mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 00:58:19 +00:00
Merge remote-tracking branch 'origin/master' into topic/seth/smb
# Conflicts: # testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log # testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log # testing/btest/Baseline/plugins.hooks/output # testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log # testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
This commit is contained in:
Seth Hall
commit
da7ec8064b
416 changed files with 27341 additions and 26258 deletions
|
|
@ -118,6 +118,31 @@ event event10(description: Input::TableDescription, tpe: Input::Event, i: Idx, c
|
|||
{
|
||||
}
|
||||
|
||||
# these are legit to test the error events
|
||||
event event11(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
||||
{
|
||||
}
|
||||
|
||||
event errorhandler1(desc: Input::TableDescription, msg: string, level: Reporter::Level)
|
||||
{
|
||||
}
|
||||
|
||||
event errorhandler2(desc: Input::EventDescription, msg: string, level: Reporter::Level)
|
||||
{
|
||||
}
|
||||
|
||||
event errorhandler3(desc: string, msg: string, level: Reporter::Level)
|
||||
{
|
||||
}
|
||||
|
||||
event errorhandler4(desc: Input::EventDescription, msg: count, level: Reporter::Level)
|
||||
{
|
||||
}
|
||||
|
||||
event errorhandler5(desc: Input::EventDescription, msg: string, level: count)
|
||||
{
|
||||
}
|
||||
|
||||
event kill_me()
|
||||
{
|
||||
terminate();
|
||||
|
|
@ -129,23 +154,23 @@ event bro_init()
|
|||
Input::add_event([$source="input.log", $name="file", $fields=FileVal, $ev=line_file, $want_record=T]);
|
||||
Input::add_event([$source="input.log", $name="optionalrecord", $fields=OptionalRecordVal, $ev=line_record, $want_record=T]);
|
||||
Input::add_event([$source="input.log", $name="optionalfile", $fields=OptionalFileVal, $ev=optional_line_file, $want_record=T]);
|
||||
Input::add_table([$source="input.log", $name="filetable", $idx=Idx, $val=FileVal, $destination=file_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalrecordtable", $idx=Idx, $val=OptionalRecordVal, $destination=record_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable", $idx=Idx, $val=OptionalFileVal, $destination=record_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable2", $idx=Idx, $val=OptionalFileVal, $destination=string_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable3", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=terminate]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable3", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=kill_me]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable4", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event1]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable5", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event2]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable6", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event3]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable7", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event4]);
|
||||
Input::add_table([$source="input.log", $name="filetable", $idx=Idx, $val=FileVal, $destination=file_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalrecordtable", $idx=Idx, $val=OptionalRecordVal, $destination=record_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable", $idx=Idx, $val=OptionalFileVal, $destination=record_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable2", $idx=Idx, $val=OptionalFileVal, $destination=string_table]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable3", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=terminate]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable3", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=kill_me]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable4", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event1]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable5", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event2]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable6", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event3]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable7", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event4]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable8", $idx=Idx, $val=Val, $destination=val_table4, $want_record=F]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable9", $idx=Idx2, $val=Val, $destination=val_table, $want_record=F]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable10", $idx=Idx, $val=Val, $destination=val_table2, $want_record=F]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable11", $idx=Idx2, $val=Idx, $destination=val_table3, $want_record=F]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable12", $idx=Idx2, $val=Idx, $destination=val_table2, $want_record=F]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable14", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event10, $want_record=F]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable14", $idx=Idx, $val=OptionalFileVal, $destination=optional_file_table, $ev=event10, $want_record=F]);
|
||||
Input::add_table([$source="input.log", $name="optionalfiletable15", $idx=Idx2, $val=Idx, $destination=val_table2, $want_record=T]);
|
||||
Input::add_event([$source="input.log", $name="event1", $fields=OptionalFileVal, $ev=terminate, $want_record=T]);
|
||||
Input::add_event([$source="input.log", $name="event2", $fields=OptionalFileVal, $ev=kill_me, $want_record=T]);
|
||||
|
|
@ -157,5 +182,11 @@ event bro_init()
|
|||
Input::add_event([$source="input.log", $name="event8", $fields=Val, $ev=event8, $want_record=F]);
|
||||
Input::add_event([$source="input.log", $name="event9", $fields=Val, $ev=event9, $want_record=F]);
|
||||
|
||||
Input::add_event([$source="input.log", $name="error1", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler1]);
|
||||
Input::add_table([$source="input.log", $name="error2", $idx=Idx, $val=Val, $destination=val_table, $error_ev=errorhandler2]);
|
||||
Input::add_event([$source="input.log", $name="error3", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler3]);
|
||||
Input::add_event([$source="input.log", $name="error4", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler4]);
|
||||
Input::add_event([$source="input.log", $name="error5", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler5]);
|
||||
|
||||
schedule 3secs { kill_me() };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,18 +26,46 @@ type Val: record {
|
|||
c: count;
|
||||
};
|
||||
|
||||
global endcount: count = 0;
|
||||
|
||||
global servers: table[string] of Val = table();
|
||||
|
||||
event handle_our_errors(desc: Input::TableDescription, msg: string, level: Reporter::Level)
|
||||
{
|
||||
print outfile, "TableErrorEvent", msg, level;
|
||||
}
|
||||
|
||||
event handle_our_errors_event(desc: Input::EventDescription, msg: string, level: Reporter::Level)
|
||||
{
|
||||
print outfile, "EventErrorEvent", msg, level;
|
||||
}
|
||||
|
||||
event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
||||
{
|
||||
print outfile, "Event", v;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
|
||||
Input::add_table([$source="../input.log", $name="ssh", $error_ev=handle_our_errors, $idx=Idx, $val=Val, $destination=servers]);
|
||||
Input::add_event([$source="../input.log", $name="sshevent", $error_ev=handle_our_errors_event, $fields=Val, $want_record=T, $ev=line]);
|
||||
}
|
||||
|
||||
event Input::end_of_data(name: string, source:string)
|
||||
{
|
||||
print outfile, servers;
|
||||
Input::remove("ssh");
|
||||
terminate();
|
||||
++endcount;
|
||||
|
||||
if ( endcount == 1 )
|
||||
{
|
||||
print outfile, servers;
|
||||
Input::remove("ssh");
|
||||
}
|
||||
|
||||
if ( endcount == 2 )
|
||||
{
|
||||
Input::remove("sshevent");
|
||||
terminate();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,90 @@
|
|||
# Test simultaneous writes to the same database file.
|
||||
#
|
||||
# @TEST-REQUIRES: which sqlite3
|
||||
# @TEST-REQUIRES: has-writer Bro::SQLiteWriter
|
||||
# @TEST-GROUP: sqlite
|
||||
#
|
||||
# @TEST-EXEC: bro -b %INPUT
|
||||
# @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select
|
||||
# @TEST-EXEC: sqlite3 ssh.sqlite 'select * from sshtwo' >> ssh.select
|
||||
# @TEST-EXEC: btest-diff ssh.select
|
||||
#
|
||||
# Testing all possible types.
|
||||
|
||||
redef LogSQLite::unset_field = "(unset)";
|
||||
|
||||
module SSH;
|
||||
|
||||
export {
|
||||
redef enum Log::ID += { LOG, LOG2 };
|
||||
|
||||
type Log: record {
|
||||
b: bool;
|
||||
i: int;
|
||||
e: Log::ID;
|
||||
c: count;
|
||||
p: port;
|
||||
sn: subnet;
|
||||
a: addr;
|
||||
d: double;
|
||||
t: time;
|
||||
iv: interval;
|
||||
s: string;
|
||||
sc: set[count];
|
||||
ss: set[string];
|
||||
se: set[string];
|
||||
vc: vector of count;
|
||||
ve: vector of string;
|
||||
f: function(i: count) : string;
|
||||
} &log;
|
||||
}
|
||||
|
||||
function foo(i : count) : string
|
||||
{
|
||||
if ( i > 0 )
|
||||
return "Foo";
|
||||
else
|
||||
return "Bar";
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
Log::create_stream(SSH::LOG2, [$columns=Log]);
|
||||
Log::remove_filter(SSH::LOG, "default");
|
||||
Log::remove_filter(SSH::LOG2, "default");
|
||||
|
||||
local filter: Log::Filter = [$name="sqlite", $path="ssh", $config=table(["tablename"] = "ssh"), $writer=Log::WRITER_SQLITE];
|
||||
Log::add_filter(SSH::LOG, filter);
|
||||
local filter2 = copy(filter);
|
||||
filter2$name = "sqlite2";
|
||||
filter2$config = table(["tablename"] = "sshtwo");
|
||||
Log::add_filter(SSH::LOG2, filter2);
|
||||
|
||||
local empty_set: set[string];
|
||||
local empty_vector: vector of string;
|
||||
|
||||
local out = [
|
||||
$b=T,
|
||||
$i=-42,
|
||||
$e=SSH::LOG,
|
||||
$c=21,
|
||||
$p=123/tcp,
|
||||
$sn=10.0.0.1/24,
|
||||
$a=1.2.3.4,
|
||||
$d=3.14,
|
||||
$t=network_time(),
|
||||
$iv=100secs,
|
||||
$s="hurz",
|
||||
$sc=set(1,2,3,4),
|
||||
$ss=set("AA", "BB", "CC"),
|
||||
$se=empty_set,
|
||||
$vc=vector(10, 20, 30),
|
||||
$ve=empty_vector,
|
||||
$f=foo
|
||||
];
|
||||
|
||||
Log::write(SSH::LOG, out);
|
||||
Log::write(SSH::LOG2, out);
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff netcontrol_catch_release.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
redef NetControl::catch_release_intervals = vector(1sec, 2sec, 2sec);
|
||||
|
||||
event NetControl::init()
|
||||
{
|
||||
local netcontrol_debug = NetControl::create_debug(T);
|
||||
NetControl::activate(netcontrol_debug, 0);
|
||||
}
|
||||
|
||||
global pc: count = 0;
|
||||
|
||||
event new_packet(c: connection, p: pkt_hdr)
|
||||
{
|
||||
if ( ++pc == 1 )
|
||||
NetControl::drop_address_catch_release(10.0.0.1);
|
||||
}
|
||||
|
||||
event NetControl::catch_release_forgotten(a: addr, bi: NetControl::BlockInfo)
|
||||
{
|
||||
print "Forgotten: ", a, bi;
|
||||
}
|
||||
|
|
@ -24,3 +24,12 @@ event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec)
|
|||
{
|
||||
print "server_name", c$id$orig_h, c$id$resp_h, names;
|
||||
}
|
||||
|
||||
event ssl_extension_signature_algorithm(c: connection, is_orig: bool, signature_algorithms: vector of SSL::SignatureAndHashAlgorithm)
|
||||
{
|
||||
print "signature_algorithm", c$id$orig_h, c$id$resp_h;
|
||||
for ( i in signature_algorithms)
|
||||
{
|
||||
print SSL::hash_algorithms[signature_algorithms[i]$HashAlgorithm], SSL::signature_algorithms[signature_algorithms[i]$SignatureAlgorithm];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue