From 57f29f3e7cdd47a1c36011a8f52a3827d375366b Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Mon, 29 Jul 2019 11:14:58 -0700 Subject: [PATCH 1/3] Rework Session/Connection tracking to use a std::map instead of PDict --- src/Conn.cc | 9 +- src/Conn.h | 16 ++-- src/IPAddr.cc | 11 +-- src/IPAddr.h | 32 ++++++- src/Sessions.cc | 217 ++++++++++++++++++++++++------------------------ src/Sessions.h | 43 ++++++---- src/Stats.cc | 2 +- 7 files changed, 183 insertions(+), 147 deletions(-) diff --git a/src/Conn.cc b/src/Conn.cc index 965b17a4b0..c242d3c9d1 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -54,12 +54,13 @@ uint64_t Connection::total_connections = 0; uint64_t Connection::current_connections = 0; uint64_t Connection::external_connections = 0; -Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id, +Connection::Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id, uint32_t flow, const Packet* pkt, - const EncapsulationStack* arg_encap) + const EncapsulationStack* arg_encap) { sessions = s; key = k; + key_valid = true; start_time = last_time = t; orig_addr = id->src_addr; @@ -144,7 +145,6 @@ Connection::~Connection() Unref(conn_val); } - delete key; delete root_analyzer; delete conn_timer_mgr; delete encapsulation; @@ -520,7 +520,7 @@ void Connection::AddTimer(timer_func timer, double t, int do_expire, // If the key is cleared, the connection isn't stored in the connection // table anymore and will soon be deleted. We're not installing new // timers anymore then. - if ( ! key ) + if ( ! key_valid ) return; Timer* conn_timer = new ConnectionTimer(this, timer, t, do_expire, type); @@ -600,7 +600,6 @@ void Connection::FlipRoles() unsigned int Connection::MemoryAllocation() const { return padded_sizeof(*this) - + (key ? key->MemoryAllocation() : 0) + (timers.MemoryAllocation() - padded_sizeof(timers)) + (conn_val ? conn_val->MemoryAllocation() : 0) + (root_analyzer ? root_analyzer->MemoryAllocation(): 0) diff --git a/src/Conn.h b/src/Conn.h index 836144eedc..d0c73d93d5 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -5,7 +5,6 @@ #include -#include #include #include "Dict.h" @@ -57,7 +56,7 @@ namespace analyzer { class Analyzer; } class Connection : public BroObj { public: - Connection(NetSessions* s, HashKey* k, double t, const ConnID* id, + Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id, uint32_t flow, const Packet* pkt, const EncapsulationStack* arg_encap); ~Connection() override; @@ -90,11 +89,15 @@ public: // arguments for reproducing packets const Packet *pkt); - HashKey* Key() const { return key; } - void ClearKey() { key = 0; } + // Keys are only considered valid for a connection when a + // connection is in the session map. If it is removed, the key + // should be marked invalid. + const ConnIDKey& Key() const { return key; } + void ClearKey() { key_valid = false; } + bool IsKeyValid() const { return key_valid; } double StartTime() const { return start_time; } - void SetStartTime(double t) { start_time = t; } + void SetStartTime(double t) { start_time = t; } double LastTime() const { return last_time; } void SetLastTime(double t) { last_time = t; } @@ -306,7 +309,8 @@ protected: void RemoveConnectionTimer(double t); NetSessions* sessions; - HashKey* key; + ConnIDKey key; + bool key_valid; // Timer manager to use for this conn (or nil). TimerMgr::Tag* conn_timer_mgr; diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 4d4b11ce37..d9fe0edb5f 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -14,14 +14,9 @@ const uint8_t IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff }; -HashKey* BuildConnIDHashKey(const ConnID& id) +ConnIDKey BuildConnIDKey(const ConnID& id) { - struct { - in6_addr ip1; - in6_addr ip2; - uint16_t port1; - uint16_t port2; - } key; + ConnIDKey key; // Lookup up connection based on canonical ordering, which is // the smaller of and @@ -43,7 +38,7 @@ HashKey* BuildConnIDHashKey(const ConnID& id) key.port2 = id.src_port; } - return new HashKey(&key, sizeof(key)); + return key; } static inline uint32_t bit_mask32(int bottom_bits) diff --git a/src/IPAddr.h b/src/IPAddr.h index 1b59a0edfc..ab34e035d2 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -5,6 +5,7 @@ #include #include +#include #include #include "BroString.h" @@ -18,6 +19,31 @@ namespace analyzer { class ExpectedConn; } typedef in_addr in4_addr; +struct ConnIDKey + { + in6_addr ip1; + in6_addr ip2; + uint16_t port1; + uint16_t port2; + + ConnIDKey() : port1(0), port2(0) + { + memset(&ip1, 0, sizeof(in6_addr)); + memset(&ip2, 0, sizeof(in6_addr)); + } + + bool operator<(const ConnIDKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnIDKey)) < 0; } + bool operator==(const ConnIDKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnIDKey)) == 0; } + + ConnIDKey& operator=(const ConnIDKey& rhs) + { + if ( this != &rhs ) + memcpy(this, &rhs, sizeof(ConnIDKey)); + + return *this; + } + }; + /** * Class storing both IPv4 and IPv6 addresses. */ @@ -362,7 +388,7 @@ public: */ void ConvertToThreadingValue(threading::Value::addr_t* v) const; - friend HashKey* BuildConnIDHashKey(const ConnID& id); + friend ConnIDKey BuildConnIDKey(const ConnID& id); unsigned int MemoryAllocation() const { return padded_sizeof(*this); } @@ -485,9 +511,9 @@ inline void IPAddr::ConvertToThreadingValue(threading::Value::addr_t* v) const } /** - * Returns a hash key for a given ConnID. Passes ownership to caller. + * Returns a map key for a given ConnID. */ -HashKey* BuildConnIDHashKey(const ConnID& id); +ConnIDKey BuildConnIDKey(const ConnID& id); /** * Class storing both IPv4 and IPv6 prefixes diff --git a/src/Sessions.cc b/src/Sessions.cc index 3acc3be15f..4ca4ec6ef6 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -96,9 +96,6 @@ NetSessions::NetSessions() Unref(t); - tcp_conns.SetDeleteFunc(bro_obj_delete_func); - udp_conns.SetDeleteFunc(bro_obj_delete_func); - icmp_conns.SetDeleteFunc(bro_obj_delete_func); fragments.SetDeleteFunc(bro_obj_delete_func); if ( stp_correlate_pair ) @@ -128,6 +125,8 @@ NetSessions::NetSessions() arp_analyzer = new analyzer::arp::ARP_Analyzer(); else arp_analyzer = 0; + + memset(&stats, 0, sizeof(SessionStats)); } NetSessions::~NetSessions() @@ -138,6 +137,13 @@ NetSessions::~NetSessions() Unref(arp_analyzer); delete discarder; delete stp_manager; + + for ( const auto& entry : tcp_conns ) + Unref(entry.second); + for ( const auto& entry : udp_conns ) + Unref(entry.second); + for ( const auto& entry : icmp_conns ) + Unref(entry.second); } void NetSessions::Done() @@ -427,7 +433,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr ConnID id; id.src_addr = ip_hdr->SrcAddr(); id.dst_addr = ip_hdr->DstAddr(); - Dictionary* d = 0; + ConnectionMap* d = nullptr; BifEnum::Tunnel::Type tunnel_type = BifEnum::Tunnel::IP; switch ( proto ) { @@ -715,30 +721,27 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr return; } - HashKey* h = BuildConnIDHashKey(id); - if ( ! h ) - reporter->InternalError("hash computation failed"); - - Connection* conn = 0; + ConnIDKey key = BuildConnIDKey(id); + Connection* conn = nullptr; // FIXME: The following is getting pretty complex. Need to split up // into separate functions. - conn = (Connection*) d->Lookup(h); + auto it = d->find(key); + if ( it != d->end() ) + conn = it->second; + if ( ! conn ) { - conn = NewConn(h, t, &id, data, proto, ip_hdr->FlowLabel(), pkt, encapsulation); + conn = NewConn(key, t, &id, data, proto, ip_hdr->FlowLabel(), pkt, encapsulation); if ( conn ) - d->Insert(h, conn); + InsertConnection(d, key, conn); } else { // We already know that connection. int consistent = CheckConnectionTag(conn); if ( consistent < 0 ) - { - delete h; return; - } if ( ! consistent || conn->IsReuse(t, data) ) { @@ -746,22 +749,18 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr conn->Event(connection_reused, 0); Remove(conn); - conn = NewConn(h, t, &id, data, proto, ip_hdr->FlowLabel(), pkt, encapsulation); + conn = NewConn(key, t, &id, data, proto, ip_hdr->FlowLabel(), pkt, encapsulation); if ( conn ) - d->Insert(h, conn); + InsertConnection(d, key, conn); } else { - delete h; conn->CheckEncapsulation(encapsulation); } } if ( ! conn ) - { - delete h; return; - } int record_packet = 1; // whether to record the packet at all int record_content = 1; // whether to record its data @@ -1016,11 +1015,8 @@ Connection* NetSessions::FindConnection(Val* v) id.is_one_way = 0; // ### incorrect for ICMP connections - HashKey* h = BuildConnIDHashKey(id); - if ( ! h ) - reporter->InternalError("hash computation failed"); - - Dictionary* d; + ConnIDKey key = BuildConnIDKey(id); + ConnectionMap* d; if ( orig_portv->IsTCP() ) d = &tcp_conns; @@ -1033,22 +1029,22 @@ Connection* NetSessions::FindConnection(Val* v) // This can happen due to pseudo-connections we // construct, for example for packet headers embedded // in ICMPs. - delete h; return 0; } - Connection* conn = (Connection*) d->Lookup(h); - - delete h; + Connection* conn = nullptr; + auto it = d->find(key); + if ( it != d->end() ) + conn = it->second; return conn; } void NetSessions::Remove(Connection* c) { - HashKey* k = c->Key(); - if ( k ) + if ( c->IsKeyValid() ) { + const ConnIDKey& key = c->Key(); c->CancelTimers(); if ( c->ConnTransport() == TRANSPORT_TCP ) @@ -1073,17 +1069,17 @@ void NetSessions::Remove(Connection* c) switch ( c->ConnTransport() ) { case TRANSPORT_TCP: - if ( ! tcp_conns.RemoveEntry(k) ) + if ( tcp_conns.erase(key) == 0 ) reporter->InternalWarning("connection missing"); break; case TRANSPORT_UDP: - if ( ! udp_conns.RemoveEntry(k) ) + if ( udp_conns.erase(key) == 0 ) reporter->InternalWarning("connection missing"); break; case TRANSPORT_ICMP: - if ( ! icmp_conns.RemoveEntry(k) ) + if ( icmp_conns.erase(key) == 0 ) reporter->InternalWarning("connection missing"); break; @@ -1093,7 +1089,6 @@ void NetSessions::Remove(Connection* c) } Unref(c); - delete k; } } @@ -1117,27 +1112,30 @@ void NetSessions::Remove(FragReassembler* f) void NetSessions::Insert(Connection* c) { - assert(c->Key()); + assert(c->IsKeyValid()); - Connection* old = 0; + Connection* old = nullptr; switch ( c->ConnTransport() ) { - // Remove first. Otherwise the dictioanry would still - // reference the old key for already existing connections. + // Remove first. Otherwise the map would still reference the old key for + // already existing connections. case TRANSPORT_TCP: - old = (Connection*) tcp_conns.Remove(c->Key()); - tcp_conns.Insert(c->Key(), c); + old = LookupConn(tcp_conns, c->Key()); + tcp_conns.erase(c->Key()); + InsertConnection(&tcp_conns, c->Key(), c); break; case TRANSPORT_UDP: - old = (Connection*) udp_conns.Remove(c->Key()); - udp_conns.Insert(c->Key(), c); + old = LookupConn(udp_conns, c->Key()); + udp_conns.erase(c->Key()); + InsertConnection(&udp_conns, c->Key(), c); break; case TRANSPORT_ICMP: - old = (Connection*) icmp_conns.Remove(c->Key()); - icmp_conns.Insert(c->Key(), c); + old = LookupConn(icmp_conns, c->Key()); + icmp_conns.erase(c->Key()); + InsertConnection(&icmp_conns, c->Key(), c); break; default: @@ -1151,7 +1149,6 @@ void NetSessions::Insert(Connection* c) // Some clean-ups similar to those in Remove() (but invisible // to the script layer). old->CancelTimers(); - delete old->Key(); old->ClearKey(); Unref(old); } @@ -1159,29 +1156,23 @@ void NetSessions::Insert(Connection* c) void NetSessions::Drain() { - IterCookie* cookie = tcp_conns.InitForIteration(); - Connection* tc; - - while ( (tc = tcp_conns.NextEntry(cookie)) ) + for ( const auto& entry : tcp_conns ) { + Connection* tc = entry.second; tc->Done(); tc->Event(connection_state_remove, 0); } - cookie = udp_conns.InitForIteration(); - Connection* uc; - - while ( (uc = udp_conns.NextEntry(cookie)) ) + for ( const auto& entry : udp_conns ) { + Connection* uc = entry.second; uc->Done(); uc->Event(connection_state_remove, 0); } - cookie = icmp_conns.InitForIteration(); - Connection* ic; - - while ( (ic = icmp_conns.NextEntry(cookie)) ) + for ( const auto& entry : icmp_conns ) { + Connection* ic = entry.second; ic->Done(); ic->Event(connection_state_remove, 0); } @@ -1191,22 +1182,22 @@ void NetSessions::Drain() void NetSessions::GetStats(SessionStats& s) const { - s.num_TCP_conns = tcp_conns.Length(); - s.cumulative_TCP_conns = tcp_conns.NumCumulativeInserts(); - s.num_UDP_conns = udp_conns.Length(); - s.cumulative_UDP_conns = udp_conns.NumCumulativeInserts(); - s.num_ICMP_conns = icmp_conns.Length(); - s.cumulative_ICMP_conns = icmp_conns.NumCumulativeInserts(); + s.num_TCP_conns = tcp_conns.size(); + s.cumulative_TCP_conns = stats.cumulative_TCP_conns; + s.num_UDP_conns = udp_conns.size(); + s.cumulative_UDP_conns = stats.cumulative_UDP_conns; + s.num_ICMP_conns = icmp_conns.size(); + s.cumulative_ICMP_conns = stats.cumulative_ICMP_conns; s.num_fragments = fragments.Length(); s.num_packets = num_packets_processed; - s.max_TCP_conns = tcp_conns.MaxLength(); - s.max_UDP_conns = udp_conns.MaxLength(); - s.max_ICMP_conns = icmp_conns.MaxLength(); + s.max_TCP_conns = stats.max_TCP_conns; + s.max_UDP_conns = stats.max_UDP_conns; + s.max_ICMP_conns = stats.max_ICMP_conns; s.max_fragments = fragments.MaxLength(); } -Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, +Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id, const u_char* data, int proto, uint32_t flow_label, const Packet* pkt, const EncapsulationStack* encapsulation) { @@ -1282,6 +1273,15 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id, return conn; } +Connection* NetSessions::LookupConn(const ConnectionMap& conns, const ConnIDKey& key) + { + auto it = conns.find(key); + if ( it != conns.end() ) + return it->second; + + return nullptr; + } + bool NetSessions::IsLikelyServerPort(uint32_t port, TransportProto proto) const { // We keep a cached in-core version of the table to speed up the lookup. @@ -1441,23 +1441,14 @@ unsigned int NetSessions::ConnectionMemoryUsage() // Connections have been flushed already. return 0; - IterCookie* cookie = tcp_conns.InitForIteration(); - Connection* tc; + for ( const auto& entry : tcp_conns ) + mem += entry.second->MemoryAllocation(); - while ( (tc = tcp_conns.NextEntry(cookie)) ) - mem += tc->MemoryAllocation(); + for ( const auto& entry : udp_conns ) + mem += entry.second->MemoryAllocation(); - cookie = udp_conns.InitForIteration(); - Connection* uc; - - while ( (uc = udp_conns.NextEntry(cookie)) ) - mem += uc->MemoryAllocation(); - - cookie = icmp_conns.InitForIteration(); - Connection* ic; - - while ( (ic = icmp_conns.NextEntry(cookie)) ) - mem += ic->MemoryAllocation(); + for ( const auto& entry : icmp_conns ) + mem += entry.second->MemoryAllocation(); return mem; } @@ -1470,23 +1461,14 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals() // Connections have been flushed already. return 0; - IterCookie* cookie = tcp_conns.InitForIteration(); - Connection* tc; + for ( const auto& entry : tcp_conns ) + mem += entry.second->MemoryAllocationConnVal(); - while ( (tc = tcp_conns.NextEntry(cookie)) ) - mem += tc->MemoryAllocationConnVal(); + for ( const auto& entry : udp_conns ) + mem += entry.second->MemoryAllocationConnVal(); - cookie = udp_conns.InitForIteration(); - Connection* uc; - - while ( (uc = udp_conns.NextEntry(cookie)) ) - mem += uc->MemoryAllocationConnVal(); - - cookie = icmp_conns.InitForIteration(); - Connection* ic; - - while ( (ic = icmp_conns.NextEntry(cookie)) ) - mem += ic->MemoryAllocationConnVal(); + for ( const auto& entry : icmp_conns ) + mem += entry.second->MemoryAllocationConnVal(); return mem; } @@ -1500,16 +1482,35 @@ unsigned int NetSessions::MemoryAllocation() return ConnectionMemoryUsage() + padded_sizeof(*this) + ch->MemoryAllocation() - // must take care we don't count the HaskKeys twice. - + tcp_conns.MemoryAllocation() - padded_sizeof(tcp_conns) - - // 12 is sizeof(Key) from ConnID::BuildConnKey(); - // it can't be (easily) accessed here. :-( - (tcp_conns.Length() * pad_size(12)) - + udp_conns.MemoryAllocation() - padded_sizeof(udp_conns) - - (udp_conns.Length() * pad_size(12)) - + icmp_conns.MemoryAllocation() - padded_sizeof(icmp_conns) - - (icmp_conns.Length() * pad_size(12)) + + padded_sizeof(tcp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type))) + + padded_sizeof(udp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type))) + + padded_sizeof(icmp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type))) + fragments.MemoryAllocation() - padded_sizeof(fragments) // FIXME: MemoryAllocation() not implemented for rest. ; } + +void NetSessions::InsertConnection(ConnectionMap* m, const ConnIDKey& key, Connection* conn) + { + (*m)[key] = conn; + + switch ( conn->ConnTransport() ) + { + case TRANSPORT_TCP: + stats.cumulative_TCP_conns++; + if ( m->size() > stats.max_TCP_conns ) + stats.max_TCP_conns = m->size(); + break; + case TRANSPORT_UDP: + stats.cumulative_UDP_conns++; + if ( m->size() > stats.max_UDP_conns ) + stats.max_UDP_conns = m->size(); + break; + case TRANSPORT_ICMP: + stats.cumulative_ICMP_conns++; + if ( m->size() > stats.max_ICMP_conns ) + stats.max_ICMP_conns = m->size(); + break; + default: break; + } + } diff --git a/src/Sessions.h b/src/Sessions.h index da069e218f..20ee491ff3 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -3,6 +3,9 @@ #ifndef sessions_h #define sessions_h +#include +#include + #include "Dict.h" #include "CompHash.h" #include "IP.h" @@ -13,8 +16,6 @@ #include "TunnelEncapsulation.h" #include "analyzer/protocol/tcp/Stats.h" -#include - class EncapsulationStack; class Connection; class ConnCompressor; @@ -27,20 +28,20 @@ namespace analyzer { namespace stepping_stone { class SteppingStoneManager; } } namespace analyzer { namespace arp { class ARP_Analyzer; } } struct SessionStats { - int num_TCP_conns; - int max_TCP_conns; + size_t num_TCP_conns; + size_t max_TCP_conns; uint64_t cumulative_TCP_conns; - int num_UDP_conns; - int max_UDP_conns; + size_t num_UDP_conns; + size_t max_UDP_conns; uint64_t cumulative_UDP_conns; - int num_ICMP_conns; - int max_ICMP_conns; + size_t num_ICMP_conns; + size_t max_ICMP_conns; uint64_t cumulative_ICMP_conns; - int num_fragments; - int max_fragments; + size_t num_fragments; + size_t max_fragments; uint64_t num_packets; }; @@ -112,8 +113,7 @@ public: unsigned int CurrentConnections() { - return tcp_conns.Length() + udp_conns.Length() + - icmp_conns.Length(); + return tcp_conns.size() + udp_conns.size() + icmp_conns.size(); } void DoNextPacket(double t, const Packet *pkt, const IP_Hdr* ip_hdr, @@ -172,10 +172,14 @@ protected: friend class TimerMgrExpireTimer; friend class IPTunnelTimer; - Connection* NewConn(HashKey* k, double t, const ConnID* id, + using ConnectionMap = std::map; + + Connection* NewConn(const ConnIDKey& k, double t, const ConnID* id, const u_char* data, int proto, uint32_t flow_label, const Packet* pkt, const EncapsulationStack* encapsulation); + Connection* LookupConn(const ConnectionMap& conns, const ConnIDKey& key); + // Check whether the tag of the current packet is consistent with // the given connection. Returns: // -1 if current packet is to be completely ignored. @@ -212,12 +216,19 @@ protected: bool CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen, const Packet *pkt, const EncapsulationStack* encap); + // Inserts a new connection into the sessions map. If a connection with + // the same key already exists in the map, it will be overwritten by + // the new one. + void InsertConnection(ConnectionMap* m, const ConnIDKey& key, Connection* conn); + CompositeHash* ch; - PDict tcp_conns; - PDict udp_conns; - PDict icmp_conns; + ConnectionMap tcp_conns; + ConnectionMap udp_conns; + ConnectionMap icmp_conns; PDict fragments; + SessionStats stats; + typedef pair IPPair; typedef pair TunnelActivity; typedef std::map IPTunnelMap; diff --git a/src/Stats.cc b/src/Stats.cc index 5b23f89035..f586435b6a 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -132,7 +132,7 @@ void ProfileLogger::Log() SessionStats s; sessions->GetStats(s); - file->Write(fmt("%.06f Conns: tcp=%d/%d udp=%d/%d icmp=%d/%d\n", + file->Write(fmt("%.06f Conns: tcp=%lu/%lu udp=%lu/%lu icmp=%lu/%lu\n", network_time, s.num_TCP_conns, s.max_TCP_conns, s.num_UDP_conns, s.max_UDP_conns, From a4b8aa1f30b04ed7abaf6659a2e82e9f9e7d0660 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Thu, 1 Aug 2019 14:20:10 -0700 Subject: [PATCH 2/3] Change FragReassembler to use a tuple as a key and use std::map for fragments in Sessions --- src/Frag.cc | 3 +-- src/Frag.h | 10 ++++++--- src/Sessions.cc | 55 ++++++++++++++----------------------------------- src/Sessions.h | 4 ++-- 4 files changed, 26 insertions(+), 46 deletions(-) diff --git a/src/Frag.cc b/src/Frag.cc index 4201aa3faa..51f82e84f3 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -27,7 +27,7 @@ void FragTimer::Dispatch(double t, int /* is_expire */) FragReassembler::FragReassembler(NetSessions* arg_s, const IP_Hdr* ip, const u_char* pkt, - HashKey* k, double t) + const FragReassemblerKey& k, double t) : Reassembler(0, REASSEM_FRAG) { s = arg_s; @@ -68,7 +68,6 @@ FragReassembler::~FragReassembler() DeleteTimer(); delete [] proto_hdr; delete reassembled_pkt; - delete key; } void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt) diff --git a/src/Frag.h b/src/Frag.h index bf451cd5ed..8957237f03 100644 --- a/src/Frag.h +++ b/src/Frag.h @@ -3,6 +3,8 @@ #ifndef frag_h #define frag_h +#include + #include "util.h" #include "IP.h" #include "Net.h" @@ -17,10 +19,12 @@ class FragTimer; typedef void (FragReassembler::*frag_timer_func)(double t); +using FragReassemblerKey = std::tuple; + class FragReassembler : public Reassembler { public: FragReassembler(NetSessions* s, const IP_Hdr* ip, const u_char* pkt, - HashKey* k, double t); + const FragReassemblerKey& k, double t); ~FragReassembler() override; void AddFragment(double t, const IP_Hdr* ip, const u_char* pkt); @@ -30,7 +34,7 @@ public: void ClearTimer() { expire_timer = 0; } const IP_Hdr* ReassembledPkt() { return reassembled_pkt; } - HashKey* Key() const { return key; } + const FragReassemblerKey& Key() const { return key; } protected: void BlockInserted(DataBlock* start_block) override; @@ -43,7 +47,7 @@ protected: NetSessions* s; uint64_t frag_size; // size of fully reassembled fragment uint16_t next_proto; // first IPv6 fragment header's next proto field - HashKey* key; + FragReassemblerKey key; FragTimer* expire_timer; }; diff --git a/src/Sessions.cc b/src/Sessions.cc index 4ca4ec6ef6..34c159f772 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -87,17 +87,6 @@ void IPTunnelTimer::Dispatch(double t, int is_expire) NetSessions::NetSessions() { - TypeList* t = new TypeList(); - t->Append(base_type(TYPE_ADDR)); // source IP address - t->Append(base_type(TYPE_ADDR)); // dest IP address - t->Append(base_type(TYPE_COUNT)); // source and dest ports - - ch = new CompositeHash(t); - - Unref(t); - - fragments.SetDeleteFunc(bro_obj_delete_func); - if ( stp_correlate_pair ) stp_manager = new analyzer::stepping_stone::SteppingStoneManager(); else @@ -131,7 +120,6 @@ NetSessions::NetSessions() NetSessions::~NetSessions() { - delete ch; delete packet_filter; delete pkt_profiler; Unref(arp_analyzer); @@ -144,6 +132,8 @@ NetSessions::~NetSessions() Unref(entry.second); for ( const auto& entry : icmp_conns ) Unref(entry.second); + for ( const auto& entry : fragments ) + Unref(entry.second); } void NetSessions::Done() @@ -939,27 +929,22 @@ FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip, { uint32_t frag_id = ip->ID(); - ListVal* key = new ListVal(TYPE_ANY); - key->Append(new AddrVal(ip->SrcAddr())); - key->Append(new AddrVal(ip->DstAddr())); - key->Append(val_mgr->GetCount(frag_id)); + FragReassemblerKey key = std::make_tuple(ip->SrcAddr(), ip->DstAddr(), frag_id); - HashKey* h = ch->ComputeHash(key, 1); - if ( ! h ) - reporter->InternalError("hash computation failed"); + FragReassembler* f = nullptr; + auto it = fragments.find(key); + if ( it != fragments.end() ) + f = it->second; - FragReassembler* f = fragments.Lookup(h); if ( ! f ) { - f = new FragReassembler(this, ip, pkt, h, t); - fragments.Insert(h, f); - Unref(key); + f = new FragReassembler(this, ip, pkt, key, t); + fragments[key] = f; + if ( fragments.size() > stats.max_fragments ) + stats.max_fragments = fragments.size(); return f; } - delete h; - Unref(key); - f->AddFragment(t, ip, pkt); return f; } @@ -1097,15 +1082,8 @@ void NetSessions::Remove(FragReassembler* f) if ( ! f ) return; - HashKey* k = f->Key(); - - if ( k ) - { - if ( ! fragments.RemoveEntry(k) ) - reporter->InternalWarning("fragment reassembler not in dict"); - } - else - reporter->InternalWarning("missing fragment reassembler hash key"); + if ( fragments.erase(f->Key()) == 0 ) + reporter->InternalWarning("fragment reassembler not in dict"); Unref(f); } @@ -1188,13 +1166,13 @@ void NetSessions::GetStats(SessionStats& s) const s.cumulative_UDP_conns = stats.cumulative_UDP_conns; s.num_ICMP_conns = icmp_conns.size(); s.cumulative_ICMP_conns = stats.cumulative_ICMP_conns; - s.num_fragments = fragments.Length(); + s.num_fragments = fragments.size(); s.num_packets = num_packets_processed; s.max_TCP_conns = stats.max_TCP_conns; s.max_UDP_conns = stats.max_UDP_conns; s.max_ICMP_conns = stats.max_ICMP_conns; - s.max_fragments = fragments.MaxLength(); + s.max_fragments = stats.max_fragments; } Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id, @@ -1481,11 +1459,10 @@ unsigned int NetSessions::MemoryAllocation() return ConnectionMemoryUsage() + padded_sizeof(*this) - + ch->MemoryAllocation() + padded_sizeof(tcp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type))) + padded_sizeof(udp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type))) + padded_sizeof(icmp_conns.size() * (sizeof(ConnectionMap::key_type) + sizeof(ConnectionMap::value_type))) - + fragments.MemoryAllocation() - padded_sizeof(fragments) + + padded_sizeof(fragments.size() * (sizeof(FragmentMap::key_type) + sizeof(FragmentMap::value_type))) // FIXME: MemoryAllocation() not implemented for rest. ; } diff --git a/src/Sessions.h b/src/Sessions.h index 20ee491ff3..372982ff18 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -173,6 +173,7 @@ protected: friend class IPTunnelTimer; using ConnectionMap = std::map; + using FragmentMap = std::map; Connection* NewConn(const ConnIDKey& k, double t, const ConnID* id, const u_char* data, int proto, uint32_t flow_label, @@ -221,11 +222,10 @@ protected: // the new one. void InsertConnection(ConnectionMap* m, const ConnIDKey& key, Connection* conn); - CompositeHash* ch; ConnectionMap tcp_conns; ConnectionMap udp_conns; ConnectionMap icmp_conns; - PDict fragments; + FragmentMap fragments; SessionStats stats; From 01207c0720bb4a8bd8d818165d154c4272126927 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Wed, 31 Jul 2019 11:54:44 -0700 Subject: [PATCH 3/3] Fix unit tests for new ordering from NetSessions::Drain --- .../Baseline/core.cisco-fabric-path/conn.log | 30 +++++----- .../btest/Baseline/core.mpls-in-vlan/conn.log | 6 +- testing/btest/Baseline/core.pppoe/conn.log | 10 ++-- .../core.tcp.rxmit-history/conn-1.log | 4 +- .../core.tcp.rxmit-history/conn-2.log | 14 ++--- .../Baseline/core.tunnels.ayiya/conn.log | 10 ++-- .../Baseline/core.tunnels.ayiya/http.log | 4 +- .../Baseline/core.tunnels.ayiya/tunnel.log | 6 +- .../conn.log | 6 +- .../http.log | 4 +- .../tunnel.log | 6 +- .../core.tunnels.gtp.inner_teredo/conn.log | 26 ++++----- .../core.tunnels.gtp.inner_teredo/tunnel.log | 18 +++--- .../Baseline/core.tunnels.teredo/conn.log | 14 ++--- .../Baseline/core.tunnels.teredo/http.log | 4 +- .../Baseline/core.tunnels.teredo/tunnel.log | 6 +- .../conn.log | 8 +-- .../http.log | 4 +- .../tunnel.log | 6 +- .../weird.log | 4 +- .../Baseline/core.tunnels.vxlan/conn.log | 10 ++-- .../Baseline/core.tunnels.vxlan/tunnel.log | 6 +- .../scripts.base.files.pe.basic/pe.log | 6 +- .../conn.log | 56 +++++++++---------- .../conn.log | 56 +++++++++---------- .../conn.log | 56 +++++++++---------- .../conn.log | 56 +++++++++---------- .../local.log | 40 ++++++------- .../remote.log | 6 +- .../conn.log | 56 +++++++++---------- .../conn.log | 56 +++++++++---------- .../conn.log | 6 +- .../dce_rpc.log | 4 +- .../ntlm.log | 6 +- .../conn.log | 6 +- .../notice.log | 4 +- .../ssl.log | 4 +- .../x509.log | 4 +- .../ssl-out.log | 26 ++++----- .../all-events.log | 6 +- .../conn1.log | 56 +++++++++---------- .../conn2.log | 4 +- .../conn3.log | 4 +- 43 files changed, 362 insertions(+), 362 deletions(-) diff --git a/testing/btest/Baseline/core.cisco-fabric-path/conn.log b/testing/btest/Baseline/core.cisco-fabric-path/conn.log index eae407aceb..aee1c28ca9 100644 --- a/testing/btest/Baseline/core.cisco-fabric-path/conn.log +++ b/testing/btest/Baseline/core.cisco-fabric-path/conn.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2018-07-09-14-17-29 +#open 2019-07-31-18-49-55 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1529347003.860008 C7fIlMZDuRiqjpYbb 1.1.1.6 57005 2.2.2.2 48879 tcp - 0.001018 0 0 S0 - - 0 S 2 80 0 0 - @@ -22,20 +22,20 @@ 1529347003.883152 CPhDKt12KQPUVbQz06 1234::a 57005 5678:: 48879 tcp - 0.001005 0 0 S0 - - 0 S 2 120 0 0 - 1529347003.884945 CAnFrb2Cvxr5T7quOc 1234:: 57005 5678:: 48879 tcp - 0.001005 0 0 S0 - - 0 S 2 120 0 0 - 1529347003.886751 C8rquZ3DjgNW06JGLl 1234::2 57005 5678:: 48879 tcp - 0.001120 0 0 S0 - - 0 S 2 120 0 0 - -1529347003.851951 CFLRIC3zaTU1loLGxh 1234::4 57005 5678:: 48879 udp - 0.000905 0 0 S0 - - 0 D 2 96 0 0 - -1529347003.855232 Ck51lg1bScffFj34Ri 1234::a 57005 5678:: 48879 udp - 0.000894 0 0 S0 - - 0 D 2 96 0 0 - -1529347003.839636 CtPZjS20MLrsMUOJi2 1.1.1.12 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 - - 0 D 2 56 0 0 - -1529347003.858393 CNnMIj2QSd84NKf7U3 1234::2 57005 5678:: 48879 udp - 0.000902 0 0 S0 - - 0 D 2 96 0 0 - -1529347003.842649 CmES5u32sYpV7JYN 1.1.1.2 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 - - 0 D 2 56 0 0 - -1529347003.850367 C0LAHyvtKSQHyJxIl 1234::6 57005 5678:: 48879 udp - 0.000898 0 0 S0 - - 0 D 2 96 0 0 - -1529347003.848776 CwjjYJ2WqgTbAqiHl6 1234::c 57005 5678:: 48879 udp - 0.000902 0 0 S0 - - 0 D 2 96 0 0 - -1529347003.856801 C9mvWx3ezztgzcexV7 1234:: 57005 5678:: 48879 udp - 0.000898 0 0 S0 - - 0 D 2 96 0 0 - 1529347003.841103 CUM0KZ3MLUfNB0cl11 1.1.1.0 57005 2.2.2.2 48879 udp - 0.000926 0 0 S0 - - 0 D 2 56 0 0 - -1529347003.845524 C37jN32gN3y3AZzyf6 1.1.1.10 57005 2.2.2.2 48879 udp - 0.000843 0 0 S0 - - 0 D 2 56 0 0 - -1529347003.847079 C3eiCBGOLw3VtHfOj 1234::e 57005 5678:: 48879 udp - 0.001014 0 0 S0 - - 0 D 2 96 0 0 - -1529347003.853544 C9rXSW3KSpTYvPrlI1 1234::8 57005 5678:: 48879 udp - 0.001010 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.842649 CmES5u32sYpV7JYN 1.1.1.2 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 - - 0 D 2 56 0 0 - 1529347003.836659 ClEkJM2Vm5giqnMf4h 1.1.1.4 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 - - 0 D 2 56 0 0 - -1529347003.838130 C4J4Th3PJpwUYZZ6gc 1.1.1.14 57005 2.2.2.2 48879 udp - 0.000880 0 0 S0 - - 0 D 2 56 0 0 - -1529347003.844086 CP5puj4I8PtEU4qzYg 1.1.1.8 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 - - 0 D 2 56 0 0 - 1529347003.834704 CHhAvVGS1DHFjwGM9 1.1.1.6 57005 2.2.2.2 48879 udp - 0.001243 0 0 S0 - - 0 D 2 56 0 0 - -#close 2018-07-09-14-17-29 +1529347003.844086 CP5puj4I8PtEU4qzYg 1.1.1.8 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 - - 0 D 2 56 0 0 - +1529347003.845524 C37jN32gN3y3AZzyf6 1.1.1.10 57005 2.2.2.2 48879 udp - 0.000843 0 0 S0 - - 0 D 2 56 0 0 - +1529347003.839636 CtPZjS20MLrsMUOJi2 1.1.1.12 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 - - 0 D 2 56 0 0 - +1529347003.838130 C4J4Th3PJpwUYZZ6gc 1.1.1.14 57005 2.2.2.2 48879 udp - 0.000880 0 0 S0 - - 0 D 2 56 0 0 - +1529347003.856801 C9mvWx3ezztgzcexV7 1234:: 57005 5678:: 48879 udp - 0.000898 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.858393 CNnMIj2QSd84NKf7U3 1234::2 57005 5678:: 48879 udp - 0.000902 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.851951 CFLRIC3zaTU1loLGxh 1234::4 57005 5678:: 48879 udp - 0.000905 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.850367 C0LAHyvtKSQHyJxIl 1234::6 57005 5678:: 48879 udp - 0.000898 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.853544 C9rXSW3KSpTYvPrlI1 1234::8 57005 5678:: 48879 udp - 0.001010 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.855232 Ck51lg1bScffFj34Ri 1234::a 57005 5678:: 48879 udp - 0.000894 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.848776 CwjjYJ2WqgTbAqiHl6 1234::c 57005 5678:: 48879 udp - 0.000902 0 0 S0 - - 0 D 2 96 0 0 - +1529347003.847079 C3eiCBGOLw3VtHfOj 1234::e 57005 5678:: 48879 udp - 0.001014 0 0 S0 - - 0 D 2 96 0 0 - +#close 2019-07-31-18-49-55 diff --git a/testing/btest/Baseline/core.mpls-in-vlan/conn.log b/testing/btest/Baseline/core.mpls-in-vlan/conn.log index 5cbd2c5405..8d56967587 100644 --- a/testing/btest/Baseline/core.mpls-in-vlan/conn.log +++ b/testing/btest/Baseline/core.mpls-in-vlan/conn.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-12-55 +#open 2019-07-31-18-52-05 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1371685686.536606 CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 - -1371686961.479321 C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 - 1371686961.156859 ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 ^d 0 0 1 1500 - -#close 2016-07-13-16-12-55 +1371686961.479321 C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 - +#close 2019-07-31-18-52-05 diff --git a/testing/btest/Baseline/core.pppoe/conn.log b/testing/btest/Baseline/core.pppoe/conn.log index cb6579e9e2..cccac342b3 100644 --- a/testing/btest/Baseline/core.pppoe/conn.log +++ b/testing/btest/Baseline/core.pppoe/conn.log @@ -3,14 +3,14 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-12-57 +#open 2019-07-31-18-52-11 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1284385417.962560 CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 - 1284385418.014560 CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 - -1284385411.035560 CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 - +1284385417.962560 CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 - 1284385451.658560 CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 - -1284385412.963560 C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 - 1284385413.027560 CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 - 1284385411.091560 ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 - -#close 2016-07-13-16-12-57 +1284385411.035560 CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 - +1284385412.963560 C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 - +#close 2019-07-31-18-52-11 diff --git a/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log b/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log index 466f882257..13bb65c064 100644 --- a/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log +++ b/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path conn -#open 2019-04-17-20-42-43 +#open 2019-07-31-18-52-37 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1285862902.700271 CHhAvVGS1DHFjwGM9 10.0.88.85 50368 192.168.0.27 80 tcp - 60.991770 474 23783 RSTO - - 24257 ShADaGdgtR 17 1250 22 28961 - -#close 2019-04-17-20-42-43 +#close 2019-07-31-18-52-37 diff --git a/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log b/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log index e75d9487d0..eb3f90ef97 100644 --- a/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log +++ b/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2019-04-17-20-42-44 +#open 2019-07-31-18-52-37 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475167.096535 CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 - @@ -30,14 +30,14 @@ 1300475173.116749 C8rquZ3DjgNW06JGLl fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - - 0 D 2 162 0 0 - 1300475173.117362 CzrZOtXqhwwndQva3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - - 0 D 2 122 0 0 - 1300475173.153679 CaGCc13FffXe6RkQl9 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - - 0 D 1 78 0 0 - -1300475169.780331 CFSwNi4CNGxcuffo49 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h 0 0 1 48 - -1300475168.892913 CykQaM33ztNt0csB9a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - -1300475168.724007 CUM0KZ3MLUfNB0cl11 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - -1300475168.855330 CwjjYJ2WqgTbAqiHl6 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - -1300475168.855305 C3eiCBGOLw3VtHfOj 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 1300475168.652003 CtPZjS20MLrsMUOJi2 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 1300475168.902635 CiyBAq1bBLNaTiTAc 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - +1300475168.855305 C3eiCBGOLw3VtHfOj 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - +1300475168.855330 CwjjYJ2WqgTbAqiHl6 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 1300475168.859163 Ck51lg1bScffFj34Ri 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - +1300475168.892913 CykQaM33ztNt0csB9a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 1300475168.892936 CtxTCR2Yer0FR1tIBg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475168.895267 CLNN1k2QMum1aexUK7 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -#close 2019-04-17-20-42-44 +1300475168.724007 CUM0KZ3MLUfNB0cl11 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - +1300475169.780331 CFSwNi4CNGxcuffo49 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - - 0 ^h 0 0 1 48 - +#close 2019-07-31-18-52-37 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/conn.log b/testing/btest/Baseline/core.tunnels.ayiya/conn.log index 662918b83a..721bb47da6 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/conn.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/conn.log @@ -3,15 +3,15 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-04 +#open 2019-07-31-18-52-20 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1257655301.595604 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 C4J4Th3PJpwUYZZ6gc -1257655296.585034 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 - 1257655293.629048 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 ^d 0 0 1 176 - +1257655296.585034 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 - 1257655296.585333 CP5puj4I8PtEU4qzYg :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 C4J4Th3PJpwUYZZ6gc -1257655296.585151 CUM0KZ3MLUfNB0cl11 fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc -1257655296.585034 CtPZjS20MLrsMUOJi2 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc 1257655293.629048 ClEkJM2Vm5giqnMf4h 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - - 0 - 3 312 1 104 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc 1257655296.585188 CmES5u32sYpV7JYN fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc -#close 2016-07-13-16-13-04 +1257655296.585034 CtPZjS20MLrsMUOJi2 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc +1257655296.585151 CUM0KZ3MLUfNB0cl11 fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 C4J4Th3PJpwUYZZ6gc +#close 2019-07-31-18-52-20 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/http.log b/testing/btest/Baseline/core.tunnels.ayiya/http.log index ee4a4d6d18..11dd33f71e 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/http.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/http.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path http -#open 2019-03-13-20-02-18 +#open 2019-07-31-18-52-20 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types #types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] 1257655301.652206 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) - 0 10102 200 OK - - (empty) - - - - - - FYAtjT24MvCBUs5K5f - text/html 1257655302.514424 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) - 0 0 204 No Content - - (empty) - - - - - - - - - 1257655303.603569 C37jN32gN3y3AZzyf6 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) - 0 0 204 No Content - - (empty) - - - - - - - - - -#close 2019-03-13-20-02-18 +#close 2019-07-31-18-52-20 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log index c862be0180..365cd56e9e 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2016-07-13-16-13-04 +#open 2019-07-31-18-52-20 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1257655293.629048 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER 1257655296.585034 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER -1257655317.464035 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE 1257655317.464035 CHhAvVGS1DHFjwGM9 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE -#close 2016-07-13-16-13-04 +1257655317.464035 C4J4Th3PJpwUYZZ6gc 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE +#close 2019-07-31-18-52-20 diff --git a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log index ce137763d0..56ea7e6ab2 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log +++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-06 +#open 2019-07-31-18-53-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1333458850.321642 ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc -1333458850.321642 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 - 1333458850.325787 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 - -#close 2016-07-13-16-13-06 +1333458850.321642 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 - +#close 2019-07-31-18-53-16 diff --git a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log index 779a50d1ef..7e8429cb62 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log +++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path http -#open 2019-03-13-20-03-31 +#open 2019-07-31-18-53-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types #types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] 1333458850.340368 ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 1 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) - 0 31461 200 OK - - (empty) - - - - - - FHKKd91EMHBEK0hbdg - application/x-shockwave-flash 1333458850.399501 ClEkJM2Vm5giqnMf4h 10.131.17.170 51803 173.199.115.168 80 2 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) - 0 31461 200 OK - - (empty) - - - - - - Fu64Vqjy6nBop9nRd - application/x-shockwave-flash -#close 2019-03-13-20-03-31 +#close 2019-07-31-18-53-16 diff --git a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log index 7f76b9623e..8a72494566 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2016-07-13-16-13-06 +#open 2019-07-31-18-53-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1333458850.321642 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::DISCOVER 1333458850.325787 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::DISCOVER -1333458850.579544 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::CLOSE 1333458850.579544 C4J4Th3PJpwUYZZ6gc 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::CLOSE -#close 2016-07-13-16-13-06 +1333458850.579544 CHhAvVGS1DHFjwGM9 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::CLOSE +#close 2019-07-31-18-53-16 diff --git a/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log b/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log index 53ab0420a6..7eda50f6ae 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log +++ b/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log @@ -3,24 +3,24 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-08 +#open 2019-07-31-18-53-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1333458850.014199 ClEkJM2Vm5giqnMf4h 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CHhAvVGS1DHFjwGM9 -1333458850.035456 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6 -1333458850.029783 C37jN32gN3y3AZzyf6 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN -1333458850.040098 C7fIlMZDuRiqjpYbb 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CNnMIj2QSd84NKf7U3 -1333458850.037956 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 - -1333458850.035460 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6 -1333458850.040098 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 - -1333458850.035456 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 - -1333458850.029781 CP5puj4I8PtEU4qzYg 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN 1333458850.032887 C3eiCBGOLw3VtHfOj 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 C4J4Th3PJpwUYZZ6gc 1333458850.037956 C9mvWx3ezztgzcexV7 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 Ck51lg1bScffFj34Ri -1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 - -1333458850.016620 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 - +1333458850.029783 C37jN32gN3y3AZzyf6 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN +1333458850.040098 C7fIlMZDuRiqjpYbb 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CNnMIj2QSd84NKf7U3 +1333458850.014199 ClEkJM2Vm5giqnMf4h 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CHhAvVGS1DHFjwGM9 1333458850.016620 CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - - 0 D 1 80 0 0 C4J4Th3PJpwUYZZ6gc +1333458850.029781 CP5puj4I8PtEU4qzYg 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CmES5u32sYpV7JYN +1333458850.035456 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6 +1333458850.035460 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CwjjYJ2WqgTbAqiHl6 +1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 - +1333458850.040098 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 - +1333458850.016620 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 - +1333458850.037956 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 - 1333458850.029781 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 - +1333458850.035456 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 - 1333458850.016620 CUM0KZ3MLUfNB0cl11 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CtPZjS20MLrsMUOJi2 1333458850.035456 CFLRIC3zaTU1loLGxh fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 C9rXSW3KSpTYvPrlI1,C0LAHyvtKSQHyJxIl -#close 2016-07-13-16-13-08 +#close 2019-07-31-18-53-23 diff --git a/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log b/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log index 8d8671f57e..b0fd3f8e2f 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2016-07-13-16-13-08 +#open 2019-07-31-18-53-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::DISCOVER @@ -15,13 +15,13 @@ 1333458850.035460 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 Tunnel::TEREDO Tunnel::DISCOVER 1333458850.037956 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::DISCOVER 1333458850.040098 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::DISCOVER -1333458850.043796 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 Tunnel::TEREDO Tunnel::CLOSE -1333458850.043796 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::CLOSE -1333458850.043796 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 Tunnel::TEREDO Tunnel::CLOSE -1333458850.043796 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE -1333458850.043796 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 Tunnel::GTPv1 Tunnel::CLOSE -1333458850.043796 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE -1333458850.043796 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE 1333458850.043796 CtPZjS20MLrsMUOJi2 172.24.16.121 61901 94.245.121.251 3544 Tunnel::TEREDO Tunnel::CLOSE +1333458850.043796 C0LAHyvtKSQHyJxIl 172.27.159.9 63912 94.245.121.253 3544 Tunnel::TEREDO Tunnel::CLOSE +1333458850.043796 C9rXSW3KSpTYvPrlI1 172.27.159.9 63912 94.245.121.254 3544 Tunnel::TEREDO Tunnel::CLOSE +1333458850.043796 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE +1333458850.043796 CNnMIj2QSd84NKf7U3 174.94.190.229 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::CLOSE +1333458850.043796 C4J4Th3PJpwUYZZ6gc 174.94.190.229 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE +1333458850.043796 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::CLOSE 1333458850.043796 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE -#close 2016-07-13-16-13-08 +1333458850.043796 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 Tunnel::GTPv1 Tunnel::CLOSE +#close 2019-07-31-18-53-23 diff --git a/testing/btest/Baseline/core.tunnels.teredo/conn.log b/testing/btest/Baseline/core.tunnels.teredo/conn.log index 159ad78bb6..d2ff8a99a1 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo/conn.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-14 +#open 2019-07-31-18-53-28 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1210953047.736921 ClEkJM2Vm5giqnMf4h 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 ^fA 1 40 1 40 - @@ -16,15 +16,15 @@ 1210953074.264819 CtxTCR2Yer0FR1tIBg 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 - 1210953074.570439 CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 - 1210953074.057124 CykQaM33ztNt0csB9a 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 - -1210953061.312379 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri -1210953076.058333 C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 - 1210953074.055744 C7fIlMZDuRiqjpYbb 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 - -1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 - -1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 - +1210953076.058333 C1Xkzz2MaGtLrc1Tla 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 ^r 0 0 1 40 - +1210953061.312379 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 Ck51lg1bScffFj34Ri 1210953058.933954 C9rXSW3KSpTYvPrlI1 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 - +1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 - +1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 - 1210953060.829233 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 - 1210953046.591933 CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 - -1210953052.324629 CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CmES5u32sYpV7JYN 1210953060.829303 C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 CtPZjS20MLrsMUOJi2,Ck51lg1bScffFj34Ri +1210953052.324629 CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CmES5u32sYpV7JYN 1210953052.202579 CUM0KZ3MLUfNB0cl11 fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CtPZjS20MLrsMUOJi2 -#close 2016-07-13-16-13-14 +#close 2019-07-31-18-53-28 diff --git a/testing/btest/Baseline/core.tunnels.teredo/http.log b/testing/btest/Baseline/core.tunnels.teredo/http.log index ff361391cf..c0558c0ab9 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/http.log +++ b/testing/btest/Baseline/core.tunnels.teredo/http.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path http -#open 2019-03-13-20-10-25 +#open 2019-07-31-18-53-28 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types #types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] 1210953057.917183 C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - 1.1 Syncer/4.80 (av_pro-1169;f) - 589 0 204 - - (empty) - - - Fp32SIJztq0Szn5Qc - text/plain - - - 1210953061.585996 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 6640 200 OK - - (empty) - - - - - - FNFYdH11h5iQcoD3a2 - text/html 1210953073.381474 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 25119 200 OK - - (empty) - - - - - - FHD5nv1iSVFZVM0aH7 - text/html 1210953074.674817 CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 11845 200 OK - - (empty) - - - - - - FS7lUf2cJFAVBCu6w6 - text/html -#close 2019-03-13-20-10-25 +#close 2019-07-31-18-53-28 diff --git a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log index 192a0a9295..9ed0056883 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log @@ -3,13 +3,13 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2016-07-13-16-13-14 +#open 2019-07-31-18-53-28 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER 1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::DISCOVER 1210953061.292918 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::DISCOVER -1210953076.058333 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE +1210953076.058333 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE -#close 2016-07-13-16-13-14 +#close 2019-07-31-18-53-28 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log index 3b4f3da36e..1245d4562e 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log @@ -3,14 +3,14 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-07-13-16-13-14 +#open 2019-07-31-18-53-34 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1340127577.354166 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11 -1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 - 1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 - +1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 - 1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 - -1340127577.339015 CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc 1340127577.343969 CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CUM0KZ3MLUfNB0cl11,CHhAvVGS1DHFjwGM9 +1340127577.339015 CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc 1340127577.336558 ClEkJM2Vm5giqnMf4h fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CHhAvVGS1DHFjwGM9 -#close 2016-07-13-16-13-14 +#close 2019-07-31-18-53-34 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log index 8f7bbbf756..4a8ec3a050 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path http -#open 2019-03-13-19-35-20 +#open 2019-07-31-18-53-34 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types #types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] 1340127577.361683 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 6640 200 OK - - (empty) - - - - - - FWSTWv4EZLVlc2Zywi - text/html 1340127577.379360 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 25119 200 OK - - (empty) - - - - - - FGKV3B3jz083xhGO13 - text/html -#close 2019-03-13-19-35-20 +#close 2019-07-31-18-53-34 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log index 9b33152de1..86dc6aeff8 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log @@ -3,13 +3,13 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2016-07-13-16-13-14 +#open 2019-07-31-18-53-34 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER 1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::DISCOVER 1340127577.351747 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::DISCOVER -1340127577.406995 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE +1340127577.406995 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE -#close 2016-07-13-16-13-14 +#close 2019-07-31-18-53-34 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log index 8c80b270b3..55f8a4d569 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path weird -#open 2019-06-07-01-59-35 +#open 2019-07-31-18-53-34 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F zeek 1340127577.346849 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F zeek -#close 2019-06-07-01-59-35 +#close 2019-07-31-18-53-34 diff --git a/testing/btest/Baseline/core.tunnels.vxlan/conn.log b/testing/btest/Baseline/core.tunnels.vxlan/conn.log index 3805f6d92f..5074fae096 100644 --- a/testing/btest/Baseline/core.tunnels.vxlan/conn.log +++ b/testing/btest/Baseline/core.tunnels.vxlan/conn.log @@ -3,12 +3,12 @@ #empty_field (empty) #unset_field - #path conn -#open 2019-03-12-03-29-46 +#open 2019-07-31-18-53-40 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1467818432.676047 C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 udp vxlan 3.004434 424 0 S0 - - 0 D 4 536 0 0 - -1467818432.675392 CHhAvVGS1DHFjwGM9 192.168.56.11 39924 192.168.56.12 4789 udp - - - - S0 - - 0 D 1 78 0 0 - -1467818432.675732 ClEkJM2Vm5giqnMf4h 192.168.56.12 40908 192.168.56.11 4789 udp - - - - S0 - - 0 D 1 78 0 0 - 1467818432.676385 CUM0KZ3MLUfNB0cl11 192.168.56.12 38071 192.168.56.11 4789 udp vxlan 3.004278 424 0 S0 - - 0 D 4 536 0 0 - +1467818432.675732 ClEkJM2Vm5giqnMf4h 192.168.56.12 40908 192.168.56.11 4789 udp - - - - S0 - - 0 D 1 78 0 0 - +1467818432.675392 CHhAvVGS1DHFjwGM9 192.168.56.11 39924 192.168.56.12 4789 udp - - - - S0 - - 0 D 1 78 0 0 - +1467818432.676047 C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 udp vxlan 3.004434 424 0 S0 - - 0 D 4 536 0 0 - 1467818432.676047 CtPZjS20MLrsMUOJi2 10.0.0.1 8 10.0.0.2 0 icmp - 3.004616 224 224 OTH - - 0 - 4 336 4 336 CUM0KZ3MLUfNB0cl11,C4J4Th3PJpwUYZZ6gc -#close 2019-03-12-03-29-46 +#close 2019-07-31-18-53-40 diff --git a/testing/btest/Baseline/core.tunnels.vxlan/tunnel.log b/testing/btest/Baseline/core.tunnels.vxlan/tunnel.log index 95f062bd67..27bdb043fc 100644 --- a/testing/btest/Baseline/core.tunnels.vxlan/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.vxlan/tunnel.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2019-03-12-03-29-46 +#open 2019-07-31-18-53-40 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1467818432.676047 C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 Tunnel::VXLAN Tunnel::DISCOVER 1467818432.676385 CUM0KZ3MLUfNB0cl11 192.168.56.12 38071 192.168.56.11 4789 Tunnel::VXLAN Tunnel::DISCOVER -1467818435.680663 C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 Tunnel::VXLAN Tunnel::CLOSE 1467818435.680663 CUM0KZ3MLUfNB0cl11 192.168.56.12 38071 192.168.56.11 4789 Tunnel::VXLAN Tunnel::CLOSE -#close 2019-03-12-03-29-46 +1467818435.680663 C4J4Th3PJpwUYZZ6gc 192.168.56.11 48134 192.168.56.12 4789 Tunnel::VXLAN Tunnel::CLOSE +#close 2019-07-31-18-53-40 diff --git a/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log b/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log index ebf5ebf019..9a3a63fb8d 100644 --- a/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log +++ b/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path pe -#open 2016-07-13-16-14-17 +#open 2019-07-31-20-22-07 #fields ts id machine compile_ts os subsystem is_exe is_64bit uses_aslr uses_dep uses_code_integrity uses_seh has_import_table has_export_table has_cert_table has_debug_data section_names #types time string string time string string bool bool bool bool bool bool bool bool bool bool vector[string] 1429466342.201366 Fz2N9x4SAxQiSnI6mk unknown-475 0.000000 - - F T F F F T - - - - - +1429466342.225653 Fzysjj1zfjAcgWgm22 I386 1171692517.000000 Windows XP x64 or Server 2003 WINDOWS_GUI T F F F F T T F F T .text,.data,.rsrc 1429466342.250474 FOuWFKf04xcHH4ck I386 1210911433.000000 Windows 95 or NT 4.0 WINDOWS_CUI T F F F F T T F T T .text,.rdata,.data,.rsrc 1429466342.278998 F5fc4q3zhJHmYSvm8a I386 1402852568.000000 Windows 95 or NT 4.0 WINDOWS_GUI T F F F F T T T F F .text,.Ddata,.data,.rsrc -1429466342.225653 Fzysjj1zfjAcgWgm22 I386 1171692517.000000 Windows XP x64 or Server 2003 WINDOWS_GUI T F F F F T T F F T .text,.data,.rsrc -#close 2016-07-13-16-14-17 +#close 2019-07-31-20-22-07 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-complex/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-complex/conn.log index 1919c5f9d1..8539a94060 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-complex/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-complex/conn.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-08-10-20-36-59 +#open 2019-08-01-00-38-38 #fields _write_ts _stream _innerLogged.a _innerLogged.c _innerLogged.d _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string count count set[count] string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475173.475401 conn 1 3 2,4,1,3 - 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854378 CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892037 C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854837 Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.853899 C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.893988 CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - -#close 2016-08-10-20-36-59 +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.902195 CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.901749 CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.891644 C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858713 CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.892414 CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475168.858306 CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475169.899438 CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.099816 CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.096535 CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475170.862384 Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.677081 CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.117362 CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.153679 CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475167.097012 C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475173.116749 CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - +1300475173.475401 conn 1 3 2,4,1,3 - 1300475171.675372 CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - +#close 2019-08-01-00-38-38 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-optional/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-optional/conn.log index 63c348ce42..7c106dcba1 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-optional/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-optional/conn.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2019-06-07-02-20-04 +#open 2019-08-01-00-38-35 #fields _write_ts _system_name _undefined_string ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475173.475401 zeek - 1300475173.475401 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - -1300475173.475401 zeek - 1300475173.475401 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - -1300475173.475401 zeek - 1300475173.475401 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - -1300475173.475401 zeek - 1300475173.475401 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - -1300475173.475401 zeek - 1300475173.475401 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 1300475173.475401 zeek - 1300475173.475401 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 1300475173.475401 zeek - 1300475173.475401 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - +1300475173.475401 zeek - 1300475173.475401 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - +1300475173.475401 zeek - 1300475173.475401 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 1300475173.475401 zeek - 1300475173.475401 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - +1300475173.475401 zeek - 1300475173.475401 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 1300475173.475401 zeek - 1300475173.475401 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475173.475401 zeek - 1300475173.475401 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -1300475173.475401 zeek - 1300475173.475401 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 zeek - 1300475173.475401 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - -1300475173.475401 zeek - 1300475173.475401 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - -1300475173.475401 zeek - 1300475173.475401 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - -1300475173.475401 zeek - 1300475173.475401 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - -1300475173.475401 zeek - 1300475173.475401 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 zeek - 1300475173.475401 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - +1300475173.475401 zeek - 1300475173.475401 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 zeek - 1300475173.475401 CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 zeek - 1300475173.475401 C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 zeek - 1300475173.475401 Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 zeek - 1300475173.475401 C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 zeek - 1300475173.475401 CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 1300475173.475401 zeek - 1300475173.475401 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 1300475173.475401 zeek - 1300475173.475401 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 zeek - 1300475173.475401 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - -1300475173.475401 zeek - 1300475173.475401 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - -1300475173.475401 zeek - 1300475173.475401 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - -1300475173.475401 zeek - 1300475173.475401 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 zeek - 1300475173.475401 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - -1300475173.475401 zeek - 1300475173.475401 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.475401 zeek - 1300475173.475401 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - -1300475173.475401 zeek - 1300475173.475401 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 zeek - 1300475173.475401 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - -1300475173.475401 zeek - 1300475173.475401 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - -1300475173.475401 zeek - 1300475173.475401 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 zeek - 1300475173.475401 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.475401 zeek - 1300475173.475401 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - -1300475173.475401 zeek - 1300475173.475401 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 zeek - 1300475173.475401 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 zeek - 1300475173.475401 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - -#close 2019-06-07-02-20-04 +1300475173.475401 zeek - 1300475173.475401 CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - +1300475173.475401 zeek - 1300475173.475401 CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - +1300475173.475401 zeek - 1300475173.475401 C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 zeek - 1300475173.475401 CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 zeek - 1300475173.475401 CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 zeek - 1300475173.475401 CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 zeek - 1300475173.475401 CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - +1300475173.475401 zeek - 1300475173.475401 CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - +1300475173.475401 zeek - 1300475173.475401 CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - +1300475173.475401 zeek - 1300475173.475401 Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - +1300475173.475401 zeek - 1300475173.475401 CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.475401 zeek - 1300475173.475401 CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.475401 zeek - 1300475173.475401 CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - +1300475173.475401 zeek - 1300475173.475401 C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - +1300475173.475401 zeek - 1300475173.475401 CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - +1300475173.475401 zeek - 1300475173.475401 CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - +#close 2019-08-01-00-38-35 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log index 6447a50a69..bf898ca51f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2019-06-07-02-20-03 +#open 2019-08-01-00-38-32 #fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475173.475401 conn zeek 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - -1300475173.475401 conn zeek 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - -1300475173.475401 conn zeek 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - -1300475173.475401 conn zeek 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - -1300475173.475401 conn zeek 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 1300475173.475401 conn zeek 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 1300475173.475401 conn zeek 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - +1300475173.475401 conn zeek 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - +1300475173.475401 conn zeek 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 1300475173.475401 conn zeek 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - +1300475173.475401 conn zeek 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 1300475173.475401 conn zeek 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475173.475401 conn zeek 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -1300475173.475401 conn zeek 1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 conn zeek 1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - -1300475173.475401 conn zeek 1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - -1300475173.475401 conn zeek 1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - -1300475173.475401 conn zeek 1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - -1300475173.475401 conn zeek 1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn zeek 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - +1300475173.475401 conn zeek 1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 conn zeek 1300475168.854378 CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 conn zeek 1300475168.892037 C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 conn zeek 1300475168.854837 Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn zeek 1300475168.853899 C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 conn zeek 1300475168.893988 CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 1300475173.475401 conn zeek 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 1300475173.475401 conn zeek 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn zeek 1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - -1300475173.475401 conn zeek 1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - -1300475173.475401 conn zeek 1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - -1300475173.475401 conn zeek 1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn zeek 1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - -1300475173.475401 conn zeek 1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.475401 conn zeek 1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - -1300475173.475401 conn zeek 1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn zeek 1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - -1300475173.475401 conn zeek 1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - -1300475173.475401 conn zeek 1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - -1300475173.475401 conn zeek 1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.475401 conn zeek 1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - -1300475173.475401 conn zeek 1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 conn zeek 1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - -1300475173.475401 conn zeek 1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - -#close 2019-06-07-02-20-03 +1300475173.475401 conn zeek 1300475168.902195 CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - +1300475173.475401 conn zeek 1300475168.901749 CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - +1300475173.475401 conn zeek 1300475168.891644 C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - +1300475173.475401 conn zeek 1300475168.858713 CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn zeek 1300475168.892414 CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - +1300475173.475401 conn zeek 1300475168.858306 CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - +1300475173.475401 conn zeek 1300475169.899438 CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - +1300475173.475401 conn zeek 1300475167.099816 CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - +1300475173.475401 conn zeek 1300475167.096535 CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - +1300475173.475401 conn zeek 1300475170.862384 Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - +1300475173.475401 conn zeek 1300475171.677081 CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.475401 conn zeek 1300475173.117362 CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.475401 conn zeek 1300475173.153679 CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - +1300475173.475401 conn zeek 1300475167.097012 C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - +1300475173.475401 conn zeek 1300475173.116749 CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - +1300475173.475401 conn zeek 1300475171.675372 CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - +#close 2019-08-01-00-38-32 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log index 26ea9cd33c..87ba387492 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-08-10-16-51-09 +#open 2019-08-01-00-38-43 #fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - -1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - -1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - -1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - -1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - +1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - +1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - +1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - -1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - -1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - -1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - -1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - +1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.854378 CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - +1300475168.892037 C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - +1300475168.854837 Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.853899 C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.893988 CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - -1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - -1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - -1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - -1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - -1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - -1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - -1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - -1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - -1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - -1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - -1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - -1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - -#close 2016-08-10-16-51-09 +1300475168.902195 CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - +1300475168.901749 CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - +1300475168.891644 C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.858713 CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.892414 CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.858306 CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - +1300475169.899438 CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - +1300475167.099816 CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - +1300475167.096535 CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - +1300475170.862384 Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - +1300475171.677081 CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.117362 CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.153679 CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - +1300475167.097012 C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - +1300475173.116749 CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - +1300475171.675372 CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - +#close 2019-08-01-00-38-43 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log index 821a73524e..065d293620 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log @@ -3,37 +3,37 @@ #empty_field (empty) #unset_field - #path local -#open 2016-07-13-16-15-14 +#open 2019-08-01-00-38-50 #fields ts id.orig_h #types time addr -1300475168.892913 141.142.220.118 -1300475168.724007 141.142.220.118 -1300475168.855330 141.142.220.118 -1300475168.855305 141.142.220.118 1300475168.652003 141.142.220.118 1300475168.902635 141.142.220.118 +1300475168.855305 141.142.220.118 +1300475168.855330 141.142.220.118 1300475168.859163 141.142.220.118 +1300475168.892913 141.142.220.118 1300475168.892936 141.142.220.118 1300475168.895267 141.142.220.118 -1300475168.853899 141.142.220.118 -1300475168.901749 141.142.220.118 -1300475168.902195 141.142.220.118 -1300475168.858713 141.142.220.118 -1300475167.099816 141.142.220.50 +1300475168.724007 141.142.220.118 +1300475168.857956 141.142.220.118 +1300475168.854378 141.142.220.118 +1300475168.892037 141.142.220.118 1300475168.854837 141.142.220.118 +1300475168.853899 141.142.220.118 +1300475168.893988 141.142.220.118 1300475168.894787 141.142.220.118 1300475168.894422 141.142.220.118 -1300475169.899438 141.142.220.44 -1300475170.862384 141.142.220.226 +1300475168.902195 141.142.220.118 +1300475168.901749 141.142.220.118 +1300475168.891644 141.142.220.118 +1300475168.858713 141.142.220.118 1300475168.892414 141.142.220.118 1300475168.858306 141.142.220.118 +1300475169.899438 141.142.220.44 +1300475167.099816 141.142.220.50 +1300475167.096535 141.142.220.202 +1300475170.862384 141.142.220.226 +1300475171.677081 141.142.220.226 1300475173.117362 141.142.220.226 1300475173.153679 141.142.220.238 -1300475168.892037 141.142.220.118 -1300475167.096535 141.142.220.202 -1300475168.854378 141.142.220.118 -1300475171.677081 141.142.220.226 -1300475168.893988 141.142.220.118 -1300475168.857956 141.142.220.118 -1300475168.891644 141.142.220.118 -#close 2016-07-13-16-15-14 +#close 2019-08-01-00-38-50 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log index 3df0aded82..8cb6a9b3f7 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path remote -#open 2016-07-13-16-15-14 +#open 2019-08-01-00-38-50 #fields ts id.orig_h #types time addr 1300475169.780331 173.192.163.128 1300475167.097012 fe80::217:f2ff:fed7:cf65 -1300475171.675372 fe80::3074:17d5:2052:c324 1300475173.116749 fe80::3074:17d5:2052:c324 -#close 2016-07-13-16-15-14 +1300475171.675372 fe80::3074:17d5:2052:c324 +#close 2019-08-01-00-38-50 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log index da75aa01ec..7dca5690fe 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-08-10-16-53-04 +#open 2019-07-31-23-54-13 #fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - -1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - -1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - -1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - -1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - +1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - +1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - +1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - -1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - -1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - -1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - -1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - +1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.854378 CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - +1300475168.892037 C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - +1300475168.854837 Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.853899 C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.893988 CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - -1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - -1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - -1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - -1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - -1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - -1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - -1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - -1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - -1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - -1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - -1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - -1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - -#close 2016-08-10-16-53-04 +1300475168.902195 CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - +1300475168.901749 CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - +1300475168.891644 C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.858713 CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.892414 CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.858306 CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - +1300475169.899438 CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - +1300475167.099816 CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - +1300475167.096535 CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - +1300475170.862384 Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - +1300475171.677081 CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.117362 CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.153679 CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - +1300475167.097012 C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - +1300475173.116749 CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - +1300475171.675372 CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - +#close 2019-07-31-23-54-13 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log index 36afb8856c..b5573e74e4 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-08-10-16-53-37 +#open 2019-07-31-23-54-16 #fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - -1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - -1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - -1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - -1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - +1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - +1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - +1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - -1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - -1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - -1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - -1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - -1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - +1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.854378 CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - +1300475168.892037 C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - +1300475168.854837 Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.853899 C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.893988 CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - -1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - -1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - -1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - -1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - -1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - -1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - -1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - -1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - -1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - -1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - -1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - -1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - -1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - -1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - -#close 2016-08-10-16-53-37 +1300475168.902195 CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - +1300475168.901749 CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - +1300475168.891644 C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - +1300475168.858713 CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.892414 CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - +1300475168.858306 CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - +1300475169.899438 CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - +1300475167.099816 CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - +1300475167.096535 CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - +1300475170.862384 Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - +1300475171.677081 CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.117362 CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - +1300475173.153679 CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - +1300475167.097012 C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - +1300475173.116749 CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - +1300475171.675372 CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - +#close 2019-07-31-23-54-16 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log index 614a90a0f7..336c8ab55f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log @@ -3,13 +3,13 @@ #empty_field (empty) #unset_field - #path conn -#open 2019-04-17-21-00-04 +#open 2019-07-31-22-25-32 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1254722767.492060 CHhAvVGS1DHFjwGM9 10.10.1.4 56166 10.10.1.1 53 udp dns 0.034025 34 100 SF - - 0 Dd 1 62 1 128 - 1254722776.690444 C4J4Th3PJpwUYZZ6gc 10.10.1.20 138 10.10.1.255 138 udp - - - - S0 - - 0 D 1 229 0 0 - 1254722767.529046 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 tcp - 0.346950 0 0 S1 - - 0 Sh 1 48 1 48 - 1437831776.764391 CtPZjS20MLrsMUOJi2 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH - - 0 Da 1 93 1 52 - -1437831787.856895 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 tcp - 0.048043 162 154 S1 - - 154 ShDgA 3 192 1 60 - 1437831798.533765 CmES5u32sYpV7JYN 192.168.133.100 49336 74.125.71.189 443 tcp - - - - OTH - - 0 A 1 52 0 0 - -#close 2019-04-17-21-00-04 +1437831787.856895 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 tcp - 0.048043 162 154 S1 - - 154 ShDgA 3 192 1 60 - +#close 2019-07-31-22-25-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/dce_rpc.log b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/dce_rpc.log index a1187946e6..90c4b8e602 100644 --- a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/dce_rpc.log +++ b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/dce_rpc.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path dce_rpc -#open 2018-09-04-21-14-51 +#open 2019-07-31-20-23-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p rtt named_pipe endpoint operation #types time string addr port addr port interval string string string 1056991898.891148 CmES5u32sYpV7JYN 192.168.0.173 1066 192.168.0.2 135 0.000375 135 epmapper ept_map @@ -18,4 +18,4 @@ 1056991899.658670 CFLRIC3zaTU1loLGxh 192.168.0.173 1073 192.168.0.2 1032 0.001624 1032 exchange_mapi EcDoRpc 1056991899.660794 CFLRIC3zaTU1loLGxh 192.168.0.173 1073 192.168.0.2 1032 0.003998 1032 exchange_mapi EcRRegisterPushNotification 1056991899.707516 CFLRIC3zaTU1loLGxh 192.168.0.173 1073 192.168.0.2 1032 0.003998 1032 exchange_mapi EcRRegisterPushNotification -#close 2018-09-04-21-14-51 +#close 2019-07-31-20-23-16 diff --git a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/ntlm.log b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/ntlm.log index 1731023dd6..982032366b 100644 --- a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/ntlm.log +++ b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/ntlm.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path ntlm -#open 2018-09-04-21-59-48 +#open 2019-07-31-20-23-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p username hostname domainname server_nb_computer_name server_dns_computer_name server_tree_name success #types time string addr port addr port string string string string string string bool -1056991898.900518 C37jN32gN3y3AZzyf6 192.168.0.173 1068 192.168.0.2 4997 ALeonard ALEONARD-XP CNAMIS SATURN - - - 1056991899.591337 CFLRIC3zaTU1loLGxh 192.168.0.173 1073 192.168.0.2 1032 ALeonard ALEONARD-XP CNAMIS SATURN - - - -#close 2018-09-04-21-59-48 +1056991898.900518 C37jN32gN3y3AZzyf6 192.168.0.173 1068 192.168.0.2 4997 ALeonard ALEONARD-XP CNAMIS SATURN - - - +#close 2019-07-31-20-23-16 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log index 362fb42ced..c8d0c3a526 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path conn -#open 2018-02-18-22-12-45 +#open 2019-07-31-20-23-20 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1348168976.546371 ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.010760 2109 3196 S1 - - 0 ShADad 7 2481 6 3516 - 1348168976.274919 CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 tcp ftp,gridftp,ssl 0.294743 4491 6659 SF - - 0 ShAdDaFf 22 5643 21 7759 - -#close 2018-02-18-22-12-45 +1348168976.546371 ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.010760 2109 3196 S1 - - 0 ShADad 7 2481 6 3516 - +#close 2019-07-31-20-23-21 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/notice.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/notice.log index 17e6b09237..5d5050b40a 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/notice.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/notice.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path notice -#open 2019-06-05-19-31-25 +#open 2019-07-31-20-23-20 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude #types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval string string string double double 1348168976.557131 ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 - - - tcp GridFTP::Data_Channel GridFTP data channel over threshold 2 bytes - 192.168.57.103 192.168.57.101 55968 - - Notice::ACTION_LOG 3600.000000 - - - - - -#close 2019-06-05-19-31-25 +#close 2019-07-31-20-23-21 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log index 1904e9eaa5..317fcbf400 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path ssl -#open 2017-12-21-02-27-54 +#open 2019-07-31-20-23-20 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string 1348168976.508038 CHhAvVGS1DHFjwGM9 192.168.57.103 60108 192.168.57.101 2811 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - F - - T FBtbj87tgpyeDSj31,F8TfgZ31c1dFu8Kt2k FVNYOh2BeQBb7MpCPe,FwjBou1e5DbpE0eOgk,FbYQmk4x4M4Bx3PZme CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid 1348168976.551422 ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 TLSv10 TLS_RSA_WITH_NULL_SHA - - F - - T F4SSqN31HDIrrH5Q8h,FJHp5Pf6VLQsRQK3,FHACqa3dX9BXRV2av,FNnDVT1NURRWeoLLN3 FFWYVj4BcvQb35WIaf,Fj16G835fnJgnVlKU6,FGONoc1Nj0Ka5zlxDa CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid -#close 2017-12-21-02-27-54 +#close 2019-07-31-20-23-21 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log index 294175f0be..a3bb018d4d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/x509.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path x509 -#open 2017-12-21-02-27-54 +#open 2019-07-31-20-23-20 #fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len #types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count 1348168976.510615 FBtbj87tgpyeDSj31 3 01 CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid 1348161979.000000 1379697979.000000 rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - - @@ -18,4 +18,4 @@ 1348168976.554445 FFWYVj4BcvQb35WIaf 3 36B07110 CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid 1348162941.000000 1348206441.000000 rsaEncryption sha1WithRSAEncryption rsa 512 65537 - - - - - - - 1348168976.554445 Fj16G835fnJgnVlKU6 3 02 CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid 1348162263.000000 1379698263.000000 rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - - - 1348168976.554445 FGONoc1Nj0Ka5zlxDa 3 EA83D17188B68E4D CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid 1348161502.000000 1505841502.000000 rsaEncryption sha1WithRSAEncryption rsa 1024 65537 - - - - - T - -#close 2017-12-21-02-27-54 +#close 2019-07-31-20-23-21 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13/ssl-out.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13/ssl-out.log index f363be0a53..062cf73aa9 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13/ssl-out.log +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13/ssl-out.log @@ -3,62 +3,62 @@ #empty_field (empty) #unset_field - #path ssl -#open 2019-06-03-04-33-19 +#open 2019-07-31-20-23-25 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string -1475791805.525848 ClEkJM2Vm5giqnMf4h 192.168.6.203 53227 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - - 1475791805.468951 CHhAvVGS1DHFjwGM9 192.168.6.203 53226 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - - -#close 2019-06-03-04-33-19 +1475791805.525848 ClEkJM2Vm5giqnMf4h 192.168.6.203 53227 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - - +#close 2019-07-31-20-23-25 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2019-06-03-04-33-20 +#open 2019-07-31-20-23-26 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string 1475794630.046060 CHhAvVGS1DHFjwGM9 192.168.6.203 53994 138.68.41.77 443 TLSv13-draft14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x25519 - F - - F - - - - - - 1475794635.195006 ClEkJM2Vm5giqnMf4h 192.168.6.203 53996 138.68.41.77 443 TLSv13-draft14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 x25519 - F - - T - - - - - - -#close 2019-06-03-04-33-20 +#close 2019-07-31-20-23-26 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2019-06-03-04-33-20 +#open 2019-07-31-20-23-26 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string 1475787575.867992 CHhAvVGS1DHFjwGM9 192.150.187.20 54980 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - - 1475787575.922474 ClEkJM2Vm5giqnMf4h 192.150.187.20 54982 52.32.149.186 443 - - - tls13.crypto.mozilla.org F protocol_version - F - - - - - - -#close 2019-06-03-04-33-20 +#close 2019-07-31-20-23-26 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2019-06-03-04-33-21 +#open 2019-07-31-20-23-27 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string 1475795116.906579 CHhAvVGS1DHFjwGM9 192.150.187.20 36778 138.68.41.77 443 TLSv13-draft16 TLS_CHACHA20_POLY1305_SHA256 secp384r1 - F unknown_ca - F - - - - - - 1475795124.328003 ClEkJM2Vm5giqnMf4h 192.150.187.20 36782 138.68.41.77 443 TLSv13-draft16 TLS_CHACHA20_POLY1305_SHA256 secp384r1 - F - - T - - - - - - -#close 2019-06-03-04-33-21 +#close 2019-07-31-20-23-27 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2019-06-03-04-33-22 +#open 2019-07-31-20-23-27 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string 1555610808.383902 CHhAvVGS1DHFjwGM9 192.168.178.80 54220 174.138.9.219 443 TLSv13 TLS_CHACHA20_POLY1305_SHA256 x25519 - T - - T - - - - - - -#close 2019-06-03-04-33-22 +#close 2019-07-31-20-23-27 #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path ssl -#open 2019-06-03-04-33-22 +#open 2019-07-31-20-23-27 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string 1556554523.016311 CHhAvVGS1DHFjwGM9 10.192.48.168 63564 64.233.185.139 443 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 - T - - T - - - - - - -#close 2019-06-03-04-33-22 +#close 2019-07-31-20-23-27 diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log index f6a43528ff..cc3dfb6fe6 100644 --- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log +++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log @@ -1034,19 +1034,19 @@ 1437831800.217854 filter_change_tracking 1437831800.217854 connection_state_remove - [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49285/tcp, resp_h=66.196.121.26, resp_p=5050/tcp], orig=[size=41, state=3, num_pkts=1, num_bytes_ip=93, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=0, state=3, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831776.764391, duration=0.343008, service={\x0a\x0a}, history=Da, uid=CUM0KZ3MLUfNB0cl11, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49655/tcp, resp_h=17.167.150.73, resp_p=443/tcp], orig=[size=2249, state=4, num_pkts=15, num_bytes_ip=2873, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=3653, state=4, num_pkts=13, num_bytes_ip=4185, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831799.461152, duration=0.756702, service={\x0aSSL\x0a}, history=ShADda, uid=C3eiCBGOLw3VtHfOj, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=[ts=1437831799.611764, uid=C3eiCBGOLw3VtHfOj, id=[orig_h=192.168.133.100, orig_p=49655/tcp, resp_h=17.167.150.73, resp_p=443/tcp], version_num=771, version=TLSv12, cipher=TLS_RSA_WITH_RC4_128_MD5, curve=, server_name=p31-keyvalueservice.icloud.com, session_id=, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=T, server_appdata=0, client_appdata=F, last_alert=, next_protocol=, analyzer_id=, established=T, logged=T, delay_tokens=, cert_chain=[[ts=1437831799.764576, fuid=F1vce92FT1oRjKI328, tx_hosts={\x0a\x0917.167.150.73\x0a}, rx_hosts={\x0a\x09192.168.133.100\x0a}, conn_uids={\x0aC3eiCBGOLw3VtHfOj\x0a}, source=SSL, depth=0, analyzers={\x0aMD5,\x0aSHA1,\x0aX509\x0a}, mime_type=application/x-x509-user-cert, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=1406, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=1bf9696d9f337805383427e88781d001, sha1=f5ccb1a724133607548b00d8eb402efca3076d58, sha256=, x509=[ts=1437831799.764576, id=F1vce92FT1oRjKI328, certificate=[version=3, serial=053FCE9BA6805B00, subject=C=US,ST=California,O=Apple Inc.,OU=management:idms.group.506364,CN=*.icloud.com, issuer=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, cn=*.icloud.com, not_valid_before=1424184331.0, not_valid_after=1489848331.0, key_alg=rsaEncryption, sig_alg=sha256WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=], handle=, extensions=[[name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.apple.com/ocsp04-appleistca2g101\x0a], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=8E:51:A1:0E:0A:9B:1C:04:F7:59:D3:69:2E:23:16:91:0E:AD:06:FB], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:D8:7A:94:44:7C:90:70:90:16:9E:DD:17:9C:01:44:03:86:D6:2A:29\x0a], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.2.840.113635.100.5.11.4\x0a User Notice:\x0a Explicit Text: Reliance on this certificate by any party assumes acceptance of any applicable terms and conditions of use and/or certification practice statements.\x0a CPS: http://www.apple.com/certificateauthority/rpa\x0a], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=\x0aFull Name:\x0a URI:http://crl.apple.com/appleistca2g1.crl\x0a], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Digital Signature, Key Encipherment], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:*.icloud.com]], san=[dns=[*.icloud.com], uri=, email=, ip=, other_fields=F], basic_constraints=[ca=F, path_len=]], extracted=, extracted_cutoff=, extracted_size=], [ts=1437831799.764576, fuid=Fxp53s3wA5G3zdEJg8, tx_hosts={\x0a\x0917.167.150.73\x0a}, rx_hosts={\x0a\x09192.168.133.100\x0a}, conn_uids={\x0aC3eiCBGOLw3VtHfOj\x0a}, source=SSL, depth=0, analyzers={\x0aMD5,\x0aSHA1,\x0aX509\x0a}, mime_type=application/x-x509-ca-cert, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=1092, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=48f0e38385112eeca5fc9ffd402eaecd, sha1=8e8321ca08b08e3726fe1d82996884eeb5f0d655, sha256=, x509=[ts=1437831799.764576, id=Fxp53s3wA5G3zdEJg8, certificate=[version=3, serial=023A74, subject=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, cn=Apple IST CA 2 - G1, not_valid_before=1402933322.0, not_valid_after=1653061322.0, key_alg=rsaEncryption, sig_alg=sha256WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=], handle=, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E\x0a], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=D8:7A:94:44:7C:90:70:90:16:9E:DD:17:9C:01:44:03:86:D6:2A:29], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=\x0aFull Name:\x0a URI:http://g.symcb.com/crls/gtglobal.crl\x0a], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://g.symcd.com\x0a], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.54\x0a CPS: http://www.geotrust.com/resources/cps\x0a]], san=, basic_constraints=[ca=T, path_len=0]], extracted=, extracted_cutoff=, extracted_size=]], cert_chain_fuids=[F1vce92FT1oRjKI328, Fxp53s3wA5G3zdEJg8], client_cert_chain=[], client_cert_chain_fuids=[], subject=C=US,ST=California,O=Apple Inc.,OU=management:idms.group.506364,CN=*.icloud.com, issuer=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, client_subject=, client_issuer=, server_depth=0, client_depth=0], http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1437831800.217854 connection_state_remove [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49153/tcp, resp_h=17.172.238.21, resp_p=5223/tcp], orig=[size=714, state=3, num_pkts=1, num_bytes_ip=766, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=0, state=3, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831799.262632, duration=0.147503, service={\x0a\x0a}, history=Da, uid=C37jN32gN3y3AZzyf6, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1437831800.217854 connection_state_remove - [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=17, num_bytes_ip=1865, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=10, num_bytes_ip=690, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.05732, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=[ts=1437831787.914113, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=2, helo=[192.168.133.100], mailfrom=, rcptto=, date=, from=, to=, cc=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[192.168.133.102, 192.168.133.100], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=1, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49285/tcp, resp_h=66.196.121.26, resp_p=5050/tcp], orig=[size=41, state=3, num_pkts=1, num_bytes_ip=93, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=0, state=3, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831776.764391, duration=0.343008, service={\x0a\x0a}, history=Da, uid=CUM0KZ3MLUfNB0cl11, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1437831800.217854 connection_state_remove [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49336/tcp, resp_h=74.125.71.189, resp_p=443/tcp], orig=[size=0, state=3, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=3, num_pkts=3, num_bytes_ip=411, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831798.533593, duration=0.000221, service={\x0a\x0a}, history=^dtA, uid=CP5puj4I8PtEU4qzYg, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1437831800.217854 connection_state_remove - [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49655/tcp, resp_h=17.167.150.73, resp_p=443/tcp], orig=[size=2249, state=4, num_pkts=15, num_bytes_ip=2873, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=3653, state=4, num_pkts=13, num_bytes_ip=4185, flow_label=0, l2_addr=cc:b2:55:f4:62:92], start_time=1437831799.461152, duration=0.756702, service={\x0aSSL\x0a}, history=ShADda, uid=C3eiCBGOLw3VtHfOj, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=[ts=1437831799.611764, uid=C3eiCBGOLw3VtHfOj, id=[orig_h=192.168.133.100, orig_p=49655/tcp, resp_h=17.167.150.73, resp_p=443/tcp], version_num=771, version=TLSv12, cipher=TLS_RSA_WITH_RC4_128_MD5, curve=, server_name=p31-keyvalueservice.icloud.com, session_id=, resumed=F, client_ticket_empty_session_seen=F, client_key_exchange_seen=T, server_appdata=0, client_appdata=F, last_alert=, next_protocol=, analyzer_id=, established=T, logged=T, delay_tokens=, cert_chain=[[ts=1437831799.764576, fuid=F1vce92FT1oRjKI328, tx_hosts={\x0a\x0917.167.150.73\x0a}, rx_hosts={\x0a\x09192.168.133.100\x0a}, conn_uids={\x0aC3eiCBGOLw3VtHfOj\x0a}, source=SSL, depth=0, analyzers={\x0aMD5,\x0aSHA1,\x0aX509\x0a}, mime_type=application/x-x509-user-cert, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=1406, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=1bf9696d9f337805383427e88781d001, sha1=f5ccb1a724133607548b00d8eb402efca3076d58, sha256=, x509=[ts=1437831799.764576, id=F1vce92FT1oRjKI328, certificate=[version=3, serial=053FCE9BA6805B00, subject=C=US,ST=California,O=Apple Inc.,OU=management:idms.group.506364,CN=*.icloud.com, issuer=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, cn=*.icloud.com, not_valid_before=1424184331.0, not_valid_after=1489848331.0, key_alg=rsaEncryption, sig_alg=sha256WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=], handle=, extensions=[[name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://ocsp.apple.com/ocsp04-appleistca2g101\x0a], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=8E:51:A1:0E:0A:9B:1C:04:F7:59:D3:69:2E:23:16:91:0E:AD:06:FB], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:FALSE], [name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:D8:7A:94:44:7C:90:70:90:16:9E:DD:17:9C:01:44:03:86:D6:2A:29\x0a], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 1.2.840.113635.100.5.11.4\x0a User Notice:\x0a Explicit Text: Reliance on this certificate by any party assumes acceptance of any applicable terms and conditions of use and/or certification practice statements.\x0a CPS: http://www.apple.com/certificateauthority/rpa\x0a], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=\x0aFull Name:\x0a URI:http://crl.apple.com/appleistca2g1.crl\x0a], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Digital Signature, Key Encipherment], [name=X509v3 Extended Key Usage, short_name=extendedKeyUsage, oid=2.5.29.37, critical=F, value=TLS Web Server Authentication, TLS Web Client Authentication], [name=X509v3 Subject Alternative Name, short_name=subjectAltName, oid=2.5.29.17, critical=F, value=DNS:*.icloud.com]], san=[dns=[*.icloud.com], uri=, email=, ip=, other_fields=F], basic_constraints=[ca=F, path_len=]], extracted=, extracted_cutoff=, extracted_size=], [ts=1437831799.764576, fuid=Fxp53s3wA5G3zdEJg8, tx_hosts={\x0a\x0917.167.150.73\x0a}, rx_hosts={\x0a\x09192.168.133.100\x0a}, conn_uids={\x0aC3eiCBGOLw3VtHfOj\x0a}, source=SSL, depth=0, analyzers={\x0aMD5,\x0aSHA1,\x0aX509\x0a}, mime_type=application/x-x509-ca-cert, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=1092, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=48f0e38385112eeca5fc9ffd402eaecd, sha1=8e8321ca08b08e3726fe1d82996884eeb5f0d655, sha256=, x509=[ts=1437831799.764576, id=Fxp53s3wA5G3zdEJg8, certificate=[version=3, serial=023A74, subject=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, issuer=CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US, cn=Apple IST CA 2 - G1, not_valid_before=1402933322.0, not_valid_after=1653061322.0, key_alg=rsaEncryption, sig_alg=sha256WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=], handle=, extensions=[[name=X509v3 Authority Key Identifier, short_name=authorityKeyIdentifier, oid=2.5.29.35, critical=F, value=keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E\x0a], [name=X509v3 Subject Key Identifier, short_name=subjectKeyIdentifier, oid=2.5.29.14, critical=F, value=D8:7A:94:44:7C:90:70:90:16:9E:DD:17:9C:01:44:03:86:D6:2A:29], [name=X509v3 Basic Constraints, short_name=basicConstraints, oid=2.5.29.19, critical=T, value=CA:TRUE, pathlen:0], [name=X509v3 Key Usage, short_name=keyUsage, oid=2.5.29.15, critical=T, value=Certificate Sign, CRL Sign], [name=X509v3 CRL Distribution Points, short_name=crlDistributionPoints, oid=2.5.29.31, critical=F, value=\x0aFull Name:\x0a URI:http://g.symcb.com/crls/gtglobal.crl\x0a], [name=Authority Information Access, short_name=authorityInfoAccess, oid=1.3.6.1.5.5.7.1.1, critical=F, value=OCSP - URI:http://g.symcd.com\x0a], [name=X509v3 Certificate Policies, short_name=certificatePolicies, oid=2.5.29.32, critical=F, value=Policy: 2.16.840.1.113733.1.7.54\x0a CPS: http://www.geotrust.com/resources/cps\x0a]], san=, basic_constraints=[ca=T, path_len=0]], extracted=, extracted_cutoff=, extracted_size=]], cert_chain_fuids=[F1vce92FT1oRjKI328, Fxp53s3wA5G3zdEJg8], client_cert_chain=[], client_cert_chain_fuids=[], subject=C=US,ST=California,O=Apple Inc.,OU=management:idms.group.506364,CN=*.icloud.com, issuer=C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1, client_subject=, client_issuer=, server_depth=0, client_depth=0], http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=17, num_bytes_ip=1865, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=10, num_bytes_ip=690, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=1437831787.856895, duration=0.05732, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=[ts=1437831787.914113, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=2, helo=[192.168.133.100], mailfrom=, rcptto=, date=, from=, to=, cc=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[192.168.133.102, 192.168.133.100], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=1, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] 1437831800.217854 zeek_done 1437831800.217854 ChecksumOffloading::check diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn1.log b/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn1.log index 3d415916f2..70501342b7 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn1.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn1.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2018-01-12-21-44-59 +#open 2019-08-01-00-38-59 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - 00:13:7f:be:8c:ff 00:e0:db:01:cf:4b -1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - 00:17:f2:d7:cf:65 01:00:5e:00:00:fb -1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.857956 C0LAHyvtKSQHyJxIl 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.854378 CFLRIC3zaTU1loLGxh 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.892037 C9rXSW3KSpTYvPrlI1 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.854837 Ck51lg1bScffFj34Ri 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.853899 C9mvWx3ezztgzcexV7 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.893988 CNnMIj2QSd84NKf7U3 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - 00:16:76:23:d9:e3 01:00:5e:00:00:fb -1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - f0:4d:a2:47:ba:25 ff:ff:ff:ff:ff:ff -1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - 00:17:f2:d7:cf:65 33:33:00:00:00:fb -1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc -1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - 00:23:32:b6:0c:46 ff:ff:ff:ff:ff:ff -1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03 -1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - 00:30:48:bd:3e:c4 01:00:5e:00:00:fb -1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc -1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03 -1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff -#close 2018-01-12-21-44-59 +1300475168.902195 CtxTCR2Yer0FR1tIBg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.901749 CpmdRlaUoJLN3uIRa 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.891644 C1Xkzz2MaGtLrc1Tla 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.858713 CqlVyW1YwZ15RhTBc4 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.892414 CLNN1k2QMum1aexUK7 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475168.858306 CBA8792iHmnhPLksKa 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff +1300475169.899438 CGLPPc35OzDQij1XX8 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - 00:16:76:23:d9:e3 01:00:5e:00:00:fb +1300475167.099816 CiyBAq1bBLNaTiTAc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - 00:17:f2:d7:cf:65 01:00:5e:00:00:fb +1300475167.096535 CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - 00:30:48:bd:3e:c4 01:00:5e:00:00:fb +1300475170.862384 Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - f0:4d:a2:47:ba:25 ff:ff:ff:ff:ff:ff +1300475171.677081 CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc +1300475173.117362 CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc +1300475173.153679 CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - 00:23:32:b6:0c:46 ff:ff:ff:ff:ff:ff +1300475167.097012 C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - 00:17:f2:d7:cf:65 33:33:00:00:00:fb +1300475173.116749 CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03 +1300475171.675372 CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03 +#close 2019-08-01-00-38-59 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn2.log b/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn2.log index 0cfe1b9e4e..1f424572a5 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn2.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn2.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path conn -#open 2018-01-12-21-45-00 +#open 2019-08-01-00-38-59 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string 1439902891.705224 CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp - 0.041654 35 128 SF - - 0 Dd 1 63 1 156 - 90:72:40:97:b6:f5 44:2b:03:aa:ab:8d 1439903050.580632 ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 328 0 0 - a4:67:06:f7:ec:54 33:33:00:00:00:fb -#close 2018-01-12-21-45-00 +#close 2019-08-01-00-38-59 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn3.log b/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn3.log index b738f14754..fcf1e66e9d 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn3.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn3.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2018-01-12-21-45-00 +#open 2019-08-01-00-39-00 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string 826191058.128321 CHhAvVGS1DHFjwGM9 128.3.140.132 2035 194.140.136.34 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 - - - @@ -1339,4 +1339,4 @@ 826277279.235554 CBP3Hu4RKc79x58Y2 128.3.140.132 2035 194.140.136.34 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 - - - 826277339.221727 CUbAnm2k9C1iEtTmgd 128.3.140.132 2035 194.140.136.34 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 - - - 826277399.202051 CkWokd3nscpygp5lIc 128.3.140.132 2035 194.140.136.34 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 - - - -#close 2018-01-12-21-45-00 +#close 2019-08-01-00-39-00