bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* f { mtime = 0; - file = new ifstream(info.source.c_str()); + file = new ifstream(info.source); if ( ! file->is_open() ) { - Error(Fmt("Init: cannot open %s", info.source.c_str())); + Error(Fmt("Init: cannot open %s", info.source)); delete(file); file = 0; return false; @@ -98,7 +98,7 @@ bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* f if ( ReadHeader(false) == false ) { - Error(Fmt("Init: cannot open %s; headers are incorrect", info.source.c_str())); + Error(Fmt("Init: cannot open %s; headers are incorrect", info.source)); file->close(); delete(file); file = 0; @@ -164,20 +164,20 @@ bool Ascii::ReadHeader(bool useCached) } Error(Fmt("Did not find requested field %s in input data file %s.", - field->name.c_str(), Info().source.c_str())); + field->name, Info().source)); return false; } FieldMapping f(field->name, field->type, field->subtype, ifields[field->name]); - if ( field->secondary_name != "" ) + if ( field->secondary_name && strlen(field->secondary_name) != 0 ) { map::iterator fit2 = ifields.find(field->secondary_name); if ( fit2 == ifields.end() ) { Error(Fmt("Could not find requested port type field %s in input data file.", - field->secondary_name.c_str())); + field->secondary_name)); return false; } @@ -220,7 +220,8 @@ Value* Ascii::EntryToVal(string s, FieldMapping field) switch ( field.type ) { case TYPE_ENUM: case TYPE_STRING: - val->val.string_val = new string(s); + val->val.string_val.length = s.size(); + val->val.string_val.data = copy_string(s.c_str()); break; case TYPE_BOOL: @@ -367,9 +368,9 @@ bool Ascii::DoUpdate() { // check if the file has changed struct stat sb; - if ( stat(Info().source.c_str(), &sb) == -1 ) + if ( stat(Info().source, &sb) == -1 ) { - Error(Fmt("Could not get stat for %s", Info().source.c_str())); + Error(Fmt("Could not get stat for %s", Info().source)); return false; } @@ -403,10 +404,10 @@ bool Ascii::DoUpdate() file = 0; } - file = new ifstream(Info().source.c_str()); + file = new ifstream(Info().source); if ( ! file->is_open() ) { - Error(Fmt("cannot open %s", Info().source.c_str())); + Error(Fmt("cannot open %s", Info().source)); return false; } diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc index 28afdc1c89..b8cec0f14d 100644 --- a/src/input/readers/Benchmark.cc +++ b/src/input/readers/Benchmark.cc @@ -38,7 +38,7 @@ void Benchmark::DoClose() bool Benchmark::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields) { - num_lines = atoi(info.source.c_str()); + num_lines = atoi(info.source); if ( autospread != 0.0 ) autospread_time = (int) ( (double) 1000000 / (autospread * (double) num_lines) ); @@ -126,8 +126,12 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) assert(false); // no enums, please. case TYPE_STRING: - val->val.string_val = new string(RandomString(10)); + { + string rnd = RandomString(10); + val->val.string_val.data = copy_string(rnd.c_str()); + val->val.string_val.length = rnd.size(); break; + } case TYPE_BOOL: val->val.int_val = 1; // we never lie. diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index f62e966883..ac96e5c0f5 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -108,7 +108,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie firstrun = true; bool result; - if ( info.source.length() == 0 ) + if ( ! info.source || strlen(info.source) == 0 ) { Error("No source path provided"); return false; @@ -129,11 +129,12 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie } // do Initialization - char last = info.source[info.source.length()-1]; + string source = string(info.source); + char last = info.source[source.length() - 1]; if ( last == '|' ) { execute = true; - fname = info.source.substr(0, fname.length() - 1); + fname = source.substr(0, fname.length() - 1); if ( (info.mode != MODE_MANUAL) ) { @@ -237,7 +238,8 @@ bool Raw::DoUpdate() // filter has exactly one text field. convert to it. Value* val = new Value(TYPE_STRING, true); - val->val.string_val = new string(line); + val->val.string_val.data = copy_string(line.c_str()); + val->val.string_val.length = line.size(); fields[0] = val; Put(fields); diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 1808b83738..fd970c48b2 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -6,6 +6,7 @@ #include "../EventHandler.h" #include "../NetVar.h" #include "../Net.h" +#include "../Type.h" #include "threading/Manager.h" #include "threading/SerialTypes.h" @@ -75,7 +76,7 @@ struct Manager::WriterInfo { double interval; Func* postprocessor; WriterFrontend* writer; - WriterBackend::WriterInfo info; + WriterBackend::WriterInfo* info; }; struct Manager::Stream { @@ -118,6 +119,7 @@ Manager::Stream::~Stream() Unref(winfo->type); delete winfo->writer; + delete winfo->info; delete winfo; } @@ -193,7 +195,6 @@ WriterBackend* Manager::CreateBackend(WriterFrontend* frontend, bro_int_t type) assert(ld->factory); - frontend->ty_name = ld->name; WriterBackend* backend = (*ld->factory)(frontend); assert(backend); @@ -476,18 +477,17 @@ bool Manager::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, return false; } - threading::Field* field = new threading::Field(); - field->name = new_path; - field->type = t->Tag(); - field->optional = rt->FieldDecl(i)->FindAttr(ATTR_OPTIONAL); + TypeTag st = TYPE_VOID; - if ( field->type == TYPE_TABLE ) - field->subtype = t->AsSetType()->Indices()->PureType()->Tag(); + if ( t->Tag() == TYPE_TABLE ) + st = t->AsSetType()->Indices()->PureType()->Tag(); - else if ( field->type == TYPE_VECTOR ) - field->subtype = t->AsVectorType()->YieldType()->Tag(); + else if ( t->Tag() == TYPE_VECTOR ) + st = t->AsVectorType()->YieldType()->Tag(); - filter->fields[filter->num_fields - 1] = field; + bool optional = rt->FieldDecl(i)->FindAttr(ATTR_OPTIONAL); + + filter->fields[filter->num_fields - 1] = new threading::Field(new_path.c_str(), 0, t->Tag(), st, optional); } return true; @@ -594,7 +594,7 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval) { threading::Field* field = filter->fields[i]; DBG_LOG(DBG_LOGGING, " field %10s: %s", - field->name.c_str(), type_name(field->type)); + field->name, type_name(field->type)); } #endif @@ -769,9 +769,9 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) for ( int j = 0; j < filter->num_fields; ++j ) arg_fields[j] = new threading::Field(*filter->fields[j]); - WriterBackend::WriterInfo info; - info.path = path; - info.network_time = network_time; + WriterBackend::WriterInfo* info = new WriterBackend::WriterInfo; + info->path = copy_string(path.c_str()); + info->network_time = network_time; HashKey* k; IterCookie* c = filter->config->AsTable()->InitForIteration(); @@ -782,7 +782,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) ListVal* index = filter->config->RecoverIndex(k); string key = index->Index(0)->AsString()->CheckString(); string value = v->Value()->AsString()->CheckString(); - info.config.insert(std::make_pair(key, value)); + info->config.insert(std::make_pair(copy_string(key.c_str()), copy_string(value.c_str()))); Unref(index); delete k; } @@ -844,11 +844,16 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty) val->Type()->AsEnumType()->Lookup(val->InternalInt()); if ( s ) - lval->val.string_val = new string(s); + { + lval->val.string_val.data = copy_string(s); + lval->val.string_val.length = strlen(s); + } + else { val->Type()->Error("enum type does not contain value", val); - lval->val.string_val = new string(); + lval->val.string_val.data = copy_string(""); + lval->val.string_val.length = 0; } break; } @@ -880,15 +885,20 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty) case TYPE_STRING: { const BroString* s = val->AsString(); - lval->val.string_val = - new string((const char*) s->Bytes(), s->Len()); + char* buf = new char[s->Len()]; + memcpy(buf, s->Bytes(), s->Len()); + + lval->val.string_val.data = buf; + lval->val.string_val.length = s->Len(); break; } case TYPE_FILE: { const BroFile* f = val->AsFile(); - lval->val.string_val = new string(f->Name()); + string s = f->Name(); + lval->val.string_val.data = copy_string(s.c_str()); + lval->val.string_val.length = s.size(); break; } @@ -897,7 +907,9 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty) ODesc d; const Func* f = val->AsFunc(); f->Describe(&d); - lval->val.string_val = new string(d.Description()); + const char* s = d.Description(); + lval->val.string_val.data = copy_string(s); + lval->val.string_val.length = strlen(s); break; } @@ -977,7 +989,7 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, return vals; } -WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const WriterBackend::WriterInfo& info, +WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, WriterBackend::WriterInfo* info, int num_fields, const threading::Field* const* fields, bool local, bool remote) { Stream* stream = FindStream(id); @@ -987,7 +999,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer return 0; Stream::WriterMap::iterator w = - stream->writers.find(Stream::WriterPathPair(writer->AsEnum(), info.path)); + stream->writers.find(Stream::WriterPathPair(writer->AsEnum(), info->path)); if ( w != stream->writers.end() ) // If we already have a writer for this. That's fine, we just @@ -1013,7 +1025,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer { Filter* f = *it; if ( f->writer->AsEnum() == writer->AsEnum() && - f->path == info.path ) + f->path == info->path ) { found_filter_match = true; winfo->interval = f->interval; @@ -1030,7 +1042,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer } stream->writers.insert( - Stream::WriterMap::value_type(Stream::WriterPathPair(writer->AsEnum(), info.path), + Stream::WriterMap::value_type(Stream::WriterPathPair(writer->AsEnum(), info->path), winfo)); // Still need to set the WriterInfo's rotation parameters, which we @@ -1038,11 +1050,11 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, const Writer const char* base_time = log_rotate_base_time ? log_rotate_base_time->AsString()->CheckString() : 0; - winfo->info.rotation_interval = winfo->interval; - winfo->info.rotation_base = parse_rotate_base_time(base_time); + winfo->info->rotation_interval = winfo->interval; + winfo->info->rotation_base = parse_rotate_base_time(base_time); - winfo->writer = new WriterFrontend(id, writer, local, remote); - winfo->writer->Init(winfo->info, num_fields, fields); + winfo->writer = new WriterFrontend(*winfo->info, id, writer, local, remote); + winfo->writer->Init(num_fields, fields); InstallRotationTimer(winfo); @@ -1124,7 +1136,7 @@ void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer) EnumVal writer_val(i->first.first, BifType::Enum::Log::Writer); remote_serializer->SendLogCreateWriter(peer, (*s)->id, &writer_val, - i->second->info, + *i->second->info, writer->NumFields(), writer->Fields()); } @@ -1260,14 +1272,14 @@ void Manager::InstallRotationTimer(WriterInfo* winfo) timer_mgr->Add(winfo->rotation_timer); DBG_LOG(DBG_LOGGING, "Scheduled rotation timer for %s to %.6f", - winfo->writer->Name().c_str(), winfo->rotation_timer->Time()); + winfo->writer->Name(), winfo->rotation_timer->Time()); } } void Manager::Rotate(WriterInfo* winfo) { DBG_LOG(DBG_LOGGING, "Rotating %s at %.6f", - winfo->writer->Name().c_str(), network_time); + winfo->writer->Name(), network_time); // Build a temporary path for the writer to move the file to. struct tm tm; @@ -1278,15 +1290,14 @@ void Manager::Rotate(WriterInfo* winfo) localtime_r(&teatime, &tm); strftime(buf, sizeof(buf), date_fmt, &tm); - string tmp = string(fmt("%s-%s", winfo->writer->Info().path.c_str(), buf)); - // Trigger the rotation. + const char* tmp = fmt("%s-%s", winfo->writer->Info().path, buf); winfo->writer->Rotate(tmp, winfo->open_time, network_time, terminating); ++rotations_pending; } -bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string old_name, +bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name, double open, double close, bool terminating) { --rotations_pending; @@ -1296,7 +1307,7 @@ bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string o return true; DBG_LOG(DBG_LOGGING, "Finished rotating %s at %.6f, new name %s", - writer->Name().c_str(), network_time, new_name.c_str()); + writer->Name(), network_time, new_name); WriterInfo* winfo = FindWriter(writer); if ( ! winfo ) @@ -1305,8 +1316,8 @@ bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string o // Create the RotationInfo record. RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo); info->Assign(0, winfo->type->Ref()); - info->Assign(1, new StringVal(new_name.c_str())); - info->Assign(2, new StringVal(winfo->writer->Info().path.c_str())); + info->Assign(1, new StringVal(new_name)); + info->Assign(2, new StringVal(winfo->writer->Info().path)); info->Assign(3, new Val(open, TYPE_TIME)); info->Assign(4, new Val(close, TYPE_TIME)); info->Assign(5, new Val(terminating, TYPE_BOOL)); diff --git a/src/logging/Manager.h b/src/logging/Manager.h index 38dd9258b3..ae7a1796ba 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -162,8 +162,8 @@ protected: //// Function also used by the RemoteSerializer. - // Takes ownership of fields. - WriterFrontend* CreateWriter(EnumVal* id, EnumVal* writer, const WriterBackend::WriterInfo& info, + // Takes ownership of fields and info. + WriterFrontend* CreateWriter(EnumVal* id, EnumVal* writer, WriterBackend::WriterInfo* info, int num_fields, const threading::Field* const* fields, bool local, bool remote); @@ -175,7 +175,7 @@ protected: void SendAllWritersTo(RemoteSerializer::PeerID peer); // Signals that a file has been rotated. - bool FinishedRotation(WriterFrontend* writer, string new_name, string old_name, + bool FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name, double open, double close, bool terminating); // Deletes the values as passed into Write(). diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index a284c56201..8f119d6f8f 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -18,20 +18,26 @@ namespace logging { class RotationFinishedMessage : public threading::OutputMessage { public: - RotationFinishedMessage(WriterFrontend* writer, string new_name, string old_name, + RotationFinishedMessage(WriterFrontend* writer, const char* new_name, const char* old_name, double open, double close, bool terminating) : threading::OutputMessage("RotationFinished", writer), - new_name(new_name), old_name(old_name), open(open), + new_name(copy_string(new_name)), old_name(copy_string(old_name)), open(open), close(close), terminating(terminating) { } + virtual ~RotationFinishedMessage() + { + delete [] new_name; + delete [] old_name; + } + virtual bool Process() { return log_mgr->FinishedRotation(Object(), new_name, old_name, open, close, terminating); } private: - string new_name; - string old_name; + const char* new_name; + const char* old_name; double open; double close; bool terminating; @@ -65,12 +71,16 @@ bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt) { int size; - if ( ! (fmt->Read(&path, "path") && + string tmp_path; + + if ( ! (fmt->Read(&tmp_path, "path") && fmt->Read(&rotation_base, "rotation_base") && fmt->Read(&rotation_interval, "rotation_interval") && fmt->Read(&size, "config_size")) ) return false; + path = copy_string(tmp_path.c_str()); + config.clear(); while ( size ) @@ -81,7 +91,7 @@ bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt) if ( ! (fmt->Read(&value, "config-value") && fmt->Read(&value, "config-key")) ) return false; - config.insert(std::make_pair(value, key)); + config.insert(std::make_pair(copy_string(value.c_str()), copy_string(key.c_str()))); } return true; @@ -98,7 +108,7 @@ bool WriterBackend::WriterInfo::Write(SerializationFormat* fmt) const fmt->Write(size, "config_size")) ) return false; - for ( config_map::const_iterator i = config.begin(); i != config.end(); ++i ) + for ( config_map::const_iterator i = config.begin(); i != config.end(); ++i ) { if ( ! (fmt->Write(i->first, "config-value") && fmt->Write(i->second, "config-key")) ) return false; @@ -113,8 +123,7 @@ WriterBackend::WriterBackend(WriterFrontend* arg_frontend) : MsgThread() fields = 0; buffering = true; frontend = arg_frontend; - - info.path = ""; + info = new WriterInfo(frontend->Info()); SetName(frontend->Name()); } @@ -128,6 +137,8 @@ WriterBackend::~WriterBackend() delete [] fields; } + + delete info; } void WriterBackend::DeleteVals(int num_writes, Value*** vals) @@ -144,7 +155,7 @@ void WriterBackend::DeleteVals(int num_writes, Value*** vals) delete [] vals; } -bool WriterBackend::FinishedRotation(string new_name, string old_name, +bool WriterBackend::FinishedRotation(const char* new_name, const char* old_name, double open, double close, bool terminating) { SendOut(new RotationFinishedMessage(frontend, new_name, old_name, open, close, terminating)); @@ -156,15 +167,12 @@ void WriterBackend::DisableFrontend() SendOut(new DisableMessage(frontend)); } -bool WriterBackend::Init(const WriterInfo& arg_info, int arg_num_fields, const Field* const* arg_fields, const string& frontend_name) +bool WriterBackend::Init(int arg_num_fields, const Field* const* arg_fields) { - info = arg_info; num_fields = arg_num_fields; fields = arg_fields; - SetName(frontend->Name()); - - if ( ! DoInit(arg_info, arg_num_fields, arg_fields) ) + if ( ! DoInit(*info, arg_num_fields, arg_fields) ) { DisableFrontend(); return false; @@ -246,7 +254,7 @@ bool WriterBackend::SetBuf(bool enabled) return true; } -bool WriterBackend::Rotate(string rotated_path, double open, +bool WriterBackend::Rotate(const char* rotated_path, double open, double close, bool terminating) { if ( ! DoRotate(rotated_path, open, close, terminating) ) diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 33cde8679e..a59cd1893e 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -48,14 +48,17 @@ public: */ struct WriterInfo { - typedef std::map config_map; + // Structure takes ownership of these strings. + typedef std::map config_map; /** * A string left to the interpretation of the writer * implementation; it corresponds to the 'path' value configured * on the script-level for the logging filter. + * + * Structure takes ownership of string. */ - string path; + const char* path; /** * The rotation interval as configured for this writer. @@ -76,9 +79,38 @@ public: * A map of key/value pairs corresponding to the relevant * filter's "config" table. */ - std::map config; + config_map config; + + WriterInfo() + { + path = 0; + } + + WriterInfo(const WriterInfo& other) + { + path = other.path ? copy_string(other.path) : 0; + rotation_interval = other.rotation_interval; + rotation_base = other.rotation_base; + network_time = other.network_time; + + for ( config_map::const_iterator i = other.config.begin(); i != other.config.end(); i++ ) + config.insert(std::make_pair(copy_string(i->first), copy_string(i->second))); + } + + ~WriterInfo() + { + delete [] path; + + for ( config_map::iterator i = config.begin(); i != config.end(); i++ ) + { + delete [] i->first; + delete [] i->second; + } + } private: + const WriterInfo& operator=(const WriterInfo& other); // Disable. + friend class ::RemoteSerializer; // Note, these need to be adapted when changing the struct's @@ -90,7 +122,6 @@ public: /** * One-time initialization of the writer to define the logged fields. * - * @param info Meta information for the writer. * @param num_fields * * @param fields An array of size \a num_fields with the log fields. @@ -100,7 +131,7 @@ public: * * @return False if an error occured. */ - bool Init(const WriterInfo& info, int num_fields, const threading::Field* const* fields, const string& frontend_name); + bool Init(int num_fields, const threading::Field* const* fields); /** * Writes one log entry. @@ -146,7 +177,7 @@ public: * * @return False if an error occured. */ - bool Rotate(string rotated_path, double open, double close, bool terminating); + bool Rotate(const char* rotated_path, double open, double close, bool terminating); /** * Disables the frontend that has instantiated this backend. Once @@ -157,7 +188,7 @@ public: /** * Returns the additional writer information passed into the constructor. */ - const WriterInfo& Info() const { return info; } + const WriterInfo& Info() const { return *info; } /** * Returns the number of log fields as passed into the constructor. @@ -193,7 +224,7 @@ public: * @param terminating: True if the original rotation request occured * due to the main Bro process shutting down. */ - bool FinishedRotation(string new_name, string old_name, + bool FinishedRotation(const char* new_name, const char* old_name, double open, double close, bool terminating); /** Helper method to render an IP address as a string. @@ -322,7 +353,7 @@ protected: * due the main Bro prcoess terminating (and not because we've * reached a regularly scheduled time for rotation). */ - virtual bool DoRotate(string rotated_path, double open, double close, + virtual bool DoRotate(const char* rotated_path, double open, double close, bool terminating) = 0; /** @@ -351,7 +382,7 @@ private: // this class, it's running in a different thread! WriterFrontend* frontend; - WriterInfo info; // Meta information as passed to Init(). + const WriterInfo* info; // Meta information. int num_fields; // Number of log fields. const threading::Field* const* fields; // Log fields. bool buffering; // True if buffering is enabled. diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index b816327e9c..fc237d6f6e 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -16,35 +16,36 @@ namespace logging { class InitMessage : public threading::InputMessage { public: - InitMessage(WriterBackend* backend, const WriterBackend::WriterInfo& info, const int num_fields, const Field* const* fields, const string& frontend_name) + InitMessage(WriterBackend* backend, const int num_fields, const Field* const* fields) : threading::InputMessage("Init", backend), - info(info), num_fields(num_fields), fields(fields), - frontend_name(frontend_name) { } + num_fields(num_fields), fields(fields) + {} - virtual bool Process() { return Object()->Init(info, num_fields, fields, frontend_name); } + + virtual bool Process() { return Object()->Init(num_fields, fields); } private: - WriterBackend::WriterInfo info; const int num_fields; const Field * const* fields; - const string frontend_name; }; class RotateMessage : public threading::InputMessage { public: - RotateMessage(WriterBackend* backend, WriterFrontend* frontend, const string rotated_path, const double open, + RotateMessage(WriterBackend* backend, WriterFrontend* frontend, const char* rotated_path, const double open, const double close, const bool terminating) : threading::InputMessage("Rotate", backend), frontend(frontend), - rotated_path(rotated_path), open(open), + rotated_path(copy_string(rotated_path)), open(open), close(close), terminating(terminating) { } + virtual ~RotateMessage() { delete [] rotated_path; } + virtual bool Process() { return Object()->Rotate(rotated_path, open, close, terminating); } private: WriterFrontend* frontend; - const string rotated_path; + const char* rotated_path; const double open; const double close; const bool terminating; @@ -96,7 +97,7 @@ private: using namespace logging; -WriterFrontend::WriterFrontend(EnumVal* arg_stream, EnumVal* arg_writer, bool arg_local, bool arg_remote) +WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVal* arg_stream, EnumVal* arg_writer, bool arg_local, bool arg_remote) { stream = arg_stream; writer = arg_writer; @@ -109,7 +110,10 @@ WriterFrontend::WriterFrontend(EnumVal* arg_stream, EnumVal* arg_writer, bool ar remote = arg_remote; write_buffer = 0; write_buffer_pos = 0; - ty_name = ""; + info = new WriterBackend::WriterInfo(arg_info); + + const char* w = arg_writer->Type()->AsEnumType()->Lookup(arg_stream->InternalInt()); + name = copy_string(fmt("%s/%s", arg_info.path, w)); if ( local ) { @@ -127,14 +131,7 @@ WriterFrontend::~WriterFrontend() { Unref(stream); Unref(writer); - } - -string WriterFrontend::Name() const - { - if ( ! info.path.size() ) - return ty_name; - - return ty_name + "/" + info.path; + delete info; } void WriterFrontend::Stop() @@ -143,7 +140,7 @@ void WriterFrontend::Stop() SetDisable(); } -void WriterFrontend::Init(const WriterBackend::WriterInfo& arg_info, int arg_num_fields, const Field* const * arg_fields) +void WriterFrontend::Init(int arg_num_fields, const Field* const * arg_fields) { if ( disabled ) return; @@ -151,19 +148,18 @@ void WriterFrontend::Init(const WriterBackend::WriterInfo& arg_info, int arg_num if ( initialized ) reporter->InternalError("writer initialize twice"); - info = arg_info; num_fields = arg_num_fields; fields = arg_fields; initialized = true; if ( backend ) - backend->SendIn(new InitMessage(backend, arg_info, arg_num_fields, arg_fields, Name())); + backend->SendIn(new InitMessage(backend, arg_num_fields, arg_fields)); if ( remote ) remote_serializer->SendLogCreateWriter(stream, writer, - arg_info, + *info, arg_num_fields, arg_fields); @@ -177,7 +173,7 @@ void WriterFrontend::Write(int num_fields, Value** vals) if ( remote ) remote_serializer->SendLogWrite(stream, writer, - info.path, + info->path, num_fields, vals); @@ -242,7 +238,7 @@ void WriterFrontend::Flush(double network_time) backend->SendIn(new FlushMessage(backend, network_time)); } -void WriterFrontend::Rotate(string rotated_path, double open, double close, bool terminating) +void WriterFrontend::Rotate(const char* rotated_path, double open, double close, bool terminating) { if ( disabled ) return; diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h index e8f3d06d6c..549d602bd5 100644 --- a/src/logging/WriterFrontend.h +++ b/src/logging/WriterFrontend.h @@ -31,6 +31,10 @@ public: * script-level \c Log::Writer enum (e.g., \a WRITER_ASCII). The * frontend will internally instantiate a WriterBackend of the * corresponding type. + * + * info: The meta information struct for the writer. + * + * writer_name: A descriptive name for the writer's type. * * local: If true, the writer will instantiate a local backend. * @@ -39,7 +43,7 @@ public: * * Frontends must only be instantiated by the main thread. */ - WriterFrontend(EnumVal* stream, EnumVal* writer, bool local, bool remote); + WriterFrontend(const WriterBackend::WriterInfo& info, EnumVal* stream, EnumVal* writer, bool local, bool remote); /** * Destructor. @@ -68,7 +72,7 @@ public: * * This method must only be called from the main thread. */ - void Init(const WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const* fields); + void Init(int num_fields, const threading::Field* const* fields); /** * Write out a record. @@ -130,7 +134,7 @@ public: * * This method must only be called from the main thread. */ - void Rotate(string rotated_path, double open, double close, bool terminating); + void Rotate(const char* rotated_path, double open, double close, bool terminating); /** * Finalizes writing to this tream. @@ -175,7 +179,7 @@ public: /** * Returns the additional writer information as passed into the constructor. */ - const WriterBackend::WriterInfo& Info() const { return info; } + const WriterBackend::WriterInfo& Info() const { return *info; } /** * Returns the number of log fields as passed into the constructor. @@ -188,7 +192,7 @@ public: * * This method is safe to call from any thread. */ - string Name() const; + const char* Name() const { return name; } /** * Returns the log fields as passed into the constructor. @@ -210,8 +214,8 @@ protected: bool local; // True if logging locally. bool remote; // True if loggin remotely. - string ty_name; // Name of the backend type. Set by the manager. - WriterBackend::WriterInfo info; // The writer information. + const char* name; // Descriptive name of the + WriterBackend::WriterInfo* info; // The writer information. int num_fields; // The number of log fields. const threading::Field* const* fields; // The log fields. diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 20963d1535..99fd3f3c6e 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -52,6 +52,8 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) Ascii::~Ascii() { + //fprintf(stderr, "DTOR %p\n", this); + // Normally, the file will be closed here already via the Finish() // message. But when we terminate abnormally, we may still have it open. if ( fd ) @@ -78,7 +80,10 @@ void Ascii::CloseFile(double t) return; if ( include_meta ) - WriteHeaderField("end", t ? Timestamp(t) : ""); + { + string ts = t ? Timestamp(t) : string(""); + WriteHeaderField("end", ts); + } close(fd); fd = 0; @@ -118,6 +123,8 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * if ( ! safe_write(fd, str.c_str(), str.length()) ) goto write_error; + string ts = Timestamp(info.network_time); + if ( ! (WriteHeaderField("set_separator", get_escaped_string( string(set_separator, set_separator_len), false)) && WriteHeaderField("empty_field", get_escaped_string( @@ -125,8 +132,8 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * WriteHeaderField("unset_field", get_escaped_string( string(unset_field, unset_field_len), false)) && WriteHeaderField("path", get_escaped_string(path, false)) && - WriteHeaderField("start", Timestamp(info.network_time))) ) - goto write_error; + WriteHeaderField("start", ts)) ) + goto write_error; for ( int i = 0; i < num_fields; ++i ) { @@ -136,8 +143,8 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * types += string(separator, separator_len); } - names += fields[i]->name; - types += fields[i]->TypeName(); + names += string(fields[i]->name); + types += fields[i]->TypeName().c_str(); } if ( ! (WriteHeaderField("fields", names) @@ -229,8 +236,8 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field) case TYPE_FILE: case TYPE_FUNC: { - int size = val->val.string_val->size(); - const char* data = val->val.string_val->data(); + int size = val->val.string_val.length; + const char* data = val->val.string_val.data; if ( ! size ) { @@ -311,8 +318,7 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field) } default: - Error(Fmt("unsupported field format %d for %s", val->type, - field->name.c_str())); + Error(Fmt("unsupported field format %d for %s", val->type, field->name)); return false; } @@ -366,7 +372,7 @@ write_error: return false; } -bool Ascii::DoRotate(string rotated_path, double open, double close, bool terminating) +bool Ascii::DoRotate(const char* rotated_path, double open, double close, bool terminating) { // Don't rotate special files or if there's not one currently open. if ( ! fd || IsSpecial(Info().path) ) @@ -374,10 +380,10 @@ bool Ascii::DoRotate(string rotated_path, double open, double close, bool termin CloseFile(close); - string nname = rotated_path + "." + LogExt(); + string nname = string(rotated_path) + "." + LogExt(); rename(fname.c_str(), nname.c_str()); - if ( ! FinishedRotation(nname, fname, open, close, terminating) ) + if ( ! FinishedRotation(nname.c_str(), fname.c_str(), open, close, terminating) ) { Error(Fmt("error rotating %s to %s", fname.c_str(), nname.c_str())); return false; @@ -401,19 +407,22 @@ bool Ascii::DoHeartbeat(double network_time, double current_time) string Ascii::LogExt() { const char* ext = getenv("BRO_LOG_SUFFIX"); - if ( ! ext ) ext = "log"; + if ( ! ext ) + ext = "log"; + return ext; } string Ascii::Timestamp(double t) { - struct tm tm; - char buf[128]; - const char* const date_fmt = "%Y-%m-%d-%H-%M-%S"; time_t teatime = time_t(t); - localtime_r(&teatime, &tm); - strftime(buf, sizeof(buf), date_fmt, &tm); + struct tm tmbuf; + struct tm* tm = localtime_r(&teatime, &tmbuf); + + char buf[128]; + const char* const date_fmt = "%Y-%m-%d-%H-%M-%S"; + strftime(buf, sizeof(buf), date_fmt, tm); return buf; } diff --git a/src/logging/writers/Ascii.h b/src/logging/writers/Ascii.h index 371ded4344..cb82860cb7 100644 --- a/src/logging/writers/Ascii.h +++ b/src/logging/writers/Ascii.h @@ -24,7 +24,7 @@ protected: virtual bool DoWrite(int num_fields, const threading::Field* const* fields, threading::Value** vals); virtual bool DoSetBuf(bool enabled); - virtual bool DoRotate(string rotated_path, double open, + virtual bool DoRotate(const char* rotated_path, double open, double close, bool terminating); virtual bool DoFlush(double network_time); virtual bool DoFinish(double network_time); diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index 1978a8b781..7d3053e341 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -78,10 +78,10 @@ std::string DataSeries::LogValueToString(threading::Value *val) case TYPE_STRING: case TYPE_FILE: case TYPE_FUNC: - if ( ! val->val.string_val->size() ) + if ( ! val->val.string_val.length ) return ""; - return string(val->val.string_val->data(), val->val.string_val->size()); + return string(val->val.string_val.data, val->val.string_val.length); case TYPE_TABLE: { @@ -302,7 +302,8 @@ bool DataSeries::DoInit(const WriterInfo& info, int num_fields, const threading: if( ds_dump_schema ) { - FILE* pFile = fopen ( string(info.path + ".ds.xml").c_str() , "wb" ); + string name = string(info.path) + ".ds.xml"; + FILE* pFile = fopen(name.c_str(), "wb" ); if( pFile ) { @@ -394,17 +395,17 @@ bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields, return true; } -bool DataSeries::DoRotate(string rotated_path, double open, double close, bool terminating) +bool DataSeries::DoRotate(const char* rotated_path, double open, double close, bool terminating) { // Note that if DS files are rotated too often, the aggregate log // size will be (much) larger. CloseLog(); - string dsname = Info().path + ".ds"; - string nname = rotated_path + ".ds"; + string dsname = string(Info().path) + ".ds"; + string nname = string(rotated_path) + ".ds"; rename(dsname.c_str(), nname.c_str()); - if ( ! FinishedRotation(nname, dsname, open, close, terminating) ) + if ( ! FinishedRotation(nname.c_str(), dsname.c_str(), open, close, terminating) ) { Error(Fmt("error rotating %s to %s", dsname.c_str(), nname.c_str())); return false; diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h index 31d17a1a7b..9773c7ce1b 100644 --- a/src/logging/writers/DataSeries.h +++ b/src/logging/writers/DataSeries.h @@ -32,7 +32,7 @@ protected: virtual bool DoWrite(int num_fields, const threading::Field* const* fields, threading::Value** vals); virtual bool DoSetBuf(bool enabled); - virtual bool DoRotate(string rotated_path, double open, + virtual bool DoRotate(const char* rotated_path, double open, double close, bool terminating); virtual bool DoFlush(double network_time); virtual bool DoFinish(double network_time); diff --git a/src/logging/writers/None.cc b/src/logging/writers/None.cc index acf9355cf7..9b91b82199 100644 --- a/src/logging/writers/None.cc +++ b/src/logging/writers/None.cc @@ -1,4 +1,6 @@ +#include + #include "None.h" #include "NetVar.h" @@ -15,8 +17,17 @@ bool None::DoInit(const WriterInfo& info, int num_fields, std::cout << " rotation_interval=" << info.rotation_interval << std::endl; std::cout << " rotation_base=" << info.rotation_base << std::endl; - for ( std::map::const_iterator i = info.config.begin(); i != info.config.end(); i++ ) - std::cout << " config[" << i->first << "] = " << i->second << std::endl; + // Output the config sorted by keys. + + std::vector > keys; + + for ( WriterInfo::config_map::const_iterator i = info.config.begin(); i != info.config.end(); i++ ) + keys.push_back(std::make_pair(i->first, i->second)); + + std::sort(keys.begin(), keys.end()); + + for ( std::vector >::const_iterator i = keys.begin(); i != keys.end(); i++ ) + std::cout << " config[" << (*i).first << "] = " << (*i).second << std::endl; for ( int i = 0; i < num_fields; i++ ) { @@ -31,11 +42,11 @@ bool None::DoInit(const WriterInfo& info, int num_fields, return true; } -bool None::DoRotate(string rotated_path, double open, double close, bool terminating) +bool None::DoRotate(const char* rotated_path, double open, double close, bool terminating) { - if ( ! FinishedRotation(string("/dev/null"), Info().path, open, close, terminating)) + if ( ! FinishedRotation("/dev/null", Info().path, open, close, terminating)) { - Error(Fmt("error rotating %s", Info().path.c_str())); + Error(Fmt("error rotating %s", Info().path)); return false; } diff --git a/src/logging/writers/None.h b/src/logging/writers/None.h index c6d7cba56a..2a6f71a06a 100644 --- a/src/logging/writers/None.h +++ b/src/logging/writers/None.h @@ -24,7 +24,7 @@ protected: virtual bool DoWrite(int num_fields, const threading::Field* const* fields, threading::Value** vals) { return true; } virtual bool DoSetBuf(bool enabled) { return true; } - virtual bool DoRotate(string rotated_path, double open, + virtual bool DoRotate(const char* rotated_path, double open, double close, bool terminating); virtual bool DoFlush(double network_time) { return true; } virtual bool DoFinish(double network_time) { return true; } diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index e7fb3f4c84..af57c26939 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -12,18 +12,23 @@ using namespace threading; +static const int STD_FMT_BUF_LEN = 2048; + uint64_t BasicThread::thread_counter = 0; BasicThread::BasicThread() { started = false; terminating = false; + killed = false; pthread = 0; - buf_len = 2048; + buf_len = STD_FMT_BUF_LEN; buf = (char*) malloc(buf_len); - name = Fmt("thread-%d", ++thread_counter); + strerr_buffer = 0; + + name = copy_string(fmt("thread-%" PRIu64, ++thread_counter)); thread_mgr->AddThread(this); } @@ -32,31 +37,41 @@ BasicThread::~BasicThread() { if ( buf ) free(buf); + + delete [] name; + delete [] strerr_buffer; } -void BasicThread::SetName(const string& arg_name) +void BasicThread::SetName(const char* name) { - // Slight race condition here with reader threads, but shouldn't matter. - name = arg_name; + delete [] name; + name = copy_string(name); } -void BasicThread::SetOSName(const string& name) +void BasicThread::SetOSName(const char* name) { #ifdef HAVE_LINUX - prctl(PR_SET_NAME, name.c_str(), 0, 0, 0); + prctl(PR_SET_NAME, name, 0, 0, 0); #endif #ifdef __APPLE__ - pthread_setname_np(name.c_str()); + pthread_setname_np(name); #endif #ifdef FREEBSD - pthread_set_name_np(pthread_self(), name, name.c_str()); + pthread_set_name_np(pthread_self(), name, name); #endif } const char* BasicThread::Fmt(const char* format, ...) { + if ( buf_len > 10 * STD_FMT_BUF_LEN ) + { + // Shrink back to normal. + buf = (char*) safe_realloc(buf, STD_FMT_BUF_LEN); + buf_len = STD_FMT_BUF_LEN; + } + va_list al; va_start(al, format); int n = safe_vsnprintf(buf, buf_len, format, al); @@ -64,15 +79,13 @@ const char* BasicThread::Fmt(const char* format, ...) if ( (unsigned int) n >= buf_len ) { // Not enough room, grow the buffer. - int tmp_len = n + 32; - char* tmp = (char*) malloc(tmp_len); + buf_len = n + 32; + buf = (char*) safe_realloc(buf, buf_len); // Is it portable to restart? va_start(al, format); - n = safe_vsnprintf(tmp, tmp_len, format, al); + n = safe_vsnprintf(buf, buf_len, format, al); va_end(al); - - free(tmp); } return buf; @@ -94,14 +107,14 @@ void BasicThread::Start() int err = pthread_create(&pthread, 0, BasicThread::launcher, this); if ( err != 0 ) - reporter->FatalError("Cannot create thread %s:%s", name.c_str(), Strerror(err)); + reporter->FatalError("Cannot create thread %s: %s", name, Strerror(err)); - DBG_LOG(DBG_THREADING, "Started thread %s", name.c_str()); + DBG_LOG(DBG_THREADING, "Started thread %s", name); OnStart(); } -void BasicThread::Stop() +void BasicThread::PrepareStop() { if ( ! started ) return; @@ -109,11 +122,28 @@ void BasicThread::Stop() if ( terminating ) return; - DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name.c_str()); + DBG_LOG(DBG_THREADING, "Preparing thread %s to terminate ...", name); - terminating = true; + OnPrepareStop(); + } + +void BasicThread::Stop() + { + // XX fprintf(stderr, "stop1 %s %d %d\n", name, started, terminating); + + if ( ! started ) + return; + + if ( terminating ) + return; + + // XX fprintf(stderr, "stop2 %s\n", name); + + DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name); OnStop(); + + terminating = true; } void BasicThread::Join() @@ -123,25 +153,33 @@ void BasicThread::Join() assert(terminating); - DBG_LOG(DBG_THREADING, "Joining thread %s ...", name.c_str()); + DBG_LOG(DBG_THREADING, "Joining thread %s ...", name); if ( pthread && pthread_join(pthread, 0) != 0 ) - reporter->FatalError("Failure joining thread %s", name.c_str()); + reporter->FatalError("Failure joining thread %s", name); - DBG_LOG(DBG_THREADING, "Done with thread %s", name.c_str()); + DBG_LOG(DBG_THREADING, "Joined with thread %s", name); pthread = 0; } void BasicThread::Kill() { + // We don't *really* kill the thread here because that leads to race + // conditions. Instead we set a flag that parts of the the code need + // to check and get out of any loops they might be in. terminating = true; + killed = true; + OnKill(); + } - if ( ! (started && pthread) ) - return; +void BasicThread::Done() + { + // XX fprintf(stderr, "DONE from thread %s\n", name); + DBG_LOG(DBG_THREADING, "Thread %s has finished", name); - pthread = 0; - pthread_kill(pthread, SIGTERM); + terminating = true; + killed = true; } void* BasicThread::launcher(void *arg) @@ -161,11 +199,12 @@ void* BasicThread::launcher(void *arg) sigdelset(&mask_set, SIGSEGV); sigdelset(&mask_set, SIGBUS); int res = pthread_sigmask(SIG_BLOCK, &mask_set, 0); - assert(res == 0); // + assert(res == 0); // Run thread's main function. thread->Run(); + thread->Done(); + return 0; } - diff --git a/src/threading/BasicThread.h b/src/threading/BasicThread.h index d47eb5c3c3..037420b077 100644 --- a/src/threading/BasicThread.h +++ b/src/threading/BasicThread.h @@ -5,7 +5,6 @@ #include #include -#include "Queue.h" #include "util.h" using namespace std; @@ -42,22 +41,25 @@ public: * * This method is safe to call from any thread. */ - const string& Name() const { return name; } + const char* Name() const { return name; } /** * Sets a descriptive name for the thread. This should be a string * that's useful in output presented to the user and uniquely * identifies the thread. * - * This method must be called only from the thread itself. + * This method must be called only from main thread at initialization + * time. */ - void SetName(const string& name); + void SetName(const char* name); /** * Set the name shown by the OS as the thread's description. Not * supported on all OSs. + * + * Must be called only from the child thread. */ - void SetOSName(const string& name); + void SetOSName(const char* name); /** * Starts the thread. Calling this methods will spawn a new OS thread @@ -68,6 +70,18 @@ public: */ void Start(); + /** + * Signals the thread to prepare for stopping. This must be called + * before Stop() and allows the thread to trigger shutting down + * without yet blocking for doing so. + * + * Calling this method has no effect if Start() hasn't been executed + * yet. + * + * Only Bro's main thread must call this method. + */ + void PrepareStop(); + /** * Signals the thread to stop. The method lets Terminating() now * return true. It does however not force the thread to terminate. @@ -88,6 +102,13 @@ public: */ bool Terminating() const { return terminating; } + /** + * Returns true if Kill() has been called. + * + * This method is safe to call from any thread. + */ + bool Killed() const { return killed; } + /** * A version of fmt() that the thread can safely use. * @@ -124,12 +145,24 @@ protected: virtual void OnStart() {} /** - * Executed with Stop(). This is a hook into stopping the thread. It - * will be called from Bro's main thread after the thread has been - * signaled to stop. + * Executed with PrepareStop() (and before OnStop()). This is a hook + * into preparing the thread for stopping. It will be called from + * Bro's main thread before the thread has been signaled to stop. + */ + virtual void OnPrepareStop() {} + + /** + * Executed with Stop() (and after OnPrepareStop()). This is a hook + * into stopping the thread. It will be called from Bro's main thread + * after the thread has been signaled to stop. */ virtual void OnStop() {} + /** + * Executed with Kill(). This is a hook into killing the thread. + */ + virtual void OnKill() {} + /** * Destructor. This will be called by the manager. * @@ -153,14 +186,18 @@ protected: */ void Kill(); + /** Called by child thread's launcher when it's done processing. */ + void Done(); + private: // pthread entry function. static void* launcher(void *arg); - string name; + const char* name; pthread_t pthread; bool started; // Set to to true once running. bool terminating; // Set to to true to signal termination. + bool killed; // Set to true once forcefully killed. // Used as a semaphore to tell the pthread thread when it may // terminate. diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc index f1f9307b03..b997aeec47 100644 --- a/src/threading/Manager.cc +++ b/src/threading/Manager.cc @@ -30,6 +30,10 @@ void Manager::Terminate() do Process(); while ( did_process ); // Signal all to stop. + + for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ ) + (*i)->PrepareStop(); + for ( all_thread_list::iterator i = all_threads.begin(); i != all_threads.end(); i++ ) (*i)->Stop(); @@ -50,14 +54,14 @@ void Manager::Terminate() void Manager::AddThread(BasicThread* thread) { - DBG_LOG(DBG_THREADING, "Adding thread %s ...", thread->Name().c_str()); + DBG_LOG(DBG_THREADING, "Adding thread %s ...", thread->Name()); all_threads.push_back(thread); idle = false; } void Manager::AddMsgThread(MsgThread* thread) { - DBG_LOG(DBG_THREADING, "%s is a MsgThread ...", thread->Name().c_str()); + DBG_LOG(DBG_THREADING, "%s is a MsgThread ...", thread->Name()); msg_threads.push_back(thread); } @@ -114,6 +118,12 @@ void Manager::Process() { Message* msg = t->RetrieveOut(); + if ( ! msg ) + { + assert(t->Killed()); + break; + } + if ( msg->Process() ) { if ( network_time ) @@ -122,10 +132,9 @@ void Manager::Process() else { - string s = msg->Name() + " failed, terminating thread"; - reporter->Error("%s", s.c_str()); + reporter->Error("%s failed, terminating thread", msg->Name()); t->Stop(); - } + } delete msg; } diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index 3913624654..3e06a3fe1e 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -29,16 +29,6 @@ private: double network_time; }; -// A dummy message that's only purpose is unblock the current read operation -// so that the child's Run() methods can check the termination status. -class UnblockMessage : public InputMessage -{ -public: - UnblockMessage(MsgThread* thread) : InputMessage("Unblock", thread) { } - - virtual bool Process() { return true; } -}; - /// Sends a heartbeat to the child thread. class HeartbeatMessage : public InputMessage { @@ -66,14 +56,16 @@ public: INTERNAL_WARNING, INTERNAL_ERROR }; - ReporterMessage(Type arg_type, MsgThread* thread, const string& arg_msg) + ReporterMessage(Type arg_type, MsgThread* thread, const char* arg_msg) : OutputMessage("ReporterMessage", thread) - { type = arg_type; msg = arg_msg; } + { type = arg_type; msg = copy_string(arg_msg); } + + ~ReporterMessage() { delete [] msg; } virtual bool Process(); private: - string msg; + const char* msg; Type type; }; @@ -82,18 +74,19 @@ private: class DebugMessage : public OutputMessage { public: - DebugMessage(DebugStream arg_stream, MsgThread* thread, const string& arg_msg) + DebugMessage(DebugStream arg_stream, MsgThread* thread, const char* arg_msg) : OutputMessage("DebugMessage", thread) - { stream = arg_stream; msg = arg_msg; } + { stream = arg_stream; msg = copy_string(arg_msg); } + + virtual ~DebugMessage() { delete [] msg; } virtual bool Process() { - string s = Object()->Name() + ": " + msg; - debug_logger.Log(stream, "%s", s.c_str()); + debug_logger.Log(stream, "%s: %s", Object()->Name(), msg); return true; } private: - string msg; + const char* msg; DebugStream stream; }; #endif @@ -104,41 +97,39 @@ private: Message::~Message() { + delete [] name; } bool ReporterMessage::Process() { - string s = Object()->Name() + ": " + msg; - const char* cmsg = s.c_str(); - switch ( type ) { case INFO: - reporter->Info("%s", cmsg); + reporter->Info("%s: %s", Object()->Name(), msg); break; case WARNING: - reporter->Warning("%s", cmsg); + reporter->Warning("%s: %s", Object()->Name(), msg); break; case ERROR: - reporter->Error("%s", cmsg); + reporter->Error("%s: %s", Object()->Name(), msg); break; case FATAL_ERROR: - reporter->FatalError("%s", cmsg); + reporter->FatalError("%s: %s", Object()->Name(), msg); break; case FATAL_ERROR_WITH_CORE: - reporter->FatalErrorWithCore("%s", cmsg); + reporter->FatalErrorWithCore("%s: %s", Object()->Name(), msg); break; case INTERNAL_WARNING: - reporter->InternalWarning("%s", cmsg); + reporter->InternalWarning("%s: %s", Object()->Name(), msg); break; case INTERNAL_ERROR : - reporter->InternalError("%s", cmsg); + reporter->InternalError("%s: %s", Object()->Name(), msg); break; default: @@ -148,62 +139,78 @@ bool ReporterMessage::Process() return true; } -MsgThread::MsgThread() : BasicThread() +MsgThread::MsgThread() : BasicThread(), queue_in(this, 0), queue_out(0, this) { cnt_sent_in = cnt_sent_out = 0; finished = false; - stopped = false; thread_mgr->AddMsgThread(this); } // Set by Bro's main signal handler. extern int signal_val; -void MsgThread::OnStop() +void MsgThread::OnPrepareStop() { - if ( stopped ) + if ( finished || Killed() ) return; + // XX fprintf(stderr, "Sending FINISH to thread %s ...\n", Name()); + // Signal thread to terminate and wait until it has acknowledged. SendIn(new FinishMessage(this, network_time), true); + } +void MsgThread::OnStop() + { + int signal_count = 0; int old_signal_val = signal_val; signal_val = 0; int cnt = 0; - bool aborted = 0; + uint64_t last_size = 0; + uint64_t cur_size = 0; - while ( ! finished ) + // XX fprintf(stderr, "WAITING for thread %s to stop ...\n", Name()); + + while ( ! (finished || Killed() ) ) { // Terminate if we get another kill signal. if ( signal_val == SIGTERM || signal_val == SIGINT ) { - // Abort all threads here so that we won't hang next - // on another one. - fprintf(stderr, "received signal while waiting for thread %s, aborting all ...\n", Name().c_str()); - thread_mgr->KillThreads(); - aborted = true; - break; + ++signal_count; + + if ( signal_count == 1 ) + { + // Abort all threads here so that we won't hang next + // on another one. + fprintf(stderr, "received signal while waiting for thread %s, aborting all ...\n", Name()); + thread_mgr->KillThreads(); + } + else + { + // More than one signal. Abort processing + // right away. on another one. + fprintf(stderr, "received another signal while waiting for thread %s, aborting processing\n", Name()); + exit(1); + } + + signal_val = 0; } - if ( ++cnt % 10000 == 0 ) // Insurance against broken threads ... - { - fprintf(stderr, "killing thread %s ...\n", Name().c_str()); - Kill(); - aborted = true; - break; - } + queue_in.WakeUp(); usleep(1000); } - Finished(); - signal_val = old_signal_val; + } - // One more message to make sure the current queue read operation unblocks. - if ( ! aborted ) - SendIn(new UnblockMessage(this), true); +void MsgThread::OnKill() + { + // Send a message to unblock the reader if its currently waiting for + // input. This is just an optimization to make it terminate more + // quickly, even without the message it will eventually time out. + queue_in.WakeUp(); } void MsgThread::Heartbeat() @@ -213,9 +220,7 @@ void MsgThread::Heartbeat() void MsgThread::HeartbeatInChild() { - string n = Name(); - - n = Fmt("bro: %s (%" PRIu64 "/%" PRIu64 ")", n.c_str(), + string n = Fmt("bro: %s (%" PRIu64 "/%" PRIu64 ")", Name(), cnt_sent_in - queue_in.Size(), cnt_sent_out - queue_out.Size()); @@ -283,7 +288,7 @@ void MsgThread::SendIn(BasicInputMessage* msg, bool force) return; } - DBG_LOG(DBG_THREADING, "Sending '%s' to %s ...", msg->Name().c_str(), Name().c_str()); + DBG_LOG(DBG_THREADING, "Sending '%s' to %s ...", msg->Name(), Name()); queue_in.Put(msg); ++cnt_sent_in; @@ -306,9 +311,10 @@ void MsgThread::SendOut(BasicOutputMessage* msg, bool force) BasicOutputMessage* MsgThread::RetrieveOut() { BasicOutputMessage* msg = queue_out.Get(); - assert(msg); + if ( ! msg ) + return 0; - DBG_LOG(DBG_THREADING, "Retrieved '%s' from %s", msg->Name().c_str(), Name().c_str()); + DBG_LOG(DBG_THREADING, "Retrieved '%s' from %s", msg->Name(), Name()); return msg; } @@ -316,10 +322,12 @@ BasicOutputMessage* MsgThread::RetrieveOut() BasicInputMessage* MsgThread::RetrieveIn() { BasicInputMessage* msg = queue_in.Get(); - assert(msg); + + if ( ! msg ) + return 0; #ifdef DEBUG - string s = Fmt("Retrieved '%s' in %s", msg->Name().c_str(), Name().c_str()); + string s = Fmt("Retrieved '%s' in %s", msg->Name(), Name()); Debug(DBG_THREADING, s.c_str()); #endif @@ -328,15 +336,18 @@ BasicInputMessage* MsgThread::RetrieveIn() void MsgThread::Run() { - while ( ! finished ) + while ( ! (finished || Killed() ) ) { BasicInputMessage* msg = RetrieveIn(); + if ( ! msg ) + continue; + bool result = msg->Process(); if ( ! result ) { - string s = msg->Name() + " failed, terminating thread (MsgThread)"; + string s = Fmt("%s failed, terminating thread (MsgThread)", Name()); Error(s.c_str()); break; } @@ -344,7 +355,7 @@ void MsgThread::Run() delete msg; } - Finished(); + Finished(); } void MsgThread::GetStats(Stats* stats) diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h index d929c1f806..1d9b17c7d9 100644 --- a/src/threading/MsgThread.h +++ b/src/threading/MsgThread.h @@ -228,6 +228,8 @@ protected: */ virtual void Run(); virtual void OnStop(); + virtual void OnPrepareStop(); + virtual void OnKill(); private: /** @@ -293,7 +295,6 @@ private: uint64_t cnt_sent_out; // Counts message sent by child. bool finished; // Set to true by Finished message. - bool stopped; // Set to true by OnStop(). }; /** @@ -312,7 +313,7 @@ public: * what's passed into the constructor and used mainly for debugging * purposes. */ - const string& Name() const { return name; } + const char* Name() const { return name; } /** * Callback that must be overriden for processing a message. @@ -326,10 +327,11 @@ protected: * @param arg_name A descriptive name for the type of message. Used * mainly for debugging purposes. */ - Message(const string& arg_name) { name = arg_name; } + Message(const char* arg_name) + { name = copy_string(arg_name); } private: - string name; + const char* name; }; /** @@ -344,7 +346,7 @@ protected: * @param name A descriptive name for the type of message. Used * mainly for debugging purposes. */ - BasicInputMessage(const string& name) : Message(name) {} + BasicInputMessage(const char* name) : Message(name) {} }; /** @@ -359,7 +361,7 @@ protected: * @param name A descriptive name for the type of message. Used * mainly for debugging purposes. */ - BasicOutputMessage(const string& name) : Message(name) {} + BasicOutputMessage(const char* name) : Message(name) {} }; /** @@ -384,7 +386,7 @@ protected: * * @param arg_object: An object to store with the message. */ - InputMessage(const string& name, O* arg_object) : BasicInputMessage(name) + InputMessage(const char* name, O* arg_object) : BasicInputMessage(name) { object = arg_object; } private: @@ -413,7 +415,7 @@ protected: * * @param arg_object An object to store with the message. */ - OutputMessage(const string& name, O* arg_object) : BasicOutputMessage(name) + OutputMessage(const char* name, O* arg_object) : BasicOutputMessage(name) { object = arg_object; } private: diff --git a/src/threading/Queue.h b/src/threading/Queue.h index b2ccd2a0ce..29a8084352 100644 --- a/src/threading/Queue.h +++ b/src/threading/Queue.h @@ -1,4 +1,3 @@ - #ifndef THREADING_QUEUE_H #define THREADING_QUEUE_H @@ -6,11 +5,28 @@ #include #include #include +#include #include "Reporter.h" +#include "BasicThread.h" #undef Queue // Defined elsewhere unfortunately. +#if 1 +// We don't have pthread spinlocks on DARWIN. +# define PTHREAD_MUTEX_T pthread_mutex_t +# define PTHREAD_MUTEX_LOCK(x) pthread_mutex_lock(x) +# define PTHREAD_MUTEX_UNLOCK(x) pthread_mutex_unlock(x) +# define PTHREAD_MUTEX_INIT(x) pthread_mutex_init(x, 0) +# define PTHREAD_MUTEX_DESTROY(x) pthread_mutex_destroy(x) +#else +# define PTHREAD_MUTEX_T pthrea_spinlock_T +# define PTHREAD_MUTEX_LOCK(x) pthrea_spin_lock(x) +# define PTHREAD_MUTEX_UNLOCK(x) pthrea_spin_unlock(x) +# define PTHREAD_MUTEX_INIT(x) pthrea_spin_init(x, PTHREAD_PROCESS_PRIVATE) +# define PTHREAD_MUTEX_DESTROY(x) pthrea_spin_destroy(x) +#endif + namespace threading { /** @@ -30,8 +46,12 @@ class Queue public: /** * Constructor. + * + * reader, writer: The corresponding threads. This is for checking + * whether they have terminated so that we can abort I/O opeations. + * Can be left null for the main thread. */ - Queue(); + Queue(BasicThread* arg_reader, BasicThread* arg_writer); /** * Destructor. @@ -39,7 +59,9 @@ public: ~Queue(); /** - * Retrieves one elment. + * Retrieves one elment. This may block for a little while of no + * input is available and eventually return with a null element if + * nothing shows up. */ T Get(); @@ -60,6 +82,11 @@ public: */ bool MaybeReady() { return ( ( read_ptr - write_ptr) != 0 ); } + /** Wake up the reader if it's currently blocked for input. This is + primarily to give it a chance to check termination quickly. + **/ + void WakeUp(); + /** * Returns the number of queued items not yet retrieved. */ @@ -82,45 +109,50 @@ public: void GetStats(Stats* stats); private: - static const int NUM_QUEUES = 8; + static const int NUM_QUEUES = 15; - pthread_mutex_t mutex[NUM_QUEUES]; // Mutex protected shared accesses. + PTHREAD_MUTEX_T mutex[NUM_QUEUES]; // Mutex protected shared accesses. pthread_cond_t has_data[NUM_QUEUES]; // Signals when data becomes available std::queue messages[NUM_QUEUES]; // Actually holds the queued messages int read_ptr; // Where the next operation will read from int write_ptr; // Where the next operation will write to + BasicThread* reader; + BasicThread* writer; + // Statistics. uint64_t num_reads; uint64_t num_writes; }; -inline static void safe_lock(pthread_mutex_t* mutex) +inline static void safe_lock(PTHREAD_MUTEX_T* mutex) { - if ( pthread_mutex_lock(mutex) != 0 ) + if ( PTHREAD_MUTEX_LOCK(mutex) != 0 ) reporter->FatalErrorWithCore("cannot lock mutex"); } -inline static void safe_unlock(pthread_mutex_t* mutex) +inline static void safe_unlock(PTHREAD_MUTEX_T* mutex) { - if ( pthread_mutex_unlock(mutex) != 0 ) + if ( PTHREAD_MUTEX_UNLOCK(mutex) != 0 ) reporter->FatalErrorWithCore("cannot unlock mutex"); } template -inline Queue::Queue() +inline Queue::Queue(BasicThread* arg_reader, BasicThread* arg_writer) { read_ptr = 0; write_ptr = 0; num_reads = num_writes = 0; + reader = arg_reader; + writer = arg_writer; for( int i = 0; i < NUM_QUEUES; ++i ) { - if ( pthread_cond_init(&has_data[i], NULL) != 0 ) + if ( pthread_cond_init(&has_data[i], 0) != 0 ) reporter->FatalError("cannot init queue condition variable"); - if ( pthread_mutex_init(&mutex[i], NULL) != 0 ) + if ( PTHREAD_MUTEX_INIT(&mutex[i]) != 0 ) reporter->FatalError("cannot init queue mutex"); } } @@ -131,19 +163,30 @@ inline Queue::~Queue() for( int i = 0; i < NUM_QUEUES; ++i ) { pthread_cond_destroy(&has_data[i]); - pthread_mutex_destroy(&mutex[i]); + PTHREAD_MUTEX_DESTROY(&mutex[i]); } } template inline T Queue::Get() { + if ( (reader && reader->Killed()) || (writer && writer->Killed()) ) + return 0; + safe_lock(&mutex[read_ptr]); int old_read_ptr = read_ptr; if ( messages[read_ptr].empty() ) - pthread_cond_wait(&has_data[read_ptr], &mutex[read_ptr]); + { + struct timespec ts; + ts.tv_sec = time(0) + 5; + ts.tv_nsec = 0; + + pthread_cond_timedwait(&has_data[read_ptr], &mutex[read_ptr], &ts); + safe_unlock(&mutex[read_ptr]); + return 0; + } T data = messages[read_ptr].front(); messages[read_ptr].pop(); @@ -222,6 +265,17 @@ inline void Queue::GetStats(Stats* stats) safe_unlock(&mutex[i]); } +template +inline void Queue::WakeUp() + { + for ( int i = 0; i < NUM_QUEUES; i++ ) + { + safe_lock(&mutex[i]); + pthread_cond_signal(&has_data[i]); + safe_unlock(&mutex[i]); + } + } + } diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc index 4494e1b245..c0e26ccb32 100644 --- a/src/threading/SerialTypes.cc +++ b/src/threading/SerialTypes.cc @@ -11,23 +11,54 @@ bool Field::Read(SerializationFormat* fmt) { int t; int st; + string tmp_name; + bool have_2nd; - bool success = (fmt->Read(&name, "name") - && fmt->Read(&secondary_name, "secondary_name") + if ( ! fmt->Read(&have_2nd, "have_2nd") ) + return false; + + if ( have_2nd ) + { + string tmp_secondary_name; + if ( ! fmt->Read(&tmp_secondary_name, "secondary_name") ) + return false; + + secondary_name = copy_string(tmp_secondary_name.c_str()); + } + else + secondary_name = 0; + + bool success = (fmt->Read(&tmp_name, "name") && fmt->Read(&t, "type") && fmt->Read(&st, "subtype") && fmt->Read(&optional, "optional")); + if ( ! success ) + return false; + + name = copy_string(tmp_name.c_str()); + type = (TypeTag) t; subtype = (TypeTag) st; - return success; + return true; } bool Field::Write(SerializationFormat* fmt) const { + assert(name); + + if ( secondary_name ) + { + if ( ! (fmt->Write(true, "have_2nd") + && fmt->Write(secondary_name, "secondary_name")) ) + return false; + } + else + if ( ! fmt->Write(false, "have_2nd") ) + return false; + return (fmt->Write(name, "name") - && fmt->Write(secondary_name, "secondary_name") && fmt->Write((int)type, "type") && fmt->Write((int)subtype, "subtype"), fmt->Write(optional, "optional")); @@ -51,7 +82,7 @@ Value::~Value() { if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE || type == TYPE_FUNC) && present ) - delete val.string_val; + delete [] val.string_val.data; if ( type == TYPE_TABLE && present ) { @@ -224,10 +255,7 @@ bool Value::Read(SerializationFormat* fmt) case TYPE_STRING: case TYPE_FILE: case TYPE_FUNC: - { - val.string_val = new string; - return fmt->Read(val.string_val, "string"); - } + return fmt->Read(&val.string_val.data, &val.string_val.length, "string"); case TYPE_TABLE: { @@ -339,7 +367,7 @@ bool Value::Write(SerializationFormat* fmt) const case TYPE_STRING: case TYPE_FILE: case TYPE_FUNC: - return fmt->Write(*val.string_val, "string"); + return fmt->Write(val.string_val.data, val.string_val.length, "string"); case TYPE_TABLE: { diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 283d88bf4c..60aee2411e 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -12,6 +12,7 @@ using namespace std; class SerializationFormat; +class RemoteSerializer; namespace threading { @@ -19,10 +20,10 @@ namespace threading { * Definition of a log file, i.e., one column of a log stream. */ struct Field { - string name; //! Name of the field. + const char* name; //! Name of the field. //! Needed by input framework. Port fields have two names (one for the //! port, one for the type), and this specifies the secondary name. - string secondary_name; + const char* secondary_name; TypeTag type; //! Type of the field. TypeTag subtype; //! Inner type for sets. bool optional; //! True if field is optional. @@ -30,13 +31,24 @@ struct Field { /** * Constructor. */ - Field() { subtype = TYPE_VOID; optional = false; } + Field(const char* name, const char* secondary_name, TypeTag type, TypeTag subtype, bool optional) + : name(name ? copy_string(name) : 0), + secondary_name(secondary_name ? copy_string(secondary_name) : 0), + type(type), subtype(subtype), optional(optional) { } /** * Copy constructor. */ Field(const Field& other) - : name(other.name), type(other.type), subtype(other.subtype), optional(other.optional) { } + : name(other.name ? copy_string(other.name) : 0), + secondary_name(other.secondary_name ? copy_string(other.secondary_name) : 0), + type(other.type), subtype(other.subtype), optional(other.optional) { } + + ~Field() + { + delete [] name; + delete [] secondary_name; + } /** * Unserializes a field. @@ -63,6 +75,12 @@ struct Field { * thread-safe. */ string TypeName() const; + +private: + friend class ::RemoteSerializer; + + // Force usage of constructor above. + Field() {}; }; /** @@ -102,7 +120,11 @@ struct Value { vec_t vector_val; addr_t addr_val; subnet_t subnet_val; - string* string_val; + + struct { + char* data; + int length; + } string_val; } val; /** @@ -147,7 +169,7 @@ struct Value { static bool IsCompatibleType(BroType* t, bool atomic_only=false); private: -friend class ::IPAddr; + friend class ::IPAddr; Value(const Value& other) { } // Disabled. }; diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro index 1f05dfc729..9298ac1c01 100644 --- a/testing/btest/istate/events.bro +++ b/testing/btest/istate/events.bro @@ -11,8 +11,8 @@ # @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log # @TEST-EXEC: cmp sender.http.log receiver.http.log # -# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log -# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log +# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log +# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.rec.log # @TEST-EXEC: btest-diff events.rec.log # @TEST-EXEC: btest-diff events.snd.log # @TEST-EXEC: cmp events.rec.log events.snd.log diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps index 2b029789de..9398c1cb4b 100755 --- a/testing/scripts/diff-remove-timestamps +++ b/testing/scripts/diff-remove-timestamps @@ -3,6 +3,4 @@ # Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs). sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \ -sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' | \ -grep -v '#start' | grep -v '#end' - +sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' From 5cfb8d65c3a205a3a8c03dccc041a8b24d070a49 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 19 Jul 2012 18:57:15 -0700 Subject: [PATCH 084/120] Updating tests for the #start/#end change. --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- cmake | 2 +- src/logging/writers/Ascii.cc | 1 + src/threading/BasicThread.cc | 8 +++-- src/threading/BasicThread.h | 7 ++-- src/threading/MsgThread.cc | 1 + testing/btest/Baseline/bifs.to_double/out | 2 +- testing/btest/Baseline/core.checksums/bad.out | 20 ++++++++++++ .../btest/Baseline/core.checksums/good.out | 14 ++++++++ .../core.disable-mobile-ipv6/weird.log | 2 ++ .../Baseline/core.expr-exception/reporter.log | 20 ++++++------ testing/btest/Baseline/core.ipv6-frag/dns.log | 2 ++ .../Baseline/core.print-bpf-filters/conn.log | 2 ++ .../Baseline/core.print-bpf-filters/output | 16 +++++++--- .../core.reporter-error-in-handler/output | 2 +- .../Baseline/core.reporter-fmt-strings/output | 2 +- .../Baseline/core.reporter-parse-error/output | 2 +- .../core.reporter-runtime-error/output | 2 +- .../core.reporter-type-mismatch/output | 6 ++-- .../Baseline/core.reporter/logger-test.log | 12 +++---- testing/btest/Baseline/core.reporter/output | 6 ++-- testing/btest/Baseline/core.truncation/output | 8 +++++ .../Baseline/core.tunnels.ayiya/conn.log | 2 ++ .../Baseline/core.tunnels.ayiya/http.log | 2 ++ .../Baseline/core.tunnels.ayiya/tunnel.log | 2 ++ .../core.tunnels.false-teredo/dpd.log | 2 ++ .../core.tunnels.false-teredo/weird.log | 2 ++ .../Baseline/core.tunnels.teredo/conn.log | 2 ++ .../Baseline/core.tunnels.teredo/http.log | 2 ++ .../Baseline/core.tunnels.teredo/tunnel.log | 2 ++ .../conn.log | 2 ++ .../http.log | 2 ++ .../tunnel.log | 2 ++ .../weird.log | 2 ++ .../btest/Baseline/core.vlan-mpls/conn.log | 2 ++ .../canonified_loaded_scripts.log | 2 ++ .../coverage.coverage-blacklist/output | 10 +++--- .../canonified_loaded_scripts.log | 2 ++ .../btest/Baseline/istate.broccoli/bro.log | 6 ++-- .../istate.events-ssl/receiver.http.log | 4 ++- .../istate.events-ssl/sender.http.log | 4 ++- .../Baseline/istate.events/receiver.http.log | 4 ++- .../Baseline/istate.events/sender.http.log | 4 ++- .../Baseline/istate.pybroccoli/bro..stdout | 2 +- .../istate.pybroccoli/python..stdout.filtered | 6 ++-- .../language.wrong-delete-field/output | 2 +- .../send.log | 32 ++++++++++--------- .../ssh-new-default.log | 6 ++-- .../ssh.log | 2 ++ .../ssh-filtered.log | 10 +++--- .../test.log | 2 ++ .../http.log | 2 ++ .../test.log | 2 ++ .../ssh.log | 10 +++--- .../test.log | 4 +-- .../ssh.log | 10 +++--- .../test.log | 2 ++ .../ssh.log | 2 ++ .../ssh.log | 2 ++ .../ssh.ds.txt | 10 +++--- .../ssh.log | 12 ++++--- .../output | 4 +-- .../ssh.log | 2 ++ .../ssh.log | 4 ++- .../ssh.log | 12 ++++--- .../local.log | 2 ++ .../remote.log | 2 ++ .../output | 28 ++++++++++++---- .../test.failure.log | 4 ++- .../test.success.log | 4 ++- .../receiver.test.log | 4 ++- .../sender.test.failure.log | 8 +++-- .../sender.test.log | 12 ++++--- .../sender.test.success.log | 6 ++-- .../ssh.failure.log | 6 ++-- .../ssh.log | 8 +++-- .../out | 20 ++++++++++++ .../out | 20 ++++++++++++ .../output | 12 ++++--- .../ssh.log | 12 ++++--- .../ssh.log | 4 ++- .../testing.log | 2 ++ .../ssh.log | 2 ++ .../manager-1.metrics.log | 8 +++-- .../metrics.log | 8 +++-- .../manager-1.notice.log | 4 ++- .../notice.log | 6 ++-- .../manager-1.notice.log | 4 ++- .../manager-1.notice.log | 4 ++- .../notice.log | 4 ++- .../conn.log | 2 ++ .../ftp.log | 2 ++ .../conn.log | 2 ++ .../ftp.log | 2 ++ .../http.log | 2 ++ .../http.log | 2 ++ .../http.log | 2 ++ .../http.log | 2 ++ .../scripts.base.protocols.irc.basic/irc.log | 2 ++ .../irc.log | 2 ++ .../smtp.log | 2 ++ .../smtp_entities.log | 2 ++ .../smtp_entities.log | 2 ++ .../socks.log | 2 ++ .../tunnel.log | 2 ++ .../socks.log | 2 ++ .../tunnel.log | 2 ++ .../tunnel.log | 2 ++ .../scripts.base.protocols.ssl.basic/ssl.log | 2 ++ .../knownhosts-all.log | 2 ++ .../knownhosts-local.log | 2 ++ .../knownhosts-remote.log | 2 ++ .../knownservices-all.log | 2 ++ .../knownservices-local.log | 2 ++ .../knownservices-remote.log | 2 ++ .../dns.log | 2 ++ testing/btest/istate/events-ssl.bro | 4 +-- testing/btest/istate/events.bro | 4 +-- .../base/frameworks/logging/ascii-escape.bro | 1 + testing/scripts/diff-remove-timestamps | 2 +- 123 files changed, 442 insertions(+), 162 deletions(-) diff --git a/aux/binpac b/aux/binpac index b4094cb75e..4ad8d15b63 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit b4094cb75e0a7769123f7db1f5d73f3f9f1c3977 +Subproject commit 4ad8d15b6395925c9875c9d2912a6cc3b4918e0a diff --git a/aux/bro-aux b/aux/bro-aux index 2038e3de04..c691c01e9c 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 2038e3de042115c3caa706426e16c830c1fd1e9e +Subproject commit c691c01e9cefae5a79bcd4b0f84ca387c8c587a7 diff --git a/aux/broccoli b/aux/broccoli index 07866915a1..8234b8903c 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 07866915a1450ddd25b888917f494b4824b0cc3f +Subproject commit 8234b8903cbc775f341bdb6a1c0159981d88d27b diff --git a/aux/broctl b/aux/broctl index 892b60edb9..d5ecd1a42c 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 892b60edb967bb456872638f22ba994e84530137 +Subproject commit d5ecd1a42c04b0dca332edc31811e5a6d0f7f2fb diff --git a/cmake b/cmake index 96f3d92aca..2a72c5e08e 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 96f3d92acadbe1ae64f410e974c5ff503903394b +Subproject commit 2a72c5e08e018cf632033af3920432d5f684e130 diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 99fd3f3c6e..d3c210ce47 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -2,6 +2,7 @@ #include #include +#include #include "NetVar.h" #include "threading/SerialTypes.h" diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index af57c26939..d4a82316e8 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -93,9 +93,11 @@ const char* BasicThread::Fmt(const char* format, ...) const char* BasicThread::Strerror(int err) { - static char buf[128] = ""; - strerror_r(err, buf, sizeof(buf)); - return buf; + if ( ! strerr_buffer ) + strerr_buffer = new char[256]; + + strerror_r(err, strerr_buffer, 256); + return strerr_buffer; } void BasicThread::Start() diff --git a/src/threading/BasicThread.h b/src/threading/BasicThread.h index 037420b077..e17324e948 100644 --- a/src/threading/BasicThread.h +++ b/src/threading/BasicThread.h @@ -120,8 +120,8 @@ public: /** * A version of strerror() that the thread can safely use. This is * essentially a wrapper around strerror_r(). Note that it keeps a - * single static buffer internally so the result remains valid only - * until the next call. + * single buffer per thread internally so the result remains valid + * only until the next call. */ const char* Strerror(int err); @@ -207,6 +207,9 @@ private: char* buf; unsigned int buf_len; + // For implementating Strerror(). + char* strerr_buffer; + static uint64_t thread_counter; }; diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index 3e06a3fe1e..0e55b99ba1 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -5,6 +5,7 @@ #include "Manager.h" #include +#include using namespace threading; diff --git a/testing/btest/Baseline/bifs.to_double/out b/testing/btest/Baseline/bifs.to_double/out index 8c2fef496a..8e172dcaa6 100644 --- a/testing/btest/Baseline/bifs.to_double/out +++ b/testing/btest/Baseline/bifs.to_double/out @@ -3,4 +3,4 @@ -60.0 3600.0 86400.0 -1337982322.762159 +1342748947.655087 diff --git a/testing/btest/Baseline/core.checksums/bad.out b/testing/btest/Baseline/core.checksums/bad.out index 44a27f7f0f..de4538e32b 100644 --- a/testing/btest/Baseline/core.checksums/bad.out +++ b/testing/btest/Baseline/core.checksums/bad.out @@ -3,81 +3,101 @@ #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-18-03-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332784981.078396 - - - - - bad_IP_checksum - F bro +#end 2012-03-26-18-03-01 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-18-01-25 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332784885.686428 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F bro +#end 2012-03-26-18-01-25 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-18-02-13 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332784933.501023 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F bro +#end 2012-03-26-18-02-13 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-29-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334075363.536871 UWkUyAuUGXf 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F bro +#end 2012-04-10-16-29-23 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-18-06-50 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332785210.013051 - - - - - routing0_hdr - F bro 1332785210.013051 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F bro +#end 2012-03-26-18-06-50 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-17-23-00 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332782580.798420 - - - - - routing0_hdr - F bro 1332782580.798420 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F bro +#end 2012-03-26-17-23-00 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-25-11 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334075111.800086 - - - - - routing0_hdr - F bro 1334075111.800086 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F bro +#end 2012-04-10-16-25-11 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-18-07-30 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332785250.469132 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro +#end 2012-03-26-18-07-30 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-17-02-22 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332781342.923813 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro +#end 2012-03-26-17-02-22 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-22-19 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro +#end 2012-04-10-16-22-19 diff --git a/testing/btest/Baseline/core.checksums/good.out b/testing/btest/Baseline/core.checksums/good.out index 0010974b7f..ed6c071ffc 100644 --- a/testing/btest/Baseline/core.checksums/good.out +++ b/testing/btest/Baseline/core.checksums/good.out @@ -3,54 +3,68 @@ #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-22-19 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro +#end 2012-04-10-16-22-19 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-18-05-25 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332785125.596793 - - - - - routing0_hdr - F bro +#end 2012-03-26-18-05-25 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-03-26-17-21-48 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1332782508.592037 - - - - - routing0_hdr - F bro +#end 2012-03-26-17-21-48 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-23-47 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334075027.053380 - - - - - routing0_hdr - F bro +#end 2012-04-10-16-23-47 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-23-47 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334075027.053380 - - - - - routing0_hdr - F bro +#end 2012-04-10-16-23-47 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-23-47 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334075027.053380 - - - - - routing0_hdr - F bro +#end 2012-04-10-16-23-47 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-16-23-47 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334075027.053380 - - - - - routing0_hdr - F bro +#end 2012-04-10-16-23-47 diff --git a/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log index 478cfe8667..d29456f75f 100644 --- a/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log +++ b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path weird +#start 2012-04-05-21-56-51 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1333663011.602839 - - - - - unknown_protocol_135 - F bro +#end 2012-04-05-21-56-51 diff --git a/testing/btest/Baseline/core.expr-exception/reporter.log b/testing/btest/Baseline/core.expr-exception/reporter.log index 2d0441f48a..f9e33d9718 100644 --- a/testing/btest/Baseline/core.expr-exception/reporter.log +++ b/testing/btest/Baseline/core.expr-exception/reporter.log @@ -3,14 +3,16 @@ #empty_field (empty) #unset_field - #path reporter +#start 2011-03-18-19-06-08 #fields ts level message location #types time enum string string -1300475168.783842 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.915940 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.916118 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.918295 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.952193 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.952228 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.954761 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475168.962628 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 -1300475169.780331 Reporter::ERROR field value missing [c$ftp] /home/jsiwek/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.783842 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.915940 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.916118 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.918295 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.952193 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.952228 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.954761 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475168.962628 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +1300475169.780331 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10 +#end 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/core.ipv6-frag/dns.log b/testing/btest/Baseline/core.ipv6-frag/dns.log index 251f35d789..2003d1f253 100644 --- a/testing/btest/Baseline/core.ipv6-frag/dns.log +++ b/testing/btest/Baseline/core.ipv6-frag/dns.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path dns +#start 2012-03-07-01-37-58 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs #types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] 1331084278.438444 UWkUyAuUGXf 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 1331084293.592245 arKYeMETxOg 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 +#end 2012-03-07-01-38-18 diff --git a/testing/btest/Baseline/core.print-bpf-filters/conn.log b/testing/btest/Baseline/core.print-bpf-filters/conn.log index b563c4a3ed..4033b64e2a 100644 --- a/testing/btest/Baseline/core.print-bpf-filters/conn.log +++ b/testing/btest/Baseline/core.print-bpf-filters/conn.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path conn +#start 2005-10-07-23-23-57 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 1128727435.450898 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 730 10 9945 (empty) +#end 2005-10-07-23-23-57 diff --git a/testing/btest/Baseline/core.print-bpf-filters/output b/testing/btest/Baseline/core.print-bpf-filters/output index d1c2d47893..e4bc04192a 100644 --- a/testing/btest/Baseline/core.print-bpf-filters/output +++ b/testing/btest/Baseline/core.print-bpf-filters/output @@ -3,30 +3,38 @@ #empty_field (empty) #unset_field - #path packet_filter +#start 1970-01-01-00-00-00 #fields ts node filter init success #types time string string bool bool -1340229717.179155 - ip or not ip T T +1342748953.570646 - ip or not ip T T +#end #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path packet_filter +#start 1970-01-01-00-00-00 #fields ts node filter init success #types time string string bool bool -1340229717.462355 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666) T T +1342748953.898675 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666) T T +#end #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path packet_filter +#start 1970-01-01-00-00-00 #fields ts node filter init success #types time string string bool bool -1340229717.733007 - port 42 T T +1342748954.278211 - port 42 T T +#end #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path packet_filter +#start 1970-01-01-00-00-00 #fields ts node filter init success #types time string string bool bool -1340229718.001009 - port 56730 T T +1342748954.883780 - port 56730 T T +#end 2005-10-07-23-23-57 diff --git a/testing/btest/Baseline/core.reporter-error-in-handler/output b/testing/btest/Baseline/core.reporter-error-in-handler/output index 3d8aa6ff54..83b310ab61 100644 --- a/testing/btest/Baseline/core.reporter-error-in-handler/output +++ b/testing/btest/Baseline/core.reporter-error-in-handler/output @@ -1,2 +1,2 @@ -error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 22: no such index (a[2]) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 22: no such index (a[2]) 1st error printed on script level diff --git a/testing/btest/Baseline/core.reporter-fmt-strings/output b/testing/btest/Baseline/core.reporter-fmt-strings/output index 4842dd9fc5..bbd76f3447 100644 --- a/testing/btest/Baseline/core.reporter-fmt-strings/output +++ b/testing/btest/Baseline/core.reporter-fmt-strings/output @@ -1 +1 @@ -error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.bro, line 9: not an event (dont_interpret_this(%s)) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.bro, line 9: not an event (dont_interpret_this(%s)) diff --git a/testing/btest/Baseline/core.reporter-parse-error/output b/testing/btest/Baseline/core.reporter-parse-error/output index 7606fe5667..76535f75d1 100644 --- a/testing/btest/Baseline/core.reporter-parse-error/output +++ b/testing/btest/Baseline/core.reporter-parse-error/output @@ -1 +1 @@ -error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.bro, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE" +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.bro, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE" diff --git a/testing/btest/Baseline/core.reporter-runtime-error/output b/testing/btest/Baseline/core.reporter-runtime-error/output index 3a96954101..59bcc3ac9b 100644 --- a/testing/btest/Baseline/core.reporter-runtime-error/output +++ b/testing/btest/Baseline/core.reporter-runtime-error/output @@ -1 +1 @@ -error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.bro, line 12: no such index (a[1]) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.bro, line 12: no such index (a[1]) diff --git a/testing/btest/Baseline/core.reporter-type-mismatch/output b/testing/btest/Baseline/core.reporter-type-mismatch/output index 4c038ea8c5..23eefd13e8 100644 --- a/testing/btest/Baseline/core.reporter-type-mismatch/output +++ b/testing/btest/Baseline/core.reporter-type-mismatch/output @@ -1,3 +1,3 @@ -error in string and /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: arithmetic mixed with non-arithmetic (string and 42) -error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11 and string: type mismatch (42 and string) -error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: argument type mismatch in event invocation (foo(42)) +error in string and /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: arithmetic mixed with non-arithmetic (string and 42) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11 and string: type mismatch (42 and string) +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: argument type mismatch in event invocation (foo(42)) diff --git a/testing/btest/Baseline/core.reporter/logger-test.log b/testing/btest/Baseline/core.reporter/logger-test.log index bc2abd142a..6f7ba1d8c7 100644 --- a/testing/btest/Baseline/core.reporter/logger-test.log +++ b/testing/btest/Baseline/core.reporter/logger-test.log @@ -1,6 +1,6 @@ -reporter_info|init test-info|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 8|0.000000 -reporter_warning|init test-warning|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 9|0.000000 -reporter_error|init test-error|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 10|0.000000 -reporter_info|done test-info|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 15|0.000000 -reporter_warning|done test-warning|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 16|0.000000 -reporter_error|done test-error|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 17|0.000000 +reporter_info|init test-info|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 8|0.000000 +reporter_warning|init test-warning|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 9|0.000000 +reporter_error|init test-error|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 10|0.000000 +reporter_info|done test-info|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 15|0.000000 +reporter_warning|done test-warning|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 16|0.000000 +reporter_error|done test-error|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 17|0.000000 diff --git a/testing/btest/Baseline/core.reporter/output b/testing/btest/Baseline/core.reporter/output index 185cabb1eb..2735adc931 100644 --- a/testing/btest/Baseline/core.reporter/output +++ b/testing/btest/Baseline/core.reporter/output @@ -1,3 +1,3 @@ -/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 52: pre test-info -warning in /Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 53: pre test-warning -error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 54: pre test-error +/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 52: pre test-info +warning in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 53: pre test-warning +error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 54: pre test-error diff --git a/testing/btest/Baseline/core.truncation/output b/testing/btest/Baseline/core.truncation/output index 95d9073648..836f9170d4 100644 --- a/testing/btest/Baseline/core.truncation/output +++ b/testing/btest/Baseline/core.truncation/output @@ -3,30 +3,38 @@ #empty_field (empty) #unset_field - #path weird +#start 2012-04-11-16-01-35 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334160095.895421 - - - - - truncated_IP - F bro +#end 2012-04-11-16-01-35 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-11-14-57-21 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334156241.519125 - - - - - truncated_IP - F bro +#end 2012-04-11-14-57-21 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-04-10-21-50-48 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1334094648.590126 - - - - - truncated_IP - F bro +#end 2012-04-10-21-50-48 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path weird +#start 2012-05-29-22-02-34 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1338328954.078361 - - - - - internally_truncated_header - F bro +#end 2012-05-29-22-02-34 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/conn.log b/testing/btest/Baseline/core.tunnels.ayiya/conn.log index db54a8a475..82a3828f0d 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/conn.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/conn.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path conn +#start 2009-11-08-04-41-57 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 1257655301.595604 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - 0 ShADad 10 3605 11 5329 k6kgXLOoSKl @@ -13,3 +14,4 @@ 1257655296.585188 TEfuqmmG4bh fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl 1257655296.585151 j4u32Pc5bif fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl 1257655296.585034 nQcgTWjvg4c fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl +#end 2009-11-08-04-41-57 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/http.log b/testing/btest/Baseline/core.tunnels.ayiya/http.log index 7cef1a1b8e..4fbcd508f4 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/http.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/http.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path http +#start 2009-11-08-04-41-41 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file 1257655301.652206 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - - (empty) - - - text/html - - 1257655302.514424 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - 1257655303.603569 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - +#end 2009-11-08-04-41-57 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log index b4ef2781c6..123ea8a792 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log @@ -3,9 +3,11 @@ #empty_field (empty) #unset_field - #path tunnel +#start 2009-11-08-04-41-33 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1257655293.629048 UWkUyAuUGXf 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER 1257655296.585034 k6kgXLOoSKl 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER 1257655317.464035 k6kgXLOoSKl 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE 1257655317.464035 UWkUyAuUGXf 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE +#end 2009-11-08-04-41-57 diff --git a/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log b/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log index 4949f16e62..63a0437445 100644 --- a/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log +++ b/testing/btest/Baseline/core.tunnels.false-teredo/dpd.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path dpd +#start 2009-11-18-17-59-51 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason #types time string addr port addr port enum string string 1258567191.486869 UWkUyAuUGXf 192.168.1.105 57696 192.168.1.1 53 udp TEREDO Teredo payload length [c\x1d\x81\x80\x00\x01\x00\x02\x00\x02\x00\x00\x04amch\x0equestionmarket\x03com\x00\x00\x01\x00...] @@ -11,3 +12,4 @@ 1258581768.898165 TEfuqmmG4bh 192.168.1.104 50798 192.168.1.1 53 udp TEREDO Teredo payload length [o\xe3\x81\x80\x00\x01\x00\x02\x00\x04\x00\x04\x03www\x0fnashuatelegraph\x03com\x00\x00\x01\x00...] 1258584478.989528 FrJExwHcSal 192.168.1.104 64963 192.168.1.1 53 udp TEREDO Teredo payload length [e\xbd\x81\x80\x00\x01\x00\x08\x00\x06\x00\x06\x08wellness\x05blogs\x04time\x03com\x00\x00\x01\x00...] 1258600683.934672 5OKnoww6xl4 192.168.1.103 59838 192.168.1.1 53 udp TEREDO Teredo payload length [h\xf0\x81\x80\x00\x01\x00\x01\x00\x02\x00\x00\x06update\x0csanasecurity\x03com\x00\x00\x01\x00...] +#end 2009-11-19-03-18-03 diff --git a/testing/btest/Baseline/core.tunnels.false-teredo/weird.log b/testing/btest/Baseline/core.tunnels.false-teredo/weird.log index 0ec1d0a7cf..eb4319c7eb 100644 --- a/testing/btest/Baseline/core.tunnels.false-teredo/weird.log +++ b/testing/btest/Baseline/core.tunnels.false-teredo/weird.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path weird +#start 2009-11-18-17-59-51 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1258567191.405770 - - - - - truncated_header_in_tunnel - F bro @@ -11,3 +12,4 @@ 1258581768.568451 - - - - - truncated_header_in_tunnel - F bro 1258584478.859853 - - - - - truncated_header_in_tunnel - F bro 1258600683.934458 - - - - - truncated_header_in_tunnel - F bro +#end 2009-11-19-03-18-03 diff --git a/testing/btest/Baseline/core.tunnels.teredo/conn.log b/testing/btest/Baseline/core.tunnels.teredo/conn.log index cefc8f3e84..2342953339 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo/conn.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path conn +#start 2008-05-16-15-50-57 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 1210953047.736921 arKYeMETxOg 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - 0 fA 1 40 1 40 (empty) @@ -26,3 +27,4 @@ 1210953052.324629 FrJExwHcSal fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 TEfuqmmG4bh 1210953060.829303 qCaWGmzFtM5 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - 0 - 1 52 1 52 GSxOnSLghOa,nQcgTWjvg4c 1210953052.202579 j4u32Pc5bif fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 nQcgTWjvg4c +#end 2008-05-16-15-51-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo/http.log b/testing/btest/Baseline/core.tunnels.teredo/http.log index b3cf832083..c0db5fc146 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/http.log +++ b/testing/btest/Baseline/core.tunnels.teredo/http.log @@ -3,9 +3,11 @@ #empty_field (empty) #unset_field - #path http +#start 2008-05-16-15-50-58 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file 1210953057.917183 3PKsZ2Uye21 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - Syncer/4.80 (av_pro-1169;f) 589 0 204 - - - (empty) - - - text/plain - - 1210953061.585996 70MGiRM1Qf4 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - text/html - - 1210953073.381474 70MGiRM1Qf4 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - text/html - - 1210953074.674817 c4Zw9TmAE05 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - text/xml - - +#end 2008-05-16-15-51-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log index 9cead25be1..ab14bf68bc 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path tunnel +#start 2008-05-16-15-50-52 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1210953052.202579 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER @@ -11,3 +12,4 @@ 1210953076.058333 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 GSxOnSLghOa 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE +#end 2008-05-16-15-51-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log index 6ceb4efcb3..7b9ff58624 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path conn +#start 2012-06-19-17-39-37 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 1340127577.354166 FrJExwHcSal 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - 0 ShADad 10 2279 12 11191 j4u32Pc5bif @@ -12,3 +13,4 @@ 1340127577.339015 nQcgTWjvg4c fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 k6kgXLOoSKl 1340127577.343969 TEfuqmmG4bh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - 0 - 1 52 1 52 UWkUyAuUGXf,j4u32Pc5bif 1340127577.336558 arKYeMETxOg fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 UWkUyAuUGXf +#end 2012-06-19-17-39-37 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log index 869476d7db..12f0d7be7a 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path http +#start 2012-06-19-17-39-37 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file 1340127577.361683 FrJExwHcSal 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - text/html - - 1340127577.379360 FrJExwHcSal 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - text/html - - +#end 2012-06-19-17-39-37 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log index 30f88ed251..1a14b3edb7 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path tunnel +#start 2012-06-19-17-39-37 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1340127577.336558 UWkUyAuUGXf 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER @@ -11,3 +12,4 @@ 1340127577.406995 UWkUyAuUGXf 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 j4u32Pc5bif 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 k6kgXLOoSKl 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE +#end 2012-06-19-17-39-37 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log index e01fa49d45..8b252a5819 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path weird +#start 2012-06-19-17-39-37 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1340127577.346849 UWkUyAuUGXf 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F bro 1340127577.349292 j4u32Pc5bif 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F bro +#end 2012-06-19-17-39-37 diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index e165df621a..72e13ee9b4 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path conn +#start 2005-10-07-23-23-55 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - 0 SADF 11 470 0 0 (empty) 1128727435.450898 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 730 10 9945 (empty) 1278600802.069419 k6kgXLOoSKl 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty) +#end 2010-07-08-14-53-22 diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 0f12ce4ead..8f90296b63 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts +#start 2012-07-20-01-49-31 #fields name #types string scripts/base/init-bare.bro @@ -28,3 +29,4 @@ scripts/base/init-bare.bro scripts/base/frameworks/input/./readers/raw.bro scripts/base/frameworks/input/./readers/benchmark.bro scripts/policy/misc/loaded-scripts.bro +#end 2012-07-20-01-49-31 diff --git a/testing/btest/Baseline/coverage.coverage-blacklist/output b/testing/btest/Baseline/coverage.coverage-blacklist/output index 6d3d243220..c54e4283b2 100644 --- a/testing/btest/Baseline/coverage.coverage-blacklist/output +++ b/testing/btest/Baseline/coverage.coverage-blacklist/output @@ -1,5 +1,5 @@ -1 /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 13 print cover me; -1 /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 17 print always executed; -0 /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 26 print also impossible, but included in code coverage analysis; -1 /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 29 print success; -1 /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 5 print first; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 13 print cover me; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 17 print always executed; +0 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 26 print also impossible, but included in code coverage analysis; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 29 print success; +1 /da/home/robin/bro/master/testing/btest/.tmp/coverage.coverage-blacklist/coverage-blacklist.bro, line 5 print first; diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index f1f9791fc3..6bc461ed65 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts +#start 2012-07-20-01-49-33 #fields name #types string scripts/base/init-bare.bro @@ -108,3 +109,4 @@ scripts/base/init-default.bro scripts/base/protocols/syslog/./consts.bro scripts/base/protocols/syslog/./main.bro scripts/policy/misc/loaded-scripts.bro +#end 2012-07-20-01-49-33 diff --git a/testing/btest/Baseline/istate.broccoli/bro.log b/testing/btest/Baseline/istate.broccoli/bro.log index 4fbbfc81ae..70bf23f95a 100644 --- a/testing/btest/Baseline/istate.broccoli/bro.log +++ b/testing/btest/Baseline/istate.broccoli/bro.log @@ -1,3 +1,3 @@ -ping received, seq 0, 1324314397.698781 at src, 1324314397.699240 at dest, -ping received, seq 1, 1324314398.698905 at src, 1324314398.699094 at dest, -ping received, seq 2, 1324314399.699012 at src, 1324314399.699231 at dest, +ping received, seq 0, 1342749173.594568 at src, 1342749173.637317 at dest, +ping received, seq 1, 1342749174.594948 at src, 1342749174.596551 at dest, +ping received, seq 2, 1342749175.595486 at src, 1342749175.596581 at dest, diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index 5a7912d23d..c9a996ef5b 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path http +#start 2012-07-20-01-53-03 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1336588614.060989 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +1342749182.906082 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +#end 2012-07-20-01-53-04 diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index 5a7912d23d..c9a996ef5b 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path http +#start 2012-07-20-01-53-03 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1336588614.060989 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +1342749182.906082 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +#end 2012-07-20-01-53-04 diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 55a0189cec..566457b996 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path http +#start 2012-07-20-01-53-12 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1336587178.164598 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +1342749191.765740 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +#end 2012-07-20-01-53-13 diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 55a0189cec..566457b996 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path http +#start 2012-07-20-01-53-12 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file -1336587178.164598 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +1342749191.765740 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - - +#end 2012-07-20-01-53-13 diff --git a/testing/btest/Baseline/istate.pybroccoli/bro..stdout b/testing/btest/Baseline/istate.pybroccoli/bro..stdout index a5d20b1f2a..b73d342967 100644 --- a/testing/btest/Baseline/istate.pybroccoli/bro..stdout +++ b/testing/btest/Baseline/istate.pybroccoli/bro..stdout @@ -1,7 +1,7 @@ ==== atomic -10 2 -1336411585.166009 +1342749196.619505 2.0 mins F 1.5 diff --git a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered index a44a95bd69..2f2a5978d8 100644 --- a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered +++ b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered @@ -1,7 +1,7 @@ ==== atomic a 1 ==== -4L -4 42 42 -1336411585.1711 +1342749196.6624 60.0 True True 3.14 @@ -14,7 +14,7 @@ True True ==== atomic a 2 ==== -10L -10 2 2 -1336411585.1660 +1342749196.6195 120.0 False False 1.5 @@ -27,7 +27,7 @@ False False ==== atomic b 2 ==== -10L -10 2 - 1336411585.1660 + 1342749196.6195 120.0 False False 1.5 diff --git a/testing/btest/Baseline/language.wrong-delete-field/output b/testing/btest/Baseline/language.wrong-delete-field/output index c2aae8aae3..1eefa1d2fe 100644 --- a/testing/btest/Baseline/language.wrong-delete-field/output +++ b/testing/btest/Baseline/language.wrong-delete-field/output @@ -1 +1 @@ -error in /Users/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10: illegal delete statement (delete x$a) +error in /da/home/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10: illegal delete statement (delete x$a) diff --git a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log index 94e0403238..7e21ff86b7 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log +++ b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log @@ -3,20 +3,22 @@ #empty_field (empty) #unset_field - #path communication +#start 2012-07-20-01-49-40 #fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message #types time string string string addr port string string -1340904724.781527 bro parent - - - info [#1/127.0.0.1:47757] added peer -1340904724.784954 bro child - - - info [#1/127.0.0.1:47757] connected -1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] peer connected -1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] phase: version -1340904724.786168 bro script - - - info connection established -1340904724.786168 bro script - - - info requesting events matching /^?(NOTHING)$?/ -1340904724.786168 bro script - - - info accepting state -1340904724.787645 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake -1340904724.787645 bro parent - - - info warning: no events to request -1340904724.788857 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro -1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that -1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] phase: running -1340904724.829480 bro parent - - - info terminating... -1340904724.832952 bro child - - - info terminating -1340904724.834082 bro parent - - - info [#1/127.0.0.1:47757] closing connection +1342748980.737451 bro parent - - - info [#1/127.0.0.1:47757] added peer +1342748980.747149 bro child - - - info [#1/127.0.0.1:47757] connected +1342748980.748489 bro parent - - - info [#1/127.0.0.1:47757] peer connected +1342748980.748489 bro parent - - - info [#1/127.0.0.1:47757] phase: version +1342748980.750749 bro script - - - info connection established +1342748980.750749 bro script - - - info requesting events matching /^?(NOTHING)$?/ +1342748980.750749 bro script - - - info accepting state +1342748980.752225 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake +1342748980.752225 bro parent - - - info warning: no events to request +1342748980.753384 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro +1342748980.793108 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that +1342748980.793108 bro parent - - - info [#1/127.0.0.1:47757] phase: running +1342748980.793108 bro parent - - - info terminating... +1342748980.796454 bro child - - - info terminating +1342748980.797536 bro parent - - - info [#1/127.0.0.1:47757] closing connection +#end 2012-07-20-01-49-40 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log index 485bfe3eba..a0359c2d70 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path ssh-new-default +#start 2012-07-20-01-49-19 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314313.140603 1.2.3.4 1234 2.3.4.5 80 success unknown -1324314313.140603 1.2.3.4 1234 2.3.4.5 80 failure US +1342748959.430282 1.2.3.4 1234 2.3.4.5 80 success unknown +1342748959.430282 1.2.3.4 1234 2.3.4.5 80 failure US +#end 2012-07-20-01-49-19 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log index 144a7a6426..0c826f9694 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log @@ -3,8 +3,10 @@ #empty_field|(empty) #unset_field|- #path|ssh +#start|2012-07-20-01-49-19 #fields|data|data2 #types|string|string abc\x0a\xffdef|DATA2 abc\x7c\xffdef|DATA2 abc\xff\x7cdef|DATA2 +#end|2012-07-20-01-49-19 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log index a2610bb522..b6e4889a21 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log @@ -5,8 +5,8 @@ PREFIX<>unset_field|NOT-SET PREFIX<>path|ssh PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b PREFIX<>types|time|addr|port|addr|port|string|string|bool -1342126762.852986|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET -1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET -1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET -1342126762.852986|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET -1342126762.852986|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T +1342748959.659721|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET +1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET +1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET +1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET +1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log index c9e69994fc..b1a4ba52e2 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-notset-str/test.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path test +#start 2012-07-20-01-49-19 #fields x y z #types string string string \x2d - (empty) +#end 2012-07-20-01-49-19 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log index 97744b7df8..683f149317 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path http +#start 2011-09-12-03-57-36 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file 1315799856.264750 UWkUyAuUGXf 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - text/html - - +#end 2011-09-12-03-57-37 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log index b88627c806..a03c6f954b 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path test +#start 2012-07-20-01-49-19 #fields ss #types table[string] CC,AA,\x2c,\x2c\x2c +#end 2012-07-20-01-49-19 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log index 0ef81128d3..0c6a266de0 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log @@ -5,8 +5,8 @@ #path||ssh #fields||t||id.orig_h||id.orig_p||id.resp_h||id.resp_p||status||country #types||time||addr||port||addr||port||string||string -1324314313.899736||1.2.3.4||1234||2.3.4.5||80||success||unknown -1324314313.899736||1.2.3.4||1234||2.3.4.5||80||failure||US -1324314313.899736||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK -1324314313.899736||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR -1324314313.899736||1.2.3.4||1234||2.3.4.5||80||failure||MX +1342759749.586006||1.2.3.4||1234||2.3.4.5||80||success||unknown +1342759749.586006||1.2.3.4||1234||2.3.4.5||80||failure||US +1342759749.586006||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK +1342759749.586006||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR +1342759749.586006||1.2.3.4||1234||2.3.4.5||80||failure||MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log index 72df0d73d4..21b81abf95 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-line-like-comment/test.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path test -#start 2012-07-12-21-00-27 +#start 2012-07-20-01-49-22 #fields data c #types string count Test1 42 \x23Kaputt 42 Test2 42 -#end 2012-07-12-21-00-27 +#end 2012-07-20-01-49-22 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log index f66dec7160..6e3263673a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log @@ -1,5 +1,5 @@ -1324314313.990741|1.2.3.4|1234|2.3.4.5|80|success|unknown -1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|US -1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|UK -1324314313.990741|1.2.3.4|1234|2.3.4.5|80|success|BR -1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|MX +1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|unknown +1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|US +1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|UK +1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|BR +1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log index 00ab6c8ca0..5fba268afa 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path test +#start 2012-07-20-01-49-20 #fields data #types time 1234567890.000000 @@ -13,3 +14,4 @@ 1234567890.000010 1234567890.000001 1234567890.000000 +#end 2012-07-20-01-49-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log index 5acaa7b2fc..7d3bbc0774 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-20 #fields status country a1 b1 b2 #types string string count count count success unknown 1 3 4 +#end 2012-07-20-01-49-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log index 086a4836fe..c3163dba6f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-20 #fields status country #types string string success unknown @@ -10,3 +11,4 @@ failure US failure UK success BR failure MX +#end 2012-07-20-01-49-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt index e9640dfd9d..e6abc3f1f6 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt @@ -27,8 +27,8 @@ # Extent, type='ssh' t id.orig_h id.orig_p id.resp_h id.resp_p status country -1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success unknown -1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure US -1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure UK -1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success BR -1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure MX +1342748962.493341 1.2.3.4 1234 2.3.4.5 80 success unknown +1342748962.493341 1.2.3.4 1234 2.3.4.5 80 failure US +1342748962.493341 1.2.3.4 1234 2.3.4.5 80 failure UK +1342748962.493341 1.2.3.4 1234 2.3.4.5 80 success BR +1342748962.493341 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log index 16ba17c62c..42f945bf0c 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log @@ -3,10 +3,12 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-20 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314314.443785 1.2.3.4 1234 2.3.4.5 80 success unknown -1324314314.443785 1.2.3.4 1234 2.3.4.5 80 failure US -1324314314.443785 1.2.3.4 1234 2.3.4.5 80 failure UK -1324314314.443785 1.2.3.4 1234 2.3.4.5 80 success BR -1324314314.443785 1.2.3.4 1234 2.3.4.5 80 failure MX +1342748960.468458 1.2.3.4 1234 2.3.4.5 80 success unknown +1342748960.468458 1.2.3.4 1234 2.3.4.5 80 failure US +1342748960.468458 1.2.3.4 1234 2.3.4.5 80 failure UK +1342748960.468458 1.2.3.4 1234 2.3.4.5 80 success BR +1342748960.468458 1.2.3.4 1234 2.3.4.5 80 failure MX +#end 2012-07-20-01-49-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.events/output b/testing/btest/Baseline/scripts.base.frameworks.logging.events/output index 5da27764a5..6bd153946e 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.events/output +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.events/output @@ -1,2 +1,2 @@ -[t=1324314314.738385, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=success, country=unknown] -[t=1324314314.738385, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=failure, country=US] +[t=1342748960.593451, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=success, country=unknown] +[t=1342748960.593451, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=failure, country=US] diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log index 4ccf4c836a..3fe01ff913 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-20 #fields id.orig_p id.resp_h id.resp_p status country #types port addr port string string 1234 2.3.4.5 80 success unknown @@ -10,3 +11,4 @@ 1234 2.3.4.5 80 failure UK 1234 2.3.4.5 80 success BR 1234 2.3.4.5 80 failure MX +#end 2012-07-20-01-49-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log index 4aa3d8f0a7..205f37243f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-20 #fields t f #types time file -1324314314.940195 Foo.log +1342748960.757056 Foo.log +#end 2012-07-20-01-49-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log index 00242d65c1..cafacf9c4e 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log @@ -3,10 +3,12 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-20 #fields t id.orig_h #types time addr -1324314315.040480 1.2.3.4 -1324314315.040480 1.2.3.4 -1324314315.040480 1.2.3.4 -1324314315.040480 1.2.3.4 -1324314315.040480 1.2.3.4 +1342748960.796093 1.2.3.4 +1342748960.796093 1.2.3.4 +1342748960.796093 1.2.3.4 +1342748960.796093 1.2.3.4 +1342748960.796093 1.2.3.4 +#end 2012-07-20-01-49-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log index c2c69f3153..3240e9f824 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path local +#start 2011-03-18-19-06-13 #fields ts id.orig_h #types time addr 1300475168.859163 141.142.220.118 @@ -35,3 +36,4 @@ 1300475168.902195 141.142.220.118 1300475168.894787 141.142.220.118 1300475168.901749 141.142.220.118 +#end 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log index b396c3fc2d..84980836c4 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log @@ -3,9 +3,11 @@ #empty_field (empty) #unset_field - #path remote +#start 2011-03-18-19-06-13 #fields ts id.orig_h #types time addr 1300475169.780331 173.192.163.128 1300475167.097012 fe80::217:f2ff:fed7:cf65 1300475171.675372 fe80::3074:17d5:2052:c324 1300475173.116749 fe80::3074:17d5:2052:c324 +#end 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output index a6b8a4e090..1c67ff52b6 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output @@ -10,54 +10,68 @@ static-prefix-2-UK.log #empty_field (empty) #unset_field - #path static-prefix-0-BR +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.385189 1.2.3.4 1234 2.3.4.5 80 success BR +1342748961.180156 1.2.3.4 1234 2.3.4.5 80 success BR +#end 2012-07-20-01-49-21 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path static-prefix-0-MX3 +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure MX3 +1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure MX3 +#end 2012-07-20-01-49-21 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path static-prefix-0-unknown +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.385189 1.2.3.4 1234 2.3.4.5 80 success unknown +1342748961.180156 1.2.3.4 1234 2.3.4.5 80 success unknown +#end 2012-07-20-01-49-21 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path static-prefix-1-MX +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure MX +1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure MX +#end 2012-07-20-01-49-21 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path static-prefix-1-US +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure US +1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure US +#end 2012-07-20-01-49-21 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path static-prefix-2-MX2 +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure MX2 +1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure MX2 +#end 2012-07-20-01-49-21 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path static-prefix-2-UK +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure UK +1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure UK +#end 2012-07-20-01-49-21 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log index 733bb02847..96dede8965 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path test.failure +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.498365 1.2.3.4 1234 2.3.4.5 80 failure US +1342748961.488370 1.2.3.4 1234 2.3.4.5 80 failure US +#end 2012-07-20-01-49-21 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log index 0261caeb06..85b5ca9f45 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path test.success +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314315.498365 1.2.3.4 1234 2.3.4.5 80 success unknown +1342748961.488370 1.2.3.4 1234 2.3.4.5 80 success unknown +#end 2012-07-20-01-49-21 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log index d9bd34309a..aa18822daf 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log @@ -3,6 +3,8 @@ #empty_field EMPTY #unset_field - #path test +#start 1970-01-01-00-00-00 #fields b i e c p sn a d t iv s sc ss se vc ve #types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] -T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324314315.880694 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY +T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1342749004.579242 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY +#end 2012-07-20-01-50-05 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log index 6cb58bf4ac..36b88e496d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path test.failure +#start 2012-07-20-01-50-18 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure US -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure UK -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure MX +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure US +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure UK +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure MX +#end 2012-07-20-01-50-18 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log index f5b79ee2c4..22d354fce4 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log @@ -3,10 +3,12 @@ #empty_field (empty) #unset_field - #path test +#start 2012-07-20-01-50-18 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success unknown -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure US -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure UK -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success BR -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure MX +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success unknown +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure US +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure UK +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success BR +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure MX +#end 2012-07-20-01-50-18 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log index c40e56af93..888dc424b5 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path test.success +#start 2012-07-20-01-50-18 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success unknown -1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success BR +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success unknown +1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success BR +#end 2012-07-20-01-50-18 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log index cb3d4aafb8..5a23ad2066 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path ssh.failure +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure US -1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure UK +1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure US +1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure UK +#end 2012-07-20-01-49-21 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log index 38a5bb660c..cea1069748 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure US -1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure UK -1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure BR +1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure US +1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure UK +1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure BR +#end 2012-07-20-01-49-21 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out index 915915f43e..91b6f5de7a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out @@ -19,11 +19,31 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, pat custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F] custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T] #empty_field (empty) +#end 2011-03-07-03-59-55 +#end 2011-03-07-04-00-05 +#end 2011-03-07-04-59-55 +#end 2011-03-07-05-00-05 +#end 2011-03-07-05-59-55 +#end 2011-03-07-06-00-05 +#end 2011-03-07-06-59-55 +#end 2011-03-07-07-00-05 +#end 2011-03-07-07-59-55 +#end 2011-03-07-08-00-05 +#end 2011-03-07-08-59-55 +#end 2011-03-07-09-00-05 +#end 2011-03-07-09-59-55 +#end 2011-03-07-10-00-05 +#end 2011-03-07-10-59-55 +#end 2011-03-07-11-00-05 +#end 2011-03-07-11-59-55 +#end 2011-03-07-12-00-05 +#end 2011-03-07-12-59-55 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #path test #path test2 #separator \x09 #set_separator , +#start 2011-03-07-03-00-05 #types time addr port addr port #unset_field - 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out index c335b5eeb9..4764ff23d0 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out @@ -14,97 +14,117 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 1299470395.000000 10.0.0.2 20 10.0.0.3 0 +#end 2011-03-07-04-00-05 > test.2011-03-07-04-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299470405.000000 10.0.0.1 20 10.0.0.2 1025 1299473995.000000 10.0.0.2 20 10.0.0.3 1 +#end 2011-03-07-05-00-05 > test.2011-03-07-05-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299474005.000000 10.0.0.1 20 10.0.0.2 1026 1299477595.000000 10.0.0.2 20 10.0.0.3 2 +#end 2011-03-07-06-00-05 > test.2011-03-07-06-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299477605.000000 10.0.0.1 20 10.0.0.2 1027 1299481195.000000 10.0.0.2 20 10.0.0.3 3 +#end 2011-03-07-07-00-05 > test.2011-03-07-07-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299481205.000000 10.0.0.1 20 10.0.0.2 1028 1299484795.000000 10.0.0.2 20 10.0.0.3 4 +#end 2011-03-07-08-00-05 > test.2011-03-07-08-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299484805.000000 10.0.0.1 20 10.0.0.2 1029 1299488395.000000 10.0.0.2 20 10.0.0.3 5 +#end 2011-03-07-09-00-05 > test.2011-03-07-09-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299488405.000000 10.0.0.1 20 10.0.0.2 1030 1299491995.000000 10.0.0.2 20 10.0.0.3 6 +#end 2011-03-07-10-00-05 > test.2011-03-07-10-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299492005.000000 10.0.0.1 20 10.0.0.2 1031 1299495595.000000 10.0.0.2 20 10.0.0.3 7 +#end 2011-03-07-11-00-05 > test.2011-03-07-11-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299495605.000000 10.0.0.1 20 10.0.0.2 1032 1299499195.000000 10.0.0.2 20 10.0.0.3 8 +#end 2011-03-07-12-00-05 > test.2011-03-07-12-00-05.log #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path test +#start 2011-03-07-03-00-05 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #types time addr port addr port 1299499205.000000 10.0.0.1 20 10.0.0.2 1033 1299502795.000000 10.0.0.2 20 10.0.0.3 9 +#end 2011-03-07-12-59-55 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output index 09afe2031c..110cef054a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output @@ -3,10 +3,12 @@ #empty_field (empty) #unset_field - #path /dev/stdout +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314328.844271 1.2.3.4 1234 2.3.4.5 80 success unknown -1324314328.844271 1.2.3.4 1234 2.3.4.5 80 failure US -1324314328.844271 1.2.3.4 1234 2.3.4.5 80 failure UK -1324314328.844271 1.2.3.4 1234 2.3.4.5 80 success BR -1324314328.844271 1.2.3.4 1234 2.3.4.5 80 failure MX +1342748961.732599 1.2.3.4 1234 2.3.4.5 80 success unknown +1342748961.732599 1.2.3.4 1234 2.3.4.5 80 failure US +1342748961.732599 1.2.3.4 1234 2.3.4.5 80 failure UK +1342748961.732599 1.2.3.4 1234 2.3.4.5 80 success BR +1342748961.732599 1.2.3.4 1234 2.3.4.5 80 failure MX +#end 2012-07-20-01-49-21 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log index 53292324af..c9191b666e 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log @@ -3,10 +3,12 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-21 #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #types time addr port addr port string string -1324314328.950525 1.2.3.4 1234 2.3.4.5 80 success unknown -1324314328.950525 1.2.3.4 1234 2.3.4.5 80 failure US -1324314328.950525 1.2.3.4 1234 2.3.4.5 80 failure UK -1324314328.950525 1.2.3.4 1234 2.3.4.5 80 success BR -1324314328.950525 1.2.3.4 1234 2.3.4.5 80 failure MX +1342748961.748481 1.2.3.4 1234 2.3.4.5 80 success unknown +1342748961.748481 1.2.3.4 1234 2.3.4.5 80 failure US +1342748961.748481 1.2.3.4 1234 2.3.4.5 80 failure UK +1342748961.748481 1.2.3.4 1234 2.3.4.5 80 success BR +1342748961.748481 1.2.3.4 1234 2.3.4.5 80 failure MX +#end 2012-07-20-01-49-21 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log index 74aa0312a1..1fc29dbb4e 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log @@ -3,6 +3,8 @@ #empty_field EMPTY #unset_field - #path ssh +#start 2012-07-20-01-49-22 #fields b i e c p sn a d t iv s sc ss se vc ve f #types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] func -T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324314329.051618 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} +T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1342748962.114672 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} +#end 2012-07-20-01-49-22 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log index 7956ad11a0..b4089aeee8 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path testing +#start 2012-07-20-01-49-22 #fields a.val1 a.val2 b #types count count count - - 6 1 2 3 +#end 2012-07-20-01-49-22 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log index 65ab5592bf..ae5d6d246e 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path ssh +#start 2012-07-20-01-49-22 #fields vec #types vector[string] -,2,-,-,5 +#end 2012-07-20-01-49-22 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log index a22deb26e4..a3f476c1fb 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path metrics +#start 2012-07-20-01-50-41 #fields ts metric_id filter_name index.host index.str index.network value #types time enum string addr string subnet count -1328303679.867377 TEST_METRIC foo-bar 6.5.4.3 - - 4 -1328303679.867377 TEST_METRIC foo-bar 7.2.1.5 - - 2 -1328303679.867377 TEST_METRIC foo-bar 1.2.3.4 - - 6 +1342749041.601712 TEST_METRIC foo-bar 6.5.4.3 - - 4 +1342749041.601712 TEST_METRIC foo-bar 7.2.1.5 - - 2 +1342749041.601712 TEST_METRIC foo-bar 1.2.3.4 - - 6 +#end 2012-07-20-01-50-49 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log index 4bfb6964ea..b497da5194 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path metrics +#start 2012-07-20-01-49-22 #fields ts metric_id filter_name index.host index.str index.network value #types time enum string addr string subnet count -1328303763.333948 TEST_METRIC foo-bar 6.5.4.3 - - 2 -1328303763.333948 TEST_METRIC foo-bar 7.2.1.5 - - 1 -1328303763.333948 TEST_METRIC foo-bar 1.2.3.4 - - 3 +1342748962.841548 TEST_METRIC foo-bar 6.5.4.3 - - 2 +1342748962.841548 TEST_METRIC foo-bar 7.2.1.5 - - 1 +1342748962.841548 TEST_METRIC foo-bar 1.2.3.4 - - 3 +#end 2012-07-20-01-49-22 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log index 59d70896fb..8f3a9dc70c 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path notice +#start 2012-07-20-01-50-59 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet -1325633225.777902 - - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - - +1342749059.978651 - - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - - +#end 2012-07-20-01-51-08 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log index 58346b79e6..5a214b26cc 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path notice +#start 2012-07-20-01-49-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet -1325633274.875473 - - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - - -1325633274.875473 - - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 6.5.4.3 - - +1342748963.085888 - - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - - +1342748963.085888 - - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 6.5.4.3 - - +#end 2012-07-20-01-49-23 diff --git a/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log index 10888b21ec..4903ec0c01 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path notice +#start 2012-07-20-01-51-18 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet -1325633122.490990 - - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - - +1342749078.270791 - - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - - +#end 2012-07-20-01-51-27 diff --git a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log index 5deac88071..bd77a90c86 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path notice +#start 2012-07-20-01-51-36 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet -1325633150.723248 - - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - - +1342749096.545663 - - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - - +#end 2012-07-20-01-51-45 diff --git a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log index 1d168d7613..5a3cdfa69f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path notice +#start 2012-07-20-01-49-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude #types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double -1325633207.922993 - - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 6 3600.000000 F - - - - - +1342748963.685754 - - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 6 3600.000000 F - - - - - +#end 2012-07-20-01-49-23 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log index 4a20ec39b4..316056fa8c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path conn +#start 2012-02-21-16-53-13 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 1329843175.736107 arKYeMETxOg 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) @@ -10,3 +11,4 @@ 1329843194.151526 nQcgTWjvg4c 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843197.783443 j4u32Pc5bif 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843161.968492 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) +#end 2012-02-21-16-53-20 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log index debc093771..cee57182ed 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/ftp.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path ftp +#start 2012-02-21-16-53-13 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type mime_desc file_size reply_code reply_msg tags extraction_file #types time string addr port addr port string string string string string string count count string table[string] file 1329843179.926563 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test RETR ftp://199.233.217.249/./robots.txt text/plain ASCII text 77 226 Transfer complete. - - 1329843197.727769 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test RETR ftp://199.233.217.249/./robots.txt text/plain ASCII text, with CRLF line terminators 77 226 Transfer complete. - - +#end 2012-02-21-16-53-20 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log index 9d19ffaf85..299bdbc4ba 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path conn +#start 2012-02-15-17-43-15 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 1329327783.316897 arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 (empty) @@ -11,3 +12,4 @@ 1329327795.571921 j4u32Pc5bif 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 (empty) 1329327777.822004 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 (empty) 1329327800.017649 TEfuqmmG4bh 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 (empty) +#end 2012-02-15-17-43-24 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log index 8bc2ef2cb7..096b91df65 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path ftp +#start 2012-02-15-17-43-07 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type mime_desc file_size reply_code reply_msg tags extraction_file #types time string addr port addr port string string string string string string count count string table[string] file 1329327787.396984 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - 1329327795.463946 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - +#end 2012-02-15-17-43-24 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log index ddcea2e9c7..c457f9b64b 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path http +#start 2009-03-19-05-21-36 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file 1237440095.634312 UWkUyAuUGXf 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - text/html - - +#end 2009-03-19-05-21-36 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log index cec098a50b..46ae431fc2 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path http +#start 2005-10-07-23-23-56 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file 1128727435.634189 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat +#end 2005-10-07-23-23-57 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log index d4e5679da1..69e6613a3c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path http +#start 2009-11-18-20-58-04 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file 1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - FAKE_MIME - - @@ -10,3 +11,4 @@ 1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - FAKE_MIME - - 1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - image/png e0029eea80812e9a8e57b8d05d52938a - 1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - image/png 30aa926344f58019d047e85ba049ca1e - +#end 2009-11-18-20-58-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log index dfaf34acbf..6e7eb96454 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path http +#start 2009-11-18-20-58-04 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied md5 extraction_file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string file 1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - - @@ -10,3 +11,4 @@ 1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - - 1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - - 1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - - +#end 2009-11-18-20-58-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log index b5c137bcf8..fe18751420 100644 --- a/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log +++ b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log @@ -3,9 +3,11 @@ #empty_field (empty) #unset_field - #path irc +#start 2011-07-20-19-12-44 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user command value addl dcc_file_name dcc_file_size extraction_file #types time string addr port addr port string string string string string string count file 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - NICK bloed - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - 1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje JOIN #easymovies (empty) - - - 1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje DCC #easymovies (empty) ladyvampress-default(2011-07-07)-OS.zip 42208 - +#end 2011-07-20-19-15-42 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log index 7513bfb9b8..8bd6bd8394 100644 --- a/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log +++ b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log @@ -3,9 +3,11 @@ #empty_field (empty) #unset_field - #path irc +#start 2011-07-20-19-12-44 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user command value addl dcc_file_name dcc_file_size dcc_mime_type extraction_file #types time string addr port addr port string string string string string string count string file 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - NICK bloed - - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - 1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje JOIN #easymovies (empty) - - - - 1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje DCC #easymovies (empty) ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat +#end 2011-07-20-19-15-42 diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log index 2c1380cb44..eca41f7d09 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path smtp +#start 2009-10-05-06-06-12 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent #types time string addr port addr port count string string table[string] string string table[string] string string string string addr string string string vector[addr] string 1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 +#end 2009-10-05-06-06-16 diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log index 453b55932e..9bae222897 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path smtp_entities +#start 2009-10-05-06-06-10 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth filename content_len mime_type md5 extraction_file excerpt #types time string addr port addr port count string count string string file string 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat (empty) 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - (empty) 1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat (empty) +#end 2009-10-05-06-06-16 diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log index 2b471782d5..5cb4bb15ef 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path smtp_entities +#start 2009-10-05-06-06-10 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth filename content_len mime_type md5 extraction_file excerpt #types time string addr port addr port count string count string string file string 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - (empty) 1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - (empty) 1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - (empty) +#end 2009-10-05-06-06-16 diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log index 08d31fdb69..960ea71720 100644 --- a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log +++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path socks +#start 2012-06-20-17-23-38 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p #types time string addr port addr port count string string addr string port addr string port 1340213015.276495 UWkUyAuUGXf 10.0.0.55 53994 60.190.189.214 8124 5 - succeeded - www.osnews.com 80 192.168.0.31 - 2688 +#end 2012-06-20-17-28-10 diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log index a7068cd0da..d914b3074e 100644 --- a/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log +++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace1/tunnel.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path tunnel +#start 2012-06-20-17-23-35 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1340213015.276495 - 10.0.0.55 0 60.190.189.214 8124 Tunnel::SOCKS Tunnel::DISCOVER +#end 2012-06-20-17-28-10 diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log index 8fd109f3a4..ef07cc31a5 100644 --- a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log +++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path socks +#start 2012-06-19-13-41-02 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p #types time string addr port addr port count string string addr string port addr string port 1340113261.914619 UWkUyAuUGXf 10.0.0.50 59580 85.194.84.197 1080 5 - succeeded - www.google.com 443 0.0.0.0 - 443 +#end 2012-06-19-13-41-05 diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log index 5eac3ae7ad..10f079b888 100644 --- a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log +++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path tunnel +#start 2012-06-19-13-41-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1340113261.914619 - 10.0.0.50 0 85.194.84.197 1080 Tunnel::SOCKS Tunnel::DISCOVER +#end 2012-06-19-13-41-05 diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log index 4723cb99c4..4299e302ce 100644 --- a/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log +++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace3/tunnel.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path tunnel +#start 2008-04-15-22-43-49 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1208299429.265774 - 127.0.0.1 0 127.0.0.1 1080 Tunnel::SOCKS Tunnel::DISCOVER +#end 2008-04-15-22-43-49 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log index 74156362e5..b77925e498 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path ssl +#start 2012-04-27-14-53-12 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id subject issuer_subject not_valid_before not_valid_after last_alert #types time string addr port addr port string string string string string string time time string 1335538392.319381 UWkUyAuUGXf 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA ssl.gstatic.com - CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US 1334102677.000000 1365639277.000000 - +#end 2012-04-27-14-53-16 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log index 0799292857..6951e4d51f 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log @@ -3,9 +3,11 @@ #empty_field (empty) #unset_field - #path known_hosts +#start 2011-03-18-19-06-08 #fields ts host #types time addr 1300475168.783842 141.142.220.118 1300475168.783842 208.80.152.118 1300475168.915940 208.80.152.3 1300475168.962628 208.80.152.2 +#end 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log index 6fdba24d39..b70a701448 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path known_hosts +#start 2011-03-18-19-06-08 #fields ts host #types time addr 1300475168.783842 141.142.220.118 +#end 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log index 9ef6ee47b7..8e9d8c6c79 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path known_hosts +#start 2011-03-18-19-06-08 #fields ts host #types time addr 1300475168.783842 208.80.152.118 1300475168.915940 208.80.152.3 1300475168.962628 208.80.152.2 +#end 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log index d53da6f693..25198e92d5 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log @@ -3,6 +3,7 @@ #empty_field (empty) #unset_field - #path known_services +#start 2011-06-24-15-51-31 #fields ts host port_num port_proto service #types time addr port enum table[string] 1308930691.049431 172.16.238.131 22 tcp SSH @@ -10,3 +11,4 @@ 1308930716.462556 74.125.225.81 80 tcp HTTP 1308930718.361665 172.16.238.131 21 tcp FTP 1308930726.872485 141.142.192.39 22 tcp SSH +#end 2011-06-24-15-52-08 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log index ef1722d6a1..598f49fa65 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log @@ -3,8 +3,10 @@ #empty_field (empty) #unset_field - #path known_services +#start 2011-06-24-15-51-31 #fields ts host port_num port_proto service #types time addr port enum table[string] 1308930691.049431 172.16.238.131 22 tcp SSH 1308930694.550308 172.16.238.131 80 tcp HTTP 1308930718.361665 172.16.238.131 21 tcp FTP +#end 2011-06-24-15-52-08 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log index 3fc68cdb91..c248b18146 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log @@ -3,7 +3,9 @@ #empty_field (empty) #unset_field - #path known_services +#start 2011-06-24-15-51-56 #fields ts host port_num port_proto service #types time addr port enum table[string] 1308930716.462556 74.125.225.81 80 tcp HTTP 1308930726.872485 141.142.192.39 22 tcp SSH +#end 2011-06-24-15-52-08 diff --git a/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log index f636093677..fb024db6d2 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log +++ b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log @@ -3,6 +3,8 @@ #empty_field (empty) #unset_field - #path dns +#start 1999-06-28-23-40-27 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs auth addl #types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] table[string] table[string] 930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F T 0 4.3.2.1 31337.000000 - - +#end 1999-06-28-23-40-27 diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro index afbee3f6d9..e09bf112fd 100644 --- a/testing/btest/istate/events-ssl.bro +++ b/testing/btest/istate/events-ssl.bro @@ -7,8 +7,8 @@ # @TEST-EXEC: btest-diff sender/http.log # @TEST-EXEC: btest-diff receiver/http.log # -# @TEST-EXEC: cat sender/http.log $SCRIPTS/diff-remove-timestamps >sender.http.log -# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log +# @TEST-EXEC: cat sender/http.log | $SCRIPTS/diff-remove-timestamps >sender.http.log +# @TEST-EXEC: cat receiver/http.log | $SCRIPTS/diff-remove-timestamps >receiver.http.log # @TEST-EXEC: cmp sender.http.log receiver.http.log # # @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro index 9298ac1c01..70726a9f20 100644 --- a/testing/btest/istate/events.bro +++ b/testing/btest/istate/events.bro @@ -7,8 +7,8 @@ # @TEST-EXEC: btest-diff sender/http.log # @TEST-EXEC: btest-diff receiver/http.log # -# @TEST-EXEC: cat sender/http.log $SCRIPTS/diff-remove-timestamps >sender.http.log -# @TEST-EXEC: cat receiver/http.log $SCRIPTS/diff-remove-timestamps >receiver.http.log +# @TEST-EXEC: cat sender/http.log | $SCRIPTS/diff-remove-timestamps >sender.http.log +# @TEST-EXEC: cat receiver/http.log | $SCRIPTS/diff-remove-timestamps >receiver.http.log # @TEST-EXEC: cmp sender.http.log receiver.http.log # # @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' | $SCRIPTS/diff-remove-timestamps >events.snd.log diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro index f2c370a27a..1d0742216d 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro @@ -1,5 +1,6 @@ # # @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: cat ssh.log | egrep -v '#start|#end' >ssh.log.tmp && mv ssh.log.tmp ssh.log # @TEST-EXEC: btest-diff ssh.log redef LogAscii::separator = "||"; diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps index 9398c1cb4b..cbb5aa5c0e 100755 --- a/testing/scripts/diff-remove-timestamps +++ b/testing/scripts/diff-remove-timestamps @@ -3,4 +3,4 @@ # Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs). sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \ -sed 's/^#\(start\|end\).20..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' +sed 's/^#\(start\|end\).\(19\|20\)..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' From 7fde1165e931ae5007b3d2071fcd1a2e4a8f9b60 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 19 Jul 2012 09:41:44 -0700 Subject: [PATCH 085/120] Give configure a --disable-perftools option. This disables Perftools support even if found. Linking in tcmalloc can make debugging memory problems quite a bit hard (including confusing valgrind). --- CMakeLists.txt | 4 +++- configure | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 28b702ab01..bea83b0de6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -91,7 +91,9 @@ endif () set(USE_PERFTOOLS false) set(USE_PERFTOOLS_DEBUG false) -find_package(GooglePerftools) +if (NOT DISABLE_PERFTOOLS) + find_package(GooglePerftools) +endif () if (GOOGLEPERFTOOLS_FOUND) include_directories(BEFORE ${GooglePerftools_INCLUDE_DIR}) diff --git a/configure b/configure index 3258d4abfc..2de4be62c4 100755 --- a/configure +++ b/configure @@ -33,6 +33,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --disable-broccoli don't build or install the Broccoli library --disable-broctl don't install Broctl --disable-auxtools don't build or install auxiliary tools + --disable-perftools don't try to build python with Google Perftools --disable-python don't try to build python bindings for broccoli --disable-ruby don't try to build ruby bindings for broccoli @@ -105,6 +106,7 @@ append_cache_entry INSTALL_BROCCOLI BOOL true append_cache_entry INSTALL_BROCTL BOOL true append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING append_cache_entry ENABLE_MOBILE_IPV6 BOOL false +append_cache_entry DISABLE_PERFTOOLS BOOL false # parse arguments while [ $# -ne 0 ]; do @@ -156,6 +158,9 @@ while [ $# -ne 0 ]; do --disable-auxtools) append_cache_entry INSTALL_AUX_TOOLS BOOL false ;; + --disable-perftools) + append_cache_entry DISABLE_PERFTOOLS BOOL true + ;; --disable-python) append_cache_entry DISABLE_PYTHON_BINDINGS BOOL true ;; From db3d89d290203a0adb7ba23885198c48bb8ea026 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 20 Jul 2012 08:51:39 -0400 Subject: [PATCH 086/120] Some documentation updates for elasticsearch plugin. --- .../frameworks/logging/writers/elasticsearch.bro | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro index adc675e487..2a58f95ae9 100644 --- a/scripts/base/frameworks/logging/writers/elasticsearch.bro +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -1,7 +1,16 @@ +##! Log writer for sending logs to an ElasticSearch server. +##! +##! Note: This module is in testing and is not yet considered stable! +##! +##! There is one known memory issue. If your elasticsearch server is +##! running slowly and taking too long to return from bulk insert +##! requests, the message queue to the writer thread will continue +##! growing larger and larger giving the appearance of a memory leak. + module LogElasticSearch; export { - ## Name of the ES cluster + ## Name of the ES cluster const cluster_name = "elasticsearch" &redef; ## ES Server @@ -18,16 +27,16 @@ export { const type_prefix = "" &redef; ## The time before an ElasticSearch transfer will timeout. + ## This is not working! const transfer_timeout = 2secs; ## The batch size is the number of messages that will be queued up before ## they are sent to be bulk indexed. - ## Note: this is mainly a memory usage parameter. const max_batch_size = 1000 &redef; ## The maximum amount of wall-clock time that is allowed to pass without ## finishing a bulk log send. This represents the maximum delay you - ## would like to have with your logs before they show up in ElasticSearch. + ## would like to have with your logs before they are sent to ElasticSearch. const max_batch_interval = 1min &redef; ## The maximum byte size for a buffered JSON string to send to the bulk From 0a681367b70e03fbb938146ec497546aa01d4ec8 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Jul 2012 06:58:39 -0700 Subject: [PATCH 087/120] Revert "Fixing calc_next_rotate to use UTC based time functions." This reverts commit 6335dbb5e1cf694afea3c306012a258614d13880. --- src/util.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util.cc b/src/util.cc index abbea3e906..3cfa5fca1c 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1112,9 +1112,9 @@ double calc_next_rotate(double current, double interval, double base) time_t teatime = time_t(current); struct tm t; - t = *gmtime_r(&teatime, &t); + t = *localtime_r(&teatime, &t); t.tm_hour = t.tm_min = t.tm_sec = 0; - double startofday = timegm(&t); + double startofday = mktime(&t); if ( base < 0 ) // No base time given. To get nice timestamps, we round From 2efebcd8bea8dbbc446de02054814b0f0f9da39b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Jul 2012 07:04:37 -0700 Subject: [PATCH 088/120] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index d5ecd1a42c..231358f166 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit d5ecd1a42c04b0dca332edc31811e5a6d0f7f2fb +Subproject commit 231358f166f61cc32201a8ac3671ea0c0f5c324e From 7bd8367076eeba1e3ef4a8c7d4d29f22355d518f Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 20 Jul 2012 11:02:09 -0400 Subject: [PATCH 089/120] More documentation updates. --- doc/logging-elasticsearch.rst | 80 ++++++++++++++++------------------- 1 file changed, 37 insertions(+), 43 deletions(-) diff --git a/doc/logging-elasticsearch.rst b/doc/logging-elasticsearch.rst index b6d22cf5fa..7571c68219 100644 --- a/doc/logging-elasticsearch.rst +++ b/doc/logging-elasticsearch.rst @@ -1,28 +1,38 @@ -======================================== +========================================= Indexed Logging Output with ElasticSearch -======================================== +========================================= .. rst-class:: opening Bro's default ASCII log format is not exactly the most efficient - way for storing and searching large volumes of data. ElasticSearch - is a new and exciting technology for dealing with tons of data. - ElasticSearch is a search engine built on top of Apache's Lucene + way for searching large volumes of data. ElasticSearch + is a new data storage technology for dealing with tons of data. + It's also a search engine built on top of Apache's Lucene project. It scales very well, both for distributed indexing and distributed searching. .. contents:: +Warning +------- + +This writer plugin is still in testing and is not yet recommended for +production use! The approach to how logs are handled in the plugin is "fire +and forget" at this time, there is no error handling if the server fails to +respond successfully to the insertion request. + Installing ElasticSearch ------------------------ -ElasticSearch requires a JRE to run. Please download the latest version -from: . Once extracted, start -ElasticSearch with:: +Download the latest version from: . +Once extracted, start ElasticSearch with:: # ./bin/elasticsearch +For more detailed information, refer to the ElasticSearch installation +documentation: http://www.elasticsearch.org/guide/reference/setup/installation.html + Compiling Bro with ElasticSearch Support ---------------------------------------- @@ -41,49 +51,32 @@ First, ensure that you have libcurl installed the run configure.:: Activating ElasticSearch ------------------------ -The direct way to use ElasticSearch is to switch *all* log files over to -ElasticSearch. To do that, just add ``redef -Log::default_writer=Log::WRITER_ELASTICSEARCH;`` to your ``local.bro``. -For testing, you can also just pass that on the command line:: +The easiest way to enable ElasticSearch output is to load the tuning/logs-to- +elasticsearch.bro script. If you are using BroControl, the following line in +local.bro will enable it. - bro -r trace.pcap Log::default_writer=Log::WRITER_ELASTICSEARCH +.. console:: -With that, Bro will now write all its output into ElasticSearch. You can -inspect these using ElasticSearch's REST-ful interface. For more -information, see: . + @load tuning/logs-to-elasticsearch -There is also a rudimentary web interface to ElasticSearch, available at: -. +With that, Bro will now write most of its logs into ElasticSearch in addition +to maintaining the Ascii logs like it would do by default. That script has +some tunable options for choosing which logs to send to ElasticSearch, refer +to the autogenerated script documentation for those options. -You can also switch only individual files over to ElasticSearch by adding -code like this to your ``local.bro``:: +There is an interface being written specifically to integrate with the data +that Bro outputs into ElasticSearch named Brownian. It can be found here:: -.. code::bro + https://github.com/grigorescu/Brownian - event bro_init() - { - local f = Log::get_filter(Conn::LOG, "default"); # Get default filter for connection log. - f$writer = Log::WRITER_ELASTICSEARCH; # Change writer type. - Log::add_filter(Conn::LOG, f); # Replace filter with adapted version. - } +Tuning +------ -Configuring ElasticSearch -------------------------- +A common problem encountered with ElasticSearch is too many files being held +open. The ElasticSearch website has some suggestions on how to increase the +open file limit. -Bro's ElasticSearch writer comes with a few configuration options:: - -- cluster_name: Currently unused. - -- server_host: Where to send the data. Default localhost. - -- server_port: What port to send the data to. Default 9200. - -- index_prefix: ElasticSearch indexes are like databases in a standard DB model. - This is the name of the index to which to send the data. Default bro. - -- type_prefix: ElasticSearch types are like tables in a standard DB model. This is a prefix that gets prepended to Bro log names. Example: type_prefix = "bro_" would create types "bro_dns", "bro_http", etc. Default: none. - -- batch_size: How many messages to buffer before sending to ElasticSearch. This is mainly a memory optimization - changing this doesn't seem to affect indexing performance that much. Default: 10,000. + - http://www.elasticsearch.org/tutorials/2011/04/06/too-many-open-files.html TODO ---- @@ -93,3 +86,4 @@ Lots. - Perform multicast discovery for server. - Better error detection. - Better defaults (don't index loaded-plugins, for instance). +- From c5d1aebbfe8c49ba89dd9d0c906f5ae38669497b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Jul 2012 09:01:25 -0700 Subject: [PATCH 090/120] Temporarily removing tuning/logs-to-elasticsearch.bro from the test-all-policy. Loading it in there can lead to some tests not terminating. We need to fix that, it let's the coverage test fail. --- scripts/test-all-policy.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index a7c43b14b3..c4acece25d 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -60,5 +60,5 @@ @load tuning/defaults/__load__.bro @load tuning/defaults/packet-fragments.bro @load tuning/defaults/warnings.bro -@load tuning/logs-to-elasticsearch.bro +# @load tuning/logs-to-elasticsearch.bro @load tuning/track-all-assets.bro From ce4b8dd4aca99c4e1013b5c843df30bfedc54cfd Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Jul 2012 09:57:38 -0700 Subject: [PATCH 091/120] Changing HTTP DPD port 3138 to 3128. Addresses #857. --- scripts/base/protocols/http/main.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index f4377e03de..21b4fb6113 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -114,7 +114,7 @@ event bro_init() &priority=5 # DPD configuration. const ports = { - 80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp, + 80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3128/tcp, 8000/tcp, 8080/tcp, 8888/tcp, }; redef dpd_config += { From 5ef83900d8b30a44fe86eb97501ba8cc53c06194 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Jul 2012 12:28:34 -0700 Subject: [PATCH 092/120] Sed usage in canonifier script didn't work on non-Linux systems. --- testing/scripts/diff-remove-timestamps | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps index cbb5aa5c0e..e235746f93 100755 --- a/testing/scripts/diff-remove-timestamps +++ b/testing/scripts/diff-remove-timestamps @@ -2,5 +2,13 @@ # # Replace anything which looks like timestamps with XXXs (including the #start/end markers in logs). +# Get us "modern" regexps with sed. +if [ `uname` == "Linux" ]; then + sed="sed" +else + sed="sed -E" +fi + +# The first sed uses a "basic" regexp, the 2nd a "modern:. sed 's/[0-9]\{10\}\.[0-9]\{2,8\}/XXXXXXXXXX.XXXXXX/g' | \ -sed 's/^#\(start\|end\).\(19\|20\)..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' +$sed 's/^#(start|end).(19|20)..-..-..-..-..-..$/#\1 XXXX-XX-XX-XX-XX-XX/g' From 58e2b70fc806621a833d13a88fbee4562f6753ba Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Fri, 20 Jul 2012 14:37:14 -0700 Subject: [PATCH 093/120] make version_ok return true for TLSv12 I think it is a bug that this was missing... --- src/ssl-analyzer.pac | 1 + src/ssl-defs.pac | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index d1ac470284..3d9564eaab 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -93,6 +93,7 @@ function version_ok(vers : uint16) : bool case SSLv30: case TLSv10: case TLSv11: + case TLSv12: return true; default: diff --git a/src/ssl-defs.pac b/src/ssl-defs.pac index b13b7c4881..4f715bbddd 100644 --- a/src/ssl-defs.pac +++ b/src/ssl-defs.pac @@ -22,5 +22,6 @@ enum SSLVersions { SSLv20 = 0x0002, SSLv30 = 0x0300, TLSv10 = 0x0301, - TLSv11 = 0x0302 + TLSv11 = 0x0302, + TLSv12 = 0x0303 }; From 053b307e24ee247137dcef031caaeadf681f126d Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 22 Jul 2012 13:42:31 -0700 Subject: [PATCH 094/120] Bug fix for BasicThread. --- src/threading/BasicThread.cc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index d4a82316e8..9c113fb7ec 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -42,24 +42,24 @@ BasicThread::~BasicThread() delete [] strerr_buffer; } -void BasicThread::SetName(const char* name) +void BasicThread::SetName(const char* arg_name) { delete [] name; - name = copy_string(name); + name = copy_string(arg_name); } -void BasicThread::SetOSName(const char* name) +void BasicThread::SetOSName(const char* arg_name) { #ifdef HAVE_LINUX - prctl(PR_SET_NAME, name, 0, 0, 0); + prctl(PR_SET_NAME, arg_name, 0, 0, 0); #endif #ifdef __APPLE__ - pthread_setname_np(name); + pthread_setname_np(arg_name); #endif #ifdef FREEBSD - pthread_set_name_np(pthread_self(), name, name); + pthread_set_name_np(pthread_self(), arg_name, arg_name); #endif } From 71fc2a1728d430b10610b324ed92379b1bad3875 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 22 Jul 2012 15:50:12 -0700 Subject: [PATCH 095/120] Another small change to MsgThread API. Threads will now reliably get a call to DoFinish() no matter how the thread terminates. This will always be called from within the thread, whereas the destructor is called from the main thread after the child thread has already terminated. Also removing debugging code. However, two problems remain with the ASCII writer (seeing them only on MacOS): - the #start/#end timestamps contain only dummy values right now. The odd thing is that once I enable strftime() to print actual timestamps, I get crashes (even though strftime() is supposed to be thread-safe). - occassionally, there's still output missing in tests. In those cases, the file descriptor apparently goes bad: a write() will suddently return EBADF for reasons I don't understand yet. --- src/logging/writers/Ascii.cc | 31 ++++++++++++++++++++----------- src/threading/BasicThread.cc | 8 ++------ src/threading/MsgThread.cc | 11 ++++++++--- src/threading/MsgThread.h | 11 +++++------ src/util.cc | 3 +++ testing/scripts/diff-canonifier | 2 +- 6 files changed, 39 insertions(+), 27 deletions(-) diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index d3c210ce47..87fa5dfb3c 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -53,12 +53,11 @@ Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) Ascii::~Ascii() { - //fprintf(stderr, "DTOR %p\n", this); - - // Normally, the file will be closed here already via the Finish() - // message. But when we terminate abnormally, we may still have it open. - if ( fd ) - CloseFile(0); + if ( ! ascii_done ) + { + fprintf(stderr, "internal error: finish missing\n"); + abort(); + } delete [] separator; delete [] set_separator; @@ -77,7 +76,7 @@ bool Ascii::WriteHeaderField(const string& key, const string& val) void Ascii::CloseFile(double t) { - if ( ! fd) + if ( ! fd ) return; if ( include_meta ) @@ -170,7 +169,7 @@ bool Ascii::DoFinish(double network_time) { if ( ascii_done ) { - fprintf(stderr, "duplicate finish message\n"); + fprintf(stderr, "internal error: duplicate finish\n"); abort(); } @@ -353,6 +352,7 @@ bool Ascii::DoWrite(int num_fields, const Field* const * fields, // It would so escape the first character. char buf[16]; snprintf(buf, sizeof(buf), "\\x%02x", bytes[0]); + if ( ! safe_write(fd, buf, strlen(buf)) ) goto write_error; @@ -416,14 +416,23 @@ string Ascii::LogExt() string Ascii::Timestamp(double t) { +#if 1 + return "2012-01-01-00-00-00"; +#else + // Using the version below leads to occasional crashes at least on Mac OS. + // Not sure why, all the function should be thread-safe ... + time_t teatime = time_t(t); struct tm tmbuf; struct tm* tm = localtime_r(&teatime, &tmbuf); - char buf[128]; + char tmp[128]; const char* const date_fmt = "%Y-%m-%d-%H-%M-%S"; - strftime(buf, sizeof(buf), date_fmt, tm); - return buf; + strftime(tmp, sizeof(tmp), date_fmt, tm); + + return tmp; +#endif } + diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index 9c113fb7ec..c708bb79ef 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -35,7 +35,7 @@ BasicThread::BasicThread() BasicThread::~BasicThread() { - if ( buf ) + if ( buf ) free(buf); delete [] name; @@ -50,6 +50,7 @@ void BasicThread::SetName(const char* arg_name) void BasicThread::SetOSName(const char* arg_name) { + #ifdef HAVE_LINUX prctl(PR_SET_NAME, arg_name, 0, 0, 0); #endif @@ -131,16 +132,12 @@ void BasicThread::PrepareStop() void BasicThread::Stop() { - // XX fprintf(stderr, "stop1 %s %d %d\n", name, started, terminating); - if ( ! started ) return; if ( terminating ) return; - // XX fprintf(stderr, "stop2 %s\n", name); - DBG_LOG(DBG_THREADING, "Signaling thread %s to terminate ...", name); OnStop(); @@ -177,7 +174,6 @@ void BasicThread::Kill() void BasicThread::Done() { - // XX fprintf(stderr, "DONE from thread %s\n", name); DBG_LOG(DBG_THREADING, "Thread %s has finished", name); terminating = true; diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index 0e55b99ba1..121bec265c 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -155,8 +155,6 @@ void MsgThread::OnPrepareStop() if ( finished || Killed() ) return; - // XX fprintf(stderr, "Sending FINISH to thread %s ...\n", Name()); - // Signal thread to terminate and wait until it has acknowledged. SendIn(new FinishMessage(this, network_time), true); } @@ -356,7 +354,14 @@ void MsgThread::Run() delete msg; } - Finished(); + // In case we haven't send the finish method yet, do it now. Reading + // global network_time here should be fine, it isn't changing + // anymore. + if ( ! finished ) + { + OnFinish(network_time); + Finished(); + } } void MsgThread::GetStats(Stats* stats) diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h index 1d9b17c7d9..da505de6be 100644 --- a/src/threading/MsgThread.h +++ b/src/threading/MsgThread.h @@ -197,10 +197,6 @@ protected: */ virtual void Heartbeat(); - /** Flags that the child process has finished processing. Called from child. - */ - void Finished(); - /** Internal heartbeat processing. Called from child. */ void HeartbeatInChild(); @@ -217,8 +213,7 @@ protected: virtual bool OnHeartbeat(double network_time, double current_time) = 0; /** Triggered for execution in the child thread just before shutting threads down. - * The child thread should finish its operations and then *must* - * call this class' implementation. + * The child thread should finish its operations. */ virtual bool OnFinish(double network_time) = 0; @@ -288,6 +283,10 @@ private: */ bool MightHaveOut() { return queue_out.MaybeReady(); } + /** Flags that the child process has finished processing. Called from child. + */ + void Finished(); + Queue queue_in; Queue queue_out; diff --git a/src/util.cc b/src/util.cc index 553944c69c..cd367cf825 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1301,6 +1301,9 @@ bool safe_write(int fd, const char* data, int len) if ( errno == EINTR ) continue; + fprintf(stderr, "safe_write error: %d\n", errno); + abort(); + return false; } diff --git a/testing/scripts/diff-canonifier b/testing/scripts/diff-canonifier index 4d04b3372c..3cb213a3f7 100755 --- a/testing/scripts/diff-canonifier +++ b/testing/scripts/diff-canonifier @@ -2,4 +2,4 @@ # # Default canonifier used with the tests in testing/btest/*. -`dirname $0`/diff-remove-timestamps | grep -v XXX +`dirname $0`/diff-remove-timestamps From 775961ee1525c9d245ec27d7a82816a3fc0c34b2 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 22 Jul 2012 15:57:26 -0700 Subject: [PATCH 096/120] Updating test base line. (Due to removing the debugging helper in canonification script.) --- .../out | 22 ++----------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out index 91b6f5de7a..e2b8a8b377 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out @@ -19,31 +19,13 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, pat custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F] custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T] #empty_field (empty) -#end 2011-03-07-03-59-55 -#end 2011-03-07-04-00-05 -#end 2011-03-07-04-59-55 -#end 2011-03-07-05-00-05 -#end 2011-03-07-05-59-55 -#end 2011-03-07-06-00-05 -#end 2011-03-07-06-59-55 -#end 2011-03-07-07-00-05 -#end 2011-03-07-07-59-55 -#end 2011-03-07-08-00-05 -#end 2011-03-07-08-59-55 -#end 2011-03-07-09-00-05 -#end 2011-03-07-09-59-55 -#end 2011-03-07-10-00-05 -#end 2011-03-07-10-59-55 -#end 2011-03-07-11-00-05 -#end 2011-03-07-11-59-55 -#end 2011-03-07-12-00-05 -#end 2011-03-07-12-59-55 +#end 2012-01-01-00-00-00 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #path test #path test2 #separator \x09 #set_separator , -#start 2011-03-07-03-00-05 +#start 2012-01-01-00-00-00 #types time addr port addr port #unset_field - 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 From f2e60a76a81360a64fec78d3693bea2a22ec389a Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sun, 22 Jul 2012 21:04:59 -0700 Subject: [PATCH 097/120] Script fix for Linux. --- testing/scripts/diff-remove-timestamps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/scripts/diff-remove-timestamps b/testing/scripts/diff-remove-timestamps index e235746f93..84bd21aa60 100755 --- a/testing/scripts/diff-remove-timestamps +++ b/testing/scripts/diff-remove-timestamps @@ -4,7 +4,7 @@ # Get us "modern" regexps with sed. if [ `uname` == "Linux" ]; then - sed="sed" + sed="sed -r" else sed="sed -E" fi From 336990e234e2903d9e5a596fc1b53f000181cef8 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 23 Jul 2012 11:27:08 -0700 Subject: [PATCH 098/120] make reading ascii logfiles work when the input separator is different from \t. (Wrong escape character was used for reading header fields). --- src/input/readers/Ascii.cc | 4 ++-- testing/btest/scripts/base/frameworks/input/event.bro | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index 73821d7cb6..297f8a7136 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -144,7 +144,7 @@ bool Ascii::ReadHeader(bool useCached) pos++; } - //printf("Updating fields from description %s\n", line.c_str()); + // printf("Updating fields from description %s\n", line.c_str()); columnMap.clear(); for ( int i = 0; i < NumFields(); i++ ) @@ -199,7 +199,7 @@ bool Ascii::GetLine(string& str) if ( str[0] != '#' ) return true; - if ( str.compare(0,8, "#fields\t") == 0 ) + if ( ( str.compare(0,7, "#fields") == 0 ) && ( str[7] == separator[0] ) ) { str = str.substr(8); return true; diff --git a/testing/btest/scripts/base/frameworks/input/event.bro b/testing/btest/scripts/base/frameworks/input/event.bro index d275cee59c..f07ca0c43e 100644 --- a/testing/btest/scripts/base/frameworks/input/event.bro +++ b/testing/btest/scripts/base/frameworks/input/event.bro @@ -48,7 +48,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: b event bro_init() { try = 0; - outfile = open("../out"); + outfile = open("../out"); Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]); Input::remove("input"); } From 8e453663dd4d9540789614582ddce84f877a8b50 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 23 Jul 2012 12:43:42 -0700 Subject: [PATCH 099/120] Input framework now accepts escaped ascii values as input. I managed to completely forget to add unescaping to the input framework - this should fix it. It now works with the exact same escaping that is used by the writers (\x##). Includes one testcase that seems to work - everything else still passes. --- src/input/readers/Ascii.cc | 2 ++ src/util.cc | 70 ++++++++++++++++++++++++++++++-------- src/util.h | 1 + 3 files changed, 58 insertions(+), 15 deletions(-) diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index 297f8a7136..aaa124f0c1 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -438,6 +438,8 @@ bool Ascii::DoUpdate() if ( ! getline(splitstream, s, separator[0]) ) break; + s = get_unescaped_string(s); + stringfields[pos] = s; pos++; } diff --git a/src/util.cc b/src/util.cc index cd367cf825..544ba1b573 100644 --- a/src/util.cc +++ b/src/util.cc @@ -42,6 +42,46 @@ #include "Net.h" #include "Reporter.h" +/** + * Takes a string, unescapes all characters that are escaped as hex codes + * (\x##) and turns them into the equivalent ascii-codes. Returns a string + * containing no escaped values + * + * @param str string to unescape + * @return A str::string without escaped characters. + */ +std::string get_unescaped_string(const std::string& str) + { + char* buf = new char [str.length() + 1]; // it will at most have the same length as str. + char* bufpos = buf; + size_t pos = 0; + + while ( pos < str.length() ) + { + if ( str[pos] == '\\' && str[pos+1] == 'x' && + isxdigit(str[pos+2]) && isxdigit(str[pos+3]) ) + { + *bufpos = (decode_hex(str[pos+2]) << 4) + + decode_hex(str[pos+3]); + + pos += 4; + bufpos++; + } + else + { + *bufpos = str[pos]; + bufpos++; + pos++; + } + } + + *bufpos = 0; + + string outstring (buf, bufpos - buf); + delete [] buf; + return outstring; + } + /** * Takes a string, escapes characters into equivalent hex codes (\x##), and * returns a string containing all escaped values. @@ -53,25 +93,25 @@ * @return A std::string containing a list of escaped hex values of the form * \x## */ std::string get_escaped_string(const std::string& str, bool escape_all) -{ - char tbuf[16]; - string esc = ""; + { + char tbuf[16]; + string esc = ""; - for ( size_t i = 0; i < str.length(); ++i ) - { - char c = str[i]; + for ( size_t i = 0; i < str.length(); ++i ) + { + char c = str[i]; - if ( escape_all || isspace(c) || ! isascii(c) || ! isprint(c) ) - { - snprintf(tbuf, sizeof(tbuf), "\\x%02x", str[i]); - esc += tbuf; + if ( escape_all || isspace(c) || ! isascii(c) || ! isprint(c) ) + { + snprintf(tbuf, sizeof(tbuf), "\\x%02x", str[i]); + esc += tbuf; + } + else + esc += c; } - else - esc += c; - } - return esc; -} + return esc; + } char* copy_string(const char* s) { diff --git a/src/util.h b/src/util.h index a695c6df6a..fc4b60792b 100644 --- a/src/util.h +++ b/src/util.h @@ -90,6 +90,7 @@ void delete_each(T* t) delete *it; } +std::string get_unescaped_string(const std::string& str); std::string get_escaped_string(const std::string& str, bool escape_all); extern char* copy_string(const char* s); From 3163e8462928a0294605d690ed176ed528a64813 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 23 Jul 2012 12:46:09 -0700 Subject: [PATCH 100/120] and like nearly always - forgot the baseline. --- .../btest/Baseline/scripts.base.frameworks.input.binary/out | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.binary/out diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.binary/out b/testing/btest/Baseline/scripts.base.frameworks.input.binary/out new file mode 100644 index 0000000000..deab902925 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.binary/out @@ -0,0 +1,6 @@ +abc^J\xffdef +DATA2 +abc|\xffdef +DATA2 +abc\xff|def +DATA2 From 90735c3164019bd124b26b14f522d4bc16e71f50 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 23 Jul 2012 12:51:07 -0700 Subject: [PATCH 101/120] and just to be a little bit careful - add check if the field description is long enough. Otherwise there might possibly be an access of uninitialized memory, when someone reads a file that contains just #fields without any following field descriptions. --- src/input/readers/Ascii.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index aaa124f0c1..fd936b07b6 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -199,7 +199,7 @@ bool Ascii::GetLine(string& str) if ( str[0] != '#' ) return true; - if ( ( str.compare(0,7, "#fields") == 0 ) && ( str[7] == separator[0] ) ) + if ( ( str.length() > 8 ) && ( str.compare(0,7, "#fields") == 0 ) && ( str[7] == separator[0] ) ) { str = str.substr(8); return true; From 9b0fe744f2805555d5ab0312b2098b1049f2ed31 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 23 Jul 2012 16:47:44 -0500 Subject: [PATCH 102/120] Fix WriterBackend::WriterInfo serialization, reenable ascii start/end tags. Instantiations of WriterInfo in RemoteSerializer::ProcessLogCreateWriter() would leave the network_time member uninitialized which could later cause localtime_r() calls in Ascii::Timestamp() to return a null pointer due to the bizarre input and giving that to strftime() causes it to segfault. --- src/logging/WriterBackend.cc | 2 ++ src/logging/WriterBackend.h | 4 ++-- src/logging/writers/Ascii.cc | 9 +-------- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 8f119d6f8f..87db8e4437 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -76,6 +76,7 @@ bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt) if ( ! (fmt->Read(&tmp_path, "path") && fmt->Read(&rotation_base, "rotation_base") && fmt->Read(&rotation_interval, "rotation_interval") && + fmt->Read(&network_time, "network_time") && fmt->Read(&size, "config_size")) ) return false; @@ -105,6 +106,7 @@ bool WriterBackend::WriterInfo::Write(SerializationFormat* fmt) const if ( ! (fmt->Write(path, "path") && fmt->Write(rotation_base, "rotation_base") && fmt->Write(rotation_interval, "rotation_interval") && + fmt->Write(network_time, "network_time") && fmt->Write(size, "config_size")) ) return false; diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index a59cd1893e..1ca5650057 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -81,9 +81,9 @@ public: */ config_map config; - WriterInfo() + WriterInfo() : path(0), rotation_interval(0.0), rotation_base(0.0), + network_time(0.0) { - path = 0; } WriterInfo(const WriterInfo& other) diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 87fa5dfb3c..c77e680a92 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -416,23 +416,16 @@ string Ascii::LogExt() string Ascii::Timestamp(double t) { -#if 1 - return "2012-01-01-00-00-00"; -#else - // Using the version below leads to occasional crashes at least on Mac OS. - // Not sure why, all the function should be thread-safe ... - time_t teatime = time_t(t); struct tm tmbuf; struct tm* tm = localtime_r(&teatime, &tmbuf); - char tmp[128]; + char tmp[128]; const char* const date_fmt = "%Y-%m-%d-%H-%M-%S"; strftime(tmp, sizeof(tmp), date_fmt, tm); return tmp; -#endif } From 5d33e22b4d6516da6060b5b1fb12e804c3255600 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Jul 2012 16:20:59 -0700 Subject: [PATCH 103/120] Updating NEWS. --- CHANGES | 29 +++++++++++++++++++++++++++++ NEWS | 28 +++++++++++++++++++++------- VERSION | 2 +- 3 files changed, 51 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 950a2abad6..ed5e58c206 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,33 @@ +2.0-844 | 2012-07-23 16:20:59 -0700 + + * Reworking parts of the internal threading/logging/input APIs for + thread-safety. (Robin Sommer) + + * Bugfix for SSL version check. (Bernhard Amann) + + * Changing a HTTP DPD from port 3138 to 3128. Addresses #857. (Robin + Sommer) + + * ElasticSearch logging writer. See logging-elasticsearch.rst for + more information. (Vlad Grigorescu and Seth Hall). + + * Give configure a --disable-perftools option to disable Perftools + support even if found. (Robin Sommer) + + * The ASCII log writer now includes "#start " and "#end + lines in the each file. (Robin Sommer) + + * Renamed ASCII logger "header" options to "meta". (Robin Sommer) + + * ASCII logs now escape '#' at the beginning of log lines. Addresses + #763. (Robin Sommer) + + * Fix bug, where in dns.log rcode always was set to 0/NOERROR when + no reply package was seen. (Bernhard Amann) + + * Updating to Mozilla's current certificate bundle. (Seth Hall) + 2.0-769 | 2012-07-13 16:17:33 -0700 * Fix some Info:Record field documentation. (Vlad Grigorescu) diff --git a/NEWS b/NEWS index 0798920d8a..00aeb62132 100644 --- a/NEWS +++ b/NEWS @@ -56,13 +56,6 @@ New Functionality "reader plugins" that make it easy to interface to different data sources. We will add more in the future. -- Bro's default ASCII log format is not exactly the most efficient way - for storing and searching large volumes of data. An an alternative, - Bro now comes with experimental support for DataSeries output, an - efficient binary format for recording structured bulk data. - DataSeries is developed and maintained at HP Labs. See - doc/logging-dataseries for more information. - - BroControl now has built-in support for host-based load-balancing when using either PF_RING, Myricom cards, or individual interfaces. Instead of adding a separate worker entry in node.cfg for each Bro @@ -78,6 +71,24 @@ New Functionality "lb_method=interfaces" to specify which interfaces to load-balance on). +- Bro's default ASCII log format is not exactly the most efficient way + for storing and searching large volumes of data. An alternatives, + Bro now comes with experimental support for two alternative output + formats: + + * DataSeries: an efficient binary format for recording structured + bulk data. DataSeries is developed and maintained at HP Labs. + See doc/logging-dataseries for more information. + + * ElasticSearch: a distributed RESTful, storage engine and search + engine built on top of Apache Lucene. It scales very well, both + for distributed indexing and distributed searching. + + Note that at this point, we consider Bro's support for these two + formats as prototypes for collecting experience with alternative + outputs. We do not yet recommend them for production (but welcome + feedback!) + Changed Functionality ~~~~~~~~~~~~~~~~~~~~~ @@ -146,6 +157,9 @@ the full set. renamed to LogAscii::meta_prefix and LogAscii::include_meta, respectively. +- The ASCII writers "header_*" options have been renamed to "meta_*" + (because there's now also a footer). + Bro 2.0 ------- diff --git a/VERSION b/VERSION index 99ff0a1495..7868a9d201 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-769 +2.0-844 From c6c2d4d5d610c8df37dd1817a3fed314d95361a0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Jul 2012 16:59:51 -0700 Subject: [PATCH 104/120] Baseline update. --- .../out | 22 +++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out index e2b8a8b377..91b6f5de7a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out @@ -19,13 +19,31 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, pat custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F] custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T] #empty_field (empty) -#end 2012-01-01-00-00-00 +#end 2011-03-07-03-59-55 +#end 2011-03-07-04-00-05 +#end 2011-03-07-04-59-55 +#end 2011-03-07-05-00-05 +#end 2011-03-07-05-59-55 +#end 2011-03-07-06-00-05 +#end 2011-03-07-06-59-55 +#end 2011-03-07-07-00-05 +#end 2011-03-07-07-59-55 +#end 2011-03-07-08-00-05 +#end 2011-03-07-08-59-55 +#end 2011-03-07-09-00-05 +#end 2011-03-07-09-59-55 +#end 2011-03-07-10-00-05 +#end 2011-03-07-10-59-55 +#end 2011-03-07-11-00-05 +#end 2011-03-07-11-59-55 +#end 2011-03-07-12-00-05 +#end 2011-03-07-12-59-55 #fields t id.orig_h id.orig_p id.resp_h id.resp_p #path test #path test2 #separator \x09 #set_separator , -#start 2012-01-01-00-00-00 +#start 2011-03-07-03-00-05 #types time addr port addr port #unset_field - 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 From f887535f1c706a727f683c2450114d4c5e322808 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 23 Jul 2012 17:28:27 -0700 Subject: [PATCH 105/120] fix problem with possible access to unititialized memory (thanks robin :) ) --- src/util.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/util.cc b/src/util.cc index 544ba1b573..da046133a6 100644 --- a/src/util.cc +++ b/src/util.cc @@ -50,13 +50,14 @@ * @param str string to unescape * @return A str::string without escaped characters. */ -std::string get_unescaped_string(const std::string& str) +std::string get_unescaped_string(const std::string& arg_str) { - char* buf = new char [str.length() + 1]; // it will at most have the same length as str. + const char* str = arg_str.c_str(); + char* buf = new char [arg_str.length() + 1]; // it will at most have the same length as str. char* bufpos = buf; size_t pos = 0; - while ( pos < str.length() ) + while ( pos < arg_str.length() ) { if ( str[pos] == '\\' && str[pos+1] == 'x' && isxdigit(str[pos+2]) && isxdigit(str[pos+3]) ) From 3f21764d0029b0cae72e2613f914ea69569d8ad4 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Jul 2012 09:09:08 -0700 Subject: [PATCH 106/120] Updating submodule(s). [nomail] --- aux/binpac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/binpac b/aux/binpac index 4ad8d15b63..4f01ea4081 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 4ad8d15b6395925c9875c9d2912a6cc3b4918e0a +Subproject commit 4f01ea40817ad232a96535c64fce7dc16d4e2fff From 3f4b4c88a6e4fc7f14c4620fe9093a11f9b7dd61 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 24 Jul 2012 11:18:32 -0500 Subject: [PATCH 107/120] Fix initialization of WriterFrontend names. The string representation of the writer looked up based on the stream's enum value instead of the writer's enum value, often causing this component of the name to be "(null)" since a null pointer was returned from the lookup. --- src/logging/WriterFrontend.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index fc237d6f6e..7c8f6861cf 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -112,7 +112,7 @@ WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVa write_buffer_pos = 0; info = new WriterBackend::WriterInfo(arg_info); - const char* w = arg_writer->Type()->AsEnumType()->Lookup(arg_stream->InternalInt()); + const char* w = arg_writer->Type()->AsEnumType()->Lookup(arg_writer->InternalInt()); name = copy_string(fmt("%s/%s", arg_info.path, w)); if ( local ) From 13952154a109a69f665a1549b613721384f2599f Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Tue, 24 Jul 2012 09:19:20 -0700 Subject: [PATCH 108/120] add comparator functor to the info maps of readerbackend and readerwriteend. This is required, because after the recent changes the info map containst a char* as key. Without the comparator the map will compare the char addresses for all operations - which is not really what we want. --- src/input/ReaderBackend.h | 2 +- src/logging/WriterBackend.h | 2 +- src/util.h | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/input/ReaderBackend.h b/src/input/ReaderBackend.h index 7626cc25ed..8ee14c808a 100644 --- a/src/input/ReaderBackend.h +++ b/src/input/ReaderBackend.h @@ -74,7 +74,7 @@ public: struct ReaderInfo { // Structure takes ownership of the strings. - typedef std::map config_map; + typedef std::map config_map; /** * A string left to the interpretation of the reader diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 1ca5650057..d5f2be225e 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -49,7 +49,7 @@ public: struct WriterInfo { // Structure takes ownership of these strings. - typedef std::map config_map; + typedef std::map config_map; /** * A string left to the interpretation of the writer diff --git a/src/util.h b/src/util.h index a695c6df6a..030a704092 100644 --- a/src/util.h +++ b/src/util.h @@ -345,4 +345,15 @@ inline int safe_vsnprintf(char* str, size_t size, const char* format, va_list al extern void get_memory_usage(unsigned int* total, unsigned int* malloced); +// class to be used as a third argument for stl maps to be able to use +// char*'s as keys. Otherwise the pointer values will be compared instead +// of the actual string values. +struct CompareString + { + bool operator()(char const *a, char const *b) const + { + return std::strcmp(a, b) < 0; + } + }; + #endif From cfa8769a422fa9ec1eeb4592f8b2eea6ef5a2a58 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 24 Jul 2012 11:22:51 -0500 Subject: [PATCH 109/120] Fix memory leak when processing a thread's input message fails. The message is reclaimed in both success/fail cases now. --- src/threading/MsgThread.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index b7a8f4922c..48c7253885 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -342,14 +342,14 @@ void MsgThread::Run() bool result = msg->Process(); + delete msg; + if ( ! result ) { string s = Fmt("%s failed, terminating thread (MsgThread)", Name()); Error(s.c_str()); break; } - - delete msg; } // In case we haven't send the finish method yet, do it now. Reading From 0d748c117d73351daa6157d634d493e1691251eb Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Jul 2012 11:06:16 -0700 Subject: [PATCH 110/120] Adding missing include needed on some systems. --- CHANGES | 4 ++++ VERSION | 2 +- src/logging/writers/Ascii.cc | 1 + src/logging/writers/None.cc | 2 +- src/threading/MsgThread.cc | 1 + 5 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 8fbd067fbc..e5be483e77 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.0-849 | 2012-07-24 11:06:16 -0700 + + * Adding missing include needed on some systems. (Robin Sommer) + 2.0-846 | 2012-07-23 16:36:37 -0700 * Fix WriterBackend::WriterInfo serialization, reenable ascii diff --git a/VERSION b/VERSION index 500ff3b4cd..3ccfd995f9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-846 +2.0-849 diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index c77e680a92..3866c48b64 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -3,6 +3,7 @@ #include #include #include +#include #include "NetVar.h" #include "threading/SerialTypes.h" diff --git a/src/logging/writers/None.cc b/src/logging/writers/None.cc index 9b91b82199..cf383899a1 100644 --- a/src/logging/writers/None.cc +++ b/src/logging/writers/None.cc @@ -39,7 +39,7 @@ bool None::DoInit(const WriterInfo& info, int num_fields, std::cout << std::endl; } - return true; + return false; } bool None::DoRotate(const char* rotated_path, double open, double close, bool terminating) diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index b7a8f4922c..fea9c2a532 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -346,6 +346,7 @@ void MsgThread::Run() { string s = Fmt("%s failed, terminating thread (MsgThread)", Name()); Error(s.c_str()); + Kill(); break; } From 43752b3d9f4efadebda9d342921e186ee09bcbde Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Jul 2012 11:16:03 -0700 Subject: [PATCH 111/120] Reverting accidentally committed changes. Thanks, Bernhard! --- src/logging/writers/None.cc | 2 +- src/threading/MsgThread.cc | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/logging/writers/None.cc b/src/logging/writers/None.cc index cf383899a1..9b91b82199 100644 --- a/src/logging/writers/None.cc +++ b/src/logging/writers/None.cc @@ -39,7 +39,7 @@ bool None::DoInit(const WriterInfo& info, int num_fields, std::cout << std::endl; } - return false; + return true; } bool None::DoRotate(const char* rotated_path, double open, double close, bool terminating) diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index fea9c2a532..b7a8f4922c 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -346,7 +346,6 @@ void MsgThread::Run() { string s = Fmt("%s failed, terminating thread (MsgThread)", Name()); Error(s.c_str()); - Kill(); break; } From c36a449c76cc442f64b97d1a7c11febf454304d9 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Jul 2012 15:04:14 -0700 Subject: [PATCH 112/120] New built-in function to_double(s: string). Closes #859. --- CHANGES | 4 ++++ VERSION | 2 +- src/bro.bif | 23 +++++++++++++++++++ .../Baseline/bifs.to_double_from_string/error | 2 ++ .../bifs.to_double_from_string/output | 5 ++++ testing/btest/bifs/to_double_from_string.bro | 16 +++++++++++++ 6 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 testing/btest/Baseline/bifs.to_double_from_string/error create mode 100644 testing/btest/Baseline/bifs.to_double_from_string/output create mode 100644 testing/btest/bifs/to_double_from_string.bro diff --git a/CHANGES b/CHANGES index e5be483e77..87a537c1e9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.0-851 | 2012-07-24 15:04:14 -0700 + + * New built-in function to_double(s: string). (Scott Campbell) + 2.0-849 | 2012-07-24 11:06:16 -0700 * Adding missing include needed on some systems. (Robin Sommer) diff --git a/VERSION b/VERSION index 3ccfd995f9..c4f46b78c9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-849 +2.0-851 diff --git a/src/bro.bif b/src/bro.bif index f18d3ba1b5..2c22626c99 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -2604,6 +2604,29 @@ function to_subnet%(sn: string%): subnet return ret; %} +## Converts a :bro:type:`string` to a :bro:type:`double`. +## +## str: The :bro:type:`string` to convert. +## +## Returns: The :bro:type:`string` *str* as double, or 0 if *str* has +## an invalid format. +## +function to_double%(str: string%): double + %{ + const char* s = str->CheckString(); + char* end_s; + + double d = strtod(s, &end_s); + + if ( s[0] == '\0' || end_s[0] != '\0' ) + { + builtin_error("bad conversion to count", @ARG@[0]); + d = 0; + } + + return new Val(d, TYPE_DOUBLE); + %} + ## Converts a :bro:type:`count` to an :bro:type:`addr`. ## ## ip: The :bro:type:`count` to convert. diff --git a/testing/btest/Baseline/bifs.to_double_from_string/error b/testing/btest/Baseline/bifs.to_double_from_string/error new file mode 100644 index 0000000000..5ba5997101 --- /dev/null +++ b/testing/btest/Baseline/bifs.to_double_from_string/error @@ -0,0 +1,2 @@ +error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 15: bad conversion to count (to_double(d) and NotADouble) +error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 16: bad conversion to count (to_double(d) and ) diff --git a/testing/btest/Baseline/bifs.to_double_from_string/output b/testing/btest/Baseline/bifs.to_double_from_string/output new file mode 100644 index 0000000000..661d2b1479 --- /dev/null +++ b/testing/btest/Baseline/bifs.to_double_from_string/output @@ -0,0 +1,5 @@ +to_double(3.14) = 3.14 (SUCCESS) +to_double(-3.14) = -3.14 (SUCCESS) +to_double(0) = 0.0 (SUCCESS) +to_double(NotADouble) = 0.0 (SUCCESS) +to_double() = 0.0 (SUCCESS) diff --git a/testing/btest/bifs/to_double_from_string.bro b/testing/btest/bifs/to_double_from_string.bro new file mode 100644 index 0000000000..88af6758f0 --- /dev/null +++ b/testing/btest/bifs/to_double_from_string.bro @@ -0,0 +1,16 @@ +# @TEST-EXEC: bro -b %INPUT >output 2>error +# @TEST-EXEC: btest-diff output +# @TEST-EXEC: btest-diff error + +function test_to_double(d: string, expect: double) + { + local result = to_double(d); + print fmt("to_double(%s) = %s (%s)", d, result, + result == expect ? "SUCCESS" : "FAILURE"); + } + +test_to_double("3.14", 3.14); +test_to_double("-3.14", -3.14); +test_to_double("0", 0); +test_to_double("NotADouble", 0); +test_to_double("", 0); From b9a76d7ed0f16390a7cfd4da7e3a21cc404c9c5b Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 24 Jul 2012 17:21:30 -0500 Subject: [PATCH 113/120] Fix file permissions of log files A recent commit was erroneously causing new log files to be created with execute permissions. --- src/logging/writers/Ascii.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 3866c48b64..4d2f59ea72 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -101,7 +101,7 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * fname = IsSpecial(path) ? path : path + "." + LogExt(); - fd = open(fname.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0777); + fd = open(fname.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666); if ( fd < 0 ) { From 3a8f812f1c11be204b2e8451bb24a47eb02db7bf Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 24 Jul 2012 17:32:04 -0500 Subject: [PATCH 114/120] Correct a typo --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 2de4be62c4..bfe54123f0 100755 --- a/configure +++ b/configure @@ -33,7 +33,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --disable-broccoli don't build or install the Broccoli library --disable-broctl don't install Broctl --disable-auxtools don't build or install auxiliary tools - --disable-perftools don't try to build python with Google Perftools + --disable-perftools don't try to build with Google Perftools --disable-python don't try to build python bindings for broccoli --disable-ruby don't try to build ruby bindings for broccoli From 5af131e3035a7057b0c5f321b5e1007a102548f8 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Jul 2012 16:10:52 -0700 Subject: [PATCH 115/120] Compile fix. --- src/util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util.h b/src/util.h index 4435b830dd..048ec384e3 100644 --- a/src/util.h +++ b/src/util.h @@ -353,7 +353,7 @@ struct CompareString { bool operator()(char const *a, char const *b) const { - return std::strcmp(a, b) < 0; + return strcmp(a, b) < 0; } }; From 91522e78365491ac9c784c8eaa146011fb9e4610 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Wed, 25 Jul 2012 12:10:47 -0500 Subject: [PATCH 116/120] Fix tests and error message for to_double BIF --- src/bro.bif | 2 +- testing/btest/Baseline/bifs.to_double_from_string/error | 4 ++-- testing/btest/bifs/to_double_from_string.bro | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/bro.bif b/src/bro.bif index 2c22626c99..2a37429ad6 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -2620,7 +2620,7 @@ function to_double%(str: string%): double if ( s[0] == '\0' || end_s[0] != '\0' ) { - builtin_error("bad conversion to count", @ARG@[0]); + builtin_error("bad conversion to double", @ARG@[0]); d = 0; } diff --git a/testing/btest/Baseline/bifs.to_double_from_string/error b/testing/btest/Baseline/bifs.to_double_from_string/error index 5ba5997101..d6c6c0c75b 100644 --- a/testing/btest/Baseline/bifs.to_double_from_string/error +++ b/testing/btest/Baseline/bifs.to_double_from_string/error @@ -1,2 +1,2 @@ -error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 15: bad conversion to count (to_double(d) and NotADouble) -error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 16: bad conversion to count (to_double(d) and ) +error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 15: bad conversion to double (to_double(d) and NotADouble) +error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 16: bad conversion to double (to_double(d) and ) diff --git a/testing/btest/bifs/to_double_from_string.bro b/testing/btest/bifs/to_double_from_string.bro index 88af6758f0..781261084f 100644 --- a/testing/btest/bifs/to_double_from_string.bro +++ b/testing/btest/bifs/to_double_from_string.bro @@ -1,6 +1,6 @@ # @TEST-EXEC: bro -b %INPUT >output 2>error # @TEST-EXEC: btest-diff output -# @TEST-EXEC: btest-diff error +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff error function test_to_double(d: string, expect: double) { From 2fafadd9300b2abdf9195f7270071d9549850084 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 25 Jul 2012 12:20:12 -0500 Subject: [PATCH 117/120] Fix differing log filters of streams from writing to same writer/path. Since WriterFrontend objects are looked up internally by writer type and path, and they also expect to write consistent field arguments, it could be the case that more than one filter of a given stream attempts to write to the same path (derived either from $path or $path_func fields of the filter) with the same writer type. This won't work, so now WriterFrontend objects are bound to the filter that instantiated them so that we can warn about other filters attempting to write to the conflicting writer/path and the write can be skipped. Remote logs don't appear to suffer the same issue due to pre-filtering. Addresses #842. --- src/logging/Manager.cc | 17 ++++++++++++-- src/logging/Manager.h | 2 +- src/logging/WriterBackend.cc | 5 ++-- .../http.log | 23 +++++++++++++++++++ .../reporter.log | 23 +++++++++++++++++++ .../logging/writer-path-conflict.bro | 14 +++++++++++ 6 files changed, 78 insertions(+), 6 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log create mode 100755 testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log create mode 100644 testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index c4245680a6..3499d55f74 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -86,6 +86,7 @@ struct Manager::WriterInfo { Func* postprocessor; WriterFrontend* writer; WriterBackend::WriterInfo* info; + string instantiating_filter; }; struct Manager::Stream { @@ -764,8 +765,18 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) WriterFrontend* writer = 0; if ( w != stream->writers.end() ) + { + if ( w->second->instantiating_filter != filter->name ) + { + reporter->Warning("Skipping write to filter '%s' on path '%s'" + " because filter '%s' has already instantiated the same" + " writer type for that path", filter->name.c_str(), + filter->path.c_str(), w->second->instantiating_filter.c_str()); + continue; + } // We know this writer already. writer = w->second->writer; + } else { @@ -800,7 +811,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) writer = CreateWriter(stream->id, filter->writer, info, filter->num_fields, - arg_fields, filter->local, filter->remote); + arg_fields, filter->local, filter->remote, filter->name); if ( ! writer ) { @@ -999,7 +1010,8 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, } WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, WriterBackend::WriterInfo* info, - int num_fields, const threading::Field* const* fields, bool local, bool remote) + int num_fields, const threading::Field* const* fields, bool local, bool remote, + const string& instantiating_filter) { Stream* stream = FindStream(id); @@ -1023,6 +1035,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, WriterBacken winfo->interval = 0; winfo->postprocessor = 0; winfo->info = info; + winfo->instantiating_filter = instantiating_filter; // Search for a corresponding filter for the writer/path pair and use its // rotation settings. If no matching filter is found, fall back on diff --git a/src/logging/Manager.h b/src/logging/Manager.h index ae7a1796ba..d2041592c1 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -165,7 +165,7 @@ protected: // Takes ownership of fields and info. WriterFrontend* CreateWriter(EnumVal* id, EnumVal* writer, WriterBackend::WriterInfo* info, int num_fields, const threading::Field* const* fields, - bool local, bool remote); + bool local, bool remote, const string& instantiating_filter=""); // Takes ownership of values.. bool Write(EnumVal* id, EnumVal* writer, string path, diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 87db8e4437..2933062eff 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -201,7 +201,6 @@ bool WriterBackend::Write(int arg_num_fields, int num_writes, Value*** vals) return false; } -#ifdef DEBUG // Double-check all the types match. for ( int j = 0; j < num_writes; j++ ) { @@ -209,17 +208,17 @@ bool WriterBackend::Write(int arg_num_fields, int num_writes, Value*** vals) { if ( vals[j][i]->type != fields[i]->type ) { +#ifdef DEBUG const char* msg = Fmt("Field type doesn't match in WriterBackend::Write() (%d vs. %d)", vals[j][i]->type, fields[i]->type); Debug(DBG_LOGGING, msg); - +#endif DisableFrontend(); DeleteVals(num_writes, vals); return false; } } } -#endif bool success = true; diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log new file mode 100644 index 0000000000..9ac9b6304c --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log @@ -0,0 +1,23 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#start 2011-03-18-19-06-08 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file +1300475168.784020 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.916018 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.916183 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.918358 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.952307 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.952296 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.954820 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.962687 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.975934 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.976436 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475168.979264 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475169.014619 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475169.014593 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +1300475169.014927 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - +#end 2011-03-18-19-06-13 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log new file mode 100755 index 0000000000..7a4225d718 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log @@ -0,0 +1,23 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path reporter +#start 2011-03-18-19-06-08 +#fields ts level message location +#types time enum string string +1300475168.843894 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475168.975800 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475168.976327 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475168.979160 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.012666 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.012730 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.014860 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.022665 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.036294 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.036798 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.039923 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.074793 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.074938 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +1300475169.075065 Reporter::WARNING Skipping write to filter 'host-only' on path 'http' because filter 'default' has already instantiated the same writer type for that path (empty) +#end 2011-03-18-19-06-13 diff --git a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro new file mode 100644 index 0000000000..be6c0e9e9e --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.bro @@ -0,0 +1,14 @@ +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: btest-diff reporter.log +# @TEST-EXEC: btest-diff http.log + +@load base/protocols/http + +event bro_init() + { + # Both the default filter for the http stream and this new one will + # attempt to have the same writer write to path "http", which will + # be reported as a warning and the write skipped. + local filter: Log::Filter = [$name="host-only", $include=set("host")]; + Log::add_filter(HTTP::LOG, filter); + } From 4abcfa1f66b2dc9f82b0a40d591ecb39bfaa1fd7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 25 Jul 2012 12:42:46 -0500 Subject: [PATCH 118/120] Fix complaint from valgrind about uninitialized memory usage. --- src/util.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/util.cc b/src/util.cc index a34f41dadb..be560928d6 100644 --- a/src/util.cc +++ b/src/util.cc @@ -691,6 +691,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file { static const int bufsiz = 16; uint32 buf[bufsiz]; + memset(buf, 0, sizeof(buf)); int pos = 0; // accumulates entropy bool seeds_done = false; From 7e228f1d6b8cbd0f1b096c77953fb4339a895d7e Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 25 Jul 2012 13:58:08 -0700 Subject: [PATCH 119/120] Silencing compiler warnings. --- src/input/Manager.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/input/Manager.cc b/src/input/Manager.cc index f38613a6f8..90d7eae2f4 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1816,7 +1816,7 @@ int Manager::CopyValue(char *data, const int startpos, const Value* val) case TYPE_ADDR: { - int length; + int length = 0; switch ( val->val.addr_val.family ) { case IPv4: length = sizeof(val->val.addr_val.in.in4); @@ -1837,7 +1837,7 @@ int Manager::CopyValue(char *data, const int startpos, const Value* val) case TYPE_SUBNET: { - int length; + int length = 0; switch ( val->val.subnet_val.prefix.family ) { case IPv4: length = sizeof(val->val.addr_val.in.in4); @@ -1968,7 +1968,7 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) case TYPE_ADDR: { - IPAddr* addr; + IPAddr* addr = 0; switch ( val->val.addr_val.family ) { case IPv4: addr = new IPAddr(val->val.addr_val.in.in4); @@ -1989,7 +1989,7 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) case TYPE_SUBNET: { - IPAddr* addr; + IPAddr* addr = 0; switch ( val->val.subnet_val.prefix.family ) { case IPv4: addr = new IPAddr(val->val.subnet_val.prefix.in.in4); From a33e9a69417a1ae4a8e54d1bc929967d4cd1f0df Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 25 Jul 2012 13:58:23 -0700 Subject: [PATCH 120/120] Fixing FreeBSD compiler error. --- src/logging/writers/ElasticSearch.cc | 5 +++-- src/util.h | 13 +++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index b7edcf6aa6..2da79ed7b9 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -3,16 +3,17 @@ // This is experimental code that is not yet ready for production usage. // + #include "config.h" #ifdef USE_ELASTICSEARCH +#include "util.h" // Needs to come first for stdint.h + #include #include -#include "util.h" #include "BroString.h" - #include "NetVar.h" #include "threading/SerialTypes.h" diff --git a/src/util.h b/src/util.h index 048ec384e3..5d1bdf188a 100644 --- a/src/util.h +++ b/src/util.h @@ -3,6 +3,13 @@ #ifndef util_h #define util_h +// Expose C99 functionality from inttypes.h, which would otherwise not be +// available in C++. +#define __STDC_FORMAT_MACROS +#define __STDC_LIMIT_MACROS +#include +#include + #include #include #include @@ -10,12 +17,6 @@ #include #include "config.h" -// Expose C99 functionality from inttypes.h, which would otherwise not be -// available in C++. -#define __STDC_FORMAT_MACROS -#define __STDC_LIMIT_MACROS -#include - #if __STDC__ #define myattribute __attribute__ #else