diff --git a/CHANGES b/CHANGES index f9ac57c639..91844488e5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +6.0.0-dev.421 | 2023-04-25 12:39:01 +0200 + + * Given the -C flag, set script-layer ignore_checksums to true. (Christian Kreibich, Corelight) + + * Remove references to bro_broker in broker/Manager.h (Tim Wojtulewicz, Corelight) + 6.0.0-dev.416 | 2023-04-24 18:22:27 +0200 * Add irc_dcc_send_ack event and fix missing fields (Fupeng Zhao) diff --git a/NEWS b/NEWS index 4bc028a35b..e5f1d11595 100644 --- a/NEWS +++ b/NEWS @@ -277,6 +277,9 @@ Changed Functionality - The IRC base script now use ``file_sniff()`` instead of ``file_new()`` for DCC file transfers to capture ``fuid`` and inferred MIME type in irc.log. +- The ``ignore_checksums`` script variable now reflects the correct value + when using the ``-C`` command-line flag. + Removed Functionality --------------------- diff --git a/VERSION b/VERSION index 5fcaf60db0..4efeadb6c4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.0.0-dev.416 +6.0.0-dev.421 diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index 7b2878653f..768d4b7e7e 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -1010,6 +1010,17 @@ SetupResult setup(int argc, char** argv, Options* zopts) exit(0); } + if ( options.ignore_checksums ) + { + const auto& id = global_scope()->Find("ignore_checksums"); + + if ( ! id ) + reporter->InternalError("global ignore_checksums not defined"); + + id->SetVal(zeek::val_mgr->True()); + ignore_checksums = 1; + } + // Print the ID. if ( options.identifier_to_print ) { @@ -1082,9 +1093,6 @@ SetupResult setup(int argc, char** argv, Options* zopts) g_frame_stack.pop_back(); } - if ( options.ignore_checksums ) - ignore_checksums = 1; - if ( zeek_script_loaded ) { // Queue events reporting loaded scripts. diff --git a/testing/btest/Baseline/core.checksums-cli/out1 b/testing/btest/Baseline/core.checksums-cli/out1 new file mode 100644 index 0000000000..b68c9bcfe6 --- /dev/null +++ b/testing/btest/Baseline/core.checksums-cli/out1 @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +F +bad_IP_checksum diff --git a/testing/btest/Baseline/core.checksums-cli/out2 b/testing/btest/Baseline/core.checksums-cli/out2 new file mode 100644 index 0000000000..e7b1915adb --- /dev/null +++ b/testing/btest/Baseline/core.checksums-cli/out2 @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +T diff --git a/testing/btest/Baseline/core.checksums-cli/out3 b/testing/btest/Baseline/core.checksums-cli/out3 new file mode 100644 index 0000000000..e7b1915adb --- /dev/null +++ b/testing/btest/Baseline/core.checksums-cli/out3 @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +T diff --git a/testing/btest/Baseline/core.checksums-cli/out4 b/testing/btest/Baseline/core.checksums-cli/out4 new file mode 100644 index 0000000000..e7b1915adb --- /dev/null +++ b/testing/btest/Baseline/core.checksums-cli/out4 @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +T diff --git a/testing/btest/Baseline/core.checksums-cli/out5 b/testing/btest/Baseline/core.checksums-cli/out5 new file mode 100644 index 0000000000..e7b1915adb --- /dev/null +++ b/testing/btest/Baseline/core.checksums-cli/out5 @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +T diff --git a/testing/btest/Baseline/core.checksums-cli/out6 b/testing/btest/Baseline/core.checksums-cli/out6 new file mode 100644 index 0000000000..e7b1915adb --- /dev/null +++ b/testing/btest/Baseline/core.checksums-cli/out6 @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +T diff --git a/testing/btest/Baseline/core.checksums-cli/out7 b/testing/btest/Baseline/core.checksums-cli/out7 new file mode 100644 index 0000000000..bfcea37423 --- /dev/null +++ b/testing/btest/Baseline/core.checksums-cli/out7 @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +ignore_checksums : bool = T &redef diff --git a/testing/btest/core/checksums-cli.test b/testing/btest/core/checksums-cli.test new file mode 100644 index 0000000000..705addbf22 --- /dev/null +++ b/testing/btest/core/checksums-cli.test @@ -0,0 +1,43 @@ +# This verifies the interaction between the -C flag and the script-layer +# ignore_checksums global. +# +# Normal use: checksums not ignored, weird-event triggers +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-bad-chksum.pcap %INPUT >out1 +# @TEST-EXEC: btest-diff out1 +# +# Redef to T works: checksums now ignored, no weird-event. +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-bad-chksum.pcap %INPUT ignore_checksums=T >out2 +# @TEST-EXEC: btest-diff out2 +# +# "-C" leads to ignore_checksum = T. +# @TEST-EXEC: zeek -C -b -r $TRACES/chksums/ip4-bad-chksum.pcap %INPUT >out3 +# @TEST-EXEC: btest-diff out3 +# +# "-C" has final say over CLI-based redef. +# @TEST-EXEC: zeek -C -b -r $TRACES/chksums/ip4-bad-chksum.pcap %INPUT ignore_checksums=F >out4 +# @TEST-EXEC: btest-diff out4 +# +# "-C" applies before global statements, including those given at CLI. +# @TEST-EXEC: zeek -C -e 'print ignore_checksums' >out5 +# @TEST-EXEC: btest-diff out5 +# +# "-C" applies after declarations, including those given at the CLI. +# @TEST-EXEC: zeek -C -e 'redef ignore_checksums=F' %INPUT >out6 +# @TEST-EXEC: btest-diff out6 +# +# "-C" applies before the print-id feature. +# @TEST-EXEC: zeek -C -I ignore_checksums >out7 +# @TEST-EXEC: btest-diff out7 + +@load base/frameworks/notice/weird + +event zeek_init() + { + print ignore_checksums; + } + +event flow_weird(name: string, src: addr, dst: addr, addl: string, source: string) + { + if ( name == "bad_IP_checksum" ) + print name; + }